Annual Report of the Privacy Commissioner for the year ended 30 June 2007. The Report was tabled on 28 November 2007.
View the full Annual Report (PDF file 138 pages).
- Government information matching continues to expand. There are currently 76 authorised programmes. The 46 programmes that were operating during 2006/07 involved tens of millions of personal records.
- Over $45 million was recovered through information matching programmes in 2006/07.
- While most information matching programmes operated satisfactorily, the Office has ongoing concerns at the margin about the operation of a small number of programmes. Those concerns centre on the quality of the matching process and its impact upon innocent individuals. For more information see Section Five, p35.
- The Office received 640 privacy complaints during 2006/07. About two-thirds of those complaints were about access to personal information or disclosure of personal information.
- Of the 701 complaints closed in 2006/07, 75% (524) were successfully settled without needing to proceed to a final opinion.
- The Office is achieving a faster turnaround on complaints, with the average "age" of complaints dropping.
- The Office received over 6000 telephone and email enquiries during 2006/07. Topics of enquiry ranged widely, and included the use of driver's licence and passport identification details, fingerprint scanning, website privacy statements and insurance companies' rights to access medical records.
- The Office ran New Zealand's inaugural Privacy Awareness Week in late August 2007. Simultaneous events ran in Australia and Hong Kong, with the common theme "Privacy Is Your Business".
- Privacy breach notification guidelines were issued during Privacy Awareness Week. The voluntary guidelines are to help businesses and government organisations to take the right steps after a privacy breach, including notifying people if their personal information has been stolen, lost or mistakenly disclosed.
- Commenting on policy and legislative proposals and assessing possible privacy impacts is a major work stream for the Office. The Office successfully dealt with 228 legal and policy related projects during the year.
- The Law Commission began an extensive review of privacy in October 2006. The review is being conducted in four stages over several years. Part of the Law Commission's work programme for 2008 includes reviewing the Privacy Act 1993.
Our data revolution
Respect for the handling of people's personal information is fast becoming a key measure for responsible business and government.
We are in the midst of a data revolution. We can send information globally with the tap of a key - and we do. There is no longer a time or cost barrier in copying data and distributing information widely. If we want to share, we can. We are data rich. Pressures of business efficiency mean that processing data is a competitive field, where there is an advantage to be gained by being cheaper, faster or more convenient. Outsourcing data processing to companies overseas is not only feasible, but for business reasons it may be preferable.
Individuals are increasingly aware of and want to control how their information is handled. This is against a background of a flood tide of information being collected or provided, procured and used. Current examples of the 'information world' include: Facebook; Bebo; Myspace; the Motor Vehicle Register; the register of births, deaths and marriages; professional hacking and information stealing; loss and exposure of information on a grand scale; border control finger-print and retina scans.
There has been a phenomenal growth in both the number and range of data matching programmes being conducted by government. And yet I suspect few New Zealanders are aware of that escalation. Apart from the simple increase in the number of matches, and the range of agencies involved in matching work, there are matches that involve data being sent offshore. And businesses carry out data matches too. The size and scale of the private sector matching activity is unknown, because there is no monitoring of those programmes or record of their number. So data matching has gone global; and we have all become electronic citizens.
...data matching has gone global; and we have all become electronic citizens.
Transborder data flows raise real challenges to the reach of national laws.
There is a growing awareness that domestic legislation is not enough. Simply put - we don't have much chance of enforcing the good information handling provisions in our Privacy Act in those instances where data is sent overseas by a New Zealand agency.
We have had some complaints to our office involving cross-border issues and, in practice, there have been agreements reached between the disputing parties. But we would have far greater confidence if cross-border issues arose in a country with broadly similar protections such as Australia - with whom we have recently reached a memorandum of understanding covering the management of cross-border privacy complaints, possible joint investigations and cooperation on privacy issues.1 However, the current situation does not leave us in a strong position legally, and is probably not sustainable.
One of the effects of a revolution in personal data is the growth in "privacy pollution".
One of the effects of a revolution in personal data is the growth in "privacy pollution". Privacy pollution accumulates, is pervasive and hard to avoid. Privacy pollution has some similarity to air pollution: small blots of contamination build to form blankets of smog. In themselves, they are relatively minor - specks of soot or puffs of smoke - but in combination the effect can be overpowering. Like environmental contaminants, privacy breaches run from annoyances like direct marketing calls, across to serious and even criminal actions, like identity fraud.
We leave traces of ourselves everywhere we go
The second key feature of privacy pollution is its pervasive nature. We are unwittingly captured each day on CCTV in the supermarket, at the petrol station, in the video shop, on the street and at the bank. We leave traces of ourselves everywhere we go, work, shop or live - travel, entertainment, hospital and GP, the internet, telephone and government records to name but a few. Our transactions are recorded, stored and shared. Our behaviour is silently recorded on camera. We no longer simply buy products - we demonstrate "purchasing patterns". Twenty years ago, my supermarket did not know what brand of toothpaste I bought unless someone stood by the checkout. Now, all my prior purchases are available to them (and me) electronically.
A third characteristic of privacy pollution is that there is unlikely to be an immediate legal remedy. The Privacy Act may not provide much comfort when the activity is generalised, such as street surveillance, or is done in accordance with specific statutory authority, such as the universal ID cards issued to all citizens of some countries. Certainly there may be instances where people can remove themselves from a mailing list or opt not to provide additional personal details, or choose not to spend time in a CCTV area but, often, there will be little realistic alternative.
These tiny but insidious measures combine together to shape our behaviour. We must strive to find some way not only of limiting the impact that this has on each of us, but also to find spaces in which we can be free.
The overall effect is that these tiny but insidious measures combine together to shape our behaviour. Together, they contribute to a climate where private space, thoughts and choices are encroached upon and subtly eroded. We must strive to find some way not only of limiting the impact that this has on each of us, but also to find spaces in which we can be free.
American law professor and academic Walter Gellhorn recognised back in the 1950s,
at the height of the Cold War, the temptation to disregard the freedom we already enjoy and to approach casually the risks of incursions. He said:2
The trouble is that small restrictions accumulate into large restrictions and, in the process, may become as habitual as, before, freedom was.
I note two general developments in relation to this.
One is an international trend toward the use of citizen identity cards. Identity cards are being introduced in many countries throughout Europe. In China, there have been concerns raised about the extremely wide-ranging information stored on ID cards. One report, for instance, noted that data on the chip will include not only the citizen's name and address, but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord's phone number. Even personal reproductive history will be included for enforcement of China's controversial "one child" policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card. Closer to home, Australia is introducing a health and social services access card.
A second initiative is the development of DNA databanks.
In the United Kingdom, The Times newspaper reported recently that some British police forces are seeking increased powers to take DNA samples. The proposal includes police being able to take DNA samples from people for non-imprisonable offences, such as speeding and dropping litter. It is good to find that the Association of Chief Police Officers warned that allowing police to take DNA samples in those instances might be seen as demonstrating the "increasing criminalisation of the generally law-abiding public".3
The Times also reported that already:
"There are almost four million samples on the DNA database, including more than 100 of children aged under 10, even though they have not attained the age of criminal responsibility. A further 883,888 records of children aged between 10 and 17, and 46 records of people aged over 90, are held on the database, which costs more than £300 million."
The British Home Office consultation paper noted those asking for the change saw it as "a means of increasing officer confidence in knowing who they are dealing with and enabling them to deal more effectively with the incident at the scene".
British public and watchdog disquiet is growing. The Human Genetics Commission announced it will be conducting the first public inquiry into the DNA database. Speaking as chairperson of the Commission, Baroness Kennedy, QC, noted that the database has "a preponderance of young men, with a third of black males currently on it. And anyone on it is there for life".
Both citizen ID cards and DNA databanks have provoked genuine and vigorous debate. How do we neutralise the invasive and concerning aspects of these projects without losing the claimed benefits? Individuals must be aware, make choices and retain control wherever they can. Where they cannot, privacy commissioners and governments have to watch, monitor and control.
Individuals must be aware, make choices and retain control wherever they can. Where they cannot, privacy commissioners and governments have to watch, monitor and control.
I do not profess to hold the answers to these complex issues. Both citizen awareness and watchdog activity will assist. But I am convinced that efforts must be made and that international cooperation is part of the solution. We must consider supra-national and cross-border initiatives.
Privacy Awareness Week
The Awareness Week successfully met one of our key goals - to communicate and raise awareness about privacy and personal information issues and risks, and how these can be countered.
Early in 2007, the Privacy Commissioners of New Zealand, Australia and Hong Kong agreed to run a Privacy Awareness Week (PAW) simultaneously across the region in the last week of August 2007, with the multi-layered theme "Privacy Is Your Business". PAW was a success for the Office, and I look forward to a repeat in 2008. PAW activities are outlined later in this report.
A key initiative during Privacy Awareness Week was the announcement of voluntary guidelines to assist business and government to take the right steps in the event of a privacy breach.
The guidelines include notifying people if their personal information has been stolen, lost or mistakenly disclosed. "Breach notification" is a new and mandatory requirement in many overseas jurisdictions and guidance will help organisations take measures to minimise the impact on customers and clients. The draft guidelines were well-received by business and media.
Where to from here?
Complaints to the Office are trending downward in number. I regard this as a positive development. Consequently, more resource may be able to be devoted to 'growth' areas such as technology monitoring and advice, government data matching and communications.
The Office is also currently involved in the Law Commission's review of privacy. This major project has wide-ranging terms of reference and will continue through the next reporting period and beyond. Among other things, the Law Commission will be reviewing the Privacy Act. I look forward to assisting the Commission's work as far as possible and will continue to follow the project with great interest.
Privacy is a notion that we associate with the individual but, evermore, I am becoming conscious that society too, has an interest in privacy. Legal academic Daniel Solove says:4
"Privacy, then, is not the trumpeting of the individual against society's interests but the protection of the individual based on society's own norms and practices."
When the quality of our personal - and public - space is diminished, we are all the poorer.
1 Memorandum of Understanding between the Office of the Australian Privacy Commissioner and the Office of the New Zealand Privacy Commissioner,
2 Walter Gellhorn Individual Freedom and Governmental Restraints (Baton Rouge, Louisiana State University Press, 1956) 39-40.
3 Richard Ford, "Police want DNA from speeding drivers and litterbugs on database" The Times, 2 August, 2007 (www.timesonline.co.uk/tol/news/uk/crime/article2183105.ece?print=yes&randnum...).
4 Daniel J Solove "'I've got nothing to hide' and other misunderstandings of privacy" (2007) 44 San Diego Law Review, 15. Available at SSRN: http://ssrn.com/