View the full annual report (PDF file 124 pages).
- The Privacy Commissioner's 2006 public opinion survey found a strikingly high level of public concern about how businesses handle personal information. More than 80 percent of people surveyed pinpointed the internet and business as key privacy concerns.
- The Credit Reporting Privacy Code came into full effect on 1 April 2006, and has been well received by consumers, credit reporters and the financial sector.
- A new-look, simple-to-navigate website was launched www.privacy.org.nz. It includes plain English information on privacy rights and responsibilities, information about internet safety and a full text search engine.
- A total of 636 formal complaints were received during the 2005/06 year. The continuing downward trend of recent years seems to be the result of proactive handling of complaints by the Office's staff and more targeted privacy training. Telephone enquiries remained steady at around 6,000.
- The Office closed around 60 percent of new complaints during 2005/06, usually within six months of receipt. The backlog of old files continued to drop. Where parties were willing, the Office continued its policy of attempting to settle complaints,
- Problems with access to personal and health information continued to dominate, making up about 50 percent of complaints. Disclosure of personal or health information was the second most common complaint.
- The Office's three-person technology team completed its first full year of work. The team participated in e government work, established public and private sector information forums, and surveyed private and public sector website privacy notices.
- Legal and policy capacity within the Office was enhanced in the second half of the year, and a new position of Policy Adviser (Health) was established.
- The Office advised on the privacy implications of proposed legislation, policies and practices. Topics included counter terrorism, trans-border data sharing, use of biometric information, and proposals on access to court records.
- Media enquiries focussed on technology issues. Many speeches, presentations and education sessions on privacy issues were given in response to requests.
- Government information matching continued to expand. There were 40 programmes in operation during the 2005/06 financial year, compared with 36 in 2004/05. A further four new programmes were authorised by Parliament.
- There was a 45% increase in the number of government information matching programmes using online information transfer. These online programmes require special permission from the Privacy Commissioner.
A striking result of our 2006 public opinion survey on privacy was the high level of public concern about how businesses handle personal information. More than 80 percent of people pinpointed the internet and business as key privacy concerns. Ninety-three percent of those surveyed rated good personal information practices by businesses as more important than convenience, and as important as efficiency, product quality and service.
General concern about invasion of privacy rose (to) 56 percent in 2005/06, from 49 percent in the 2001 survey. Privacy now ranks sixth out of nine major issues tested. Public concern about privacy invasion now ranks ahead of unemployment, behind education, crime and violence, health, the environment and the economy.
Rapidly developing technology fuels public awareness and concern about privacy invasion. The way in which we lead our lives, and the ways in which government and business serve us, are increasingly influenced by or dependent on technology. For instance:
- an estimated one million New Zealand households have internet access
- industry sources estimate that there are about 3.8 million mobile phone connections in New Zealand
- the DNA profiles of more than 50,000 people are stored on the Police DNA databank
- requests for details of motor vehicle owners have grown from 2 million in 1998/99 to 10.8 million in 2005/06.
All kinds of organisations and businesses use advanced technology to collect, sort, store and trade our personal information, both to make our lives easier in dealing with them and also for their own use. It is no coincidence that the language of the computerised information world is increasingly strewn with metaphors - such as data mining, data banks and data warehousing - that are drawn from commerce. Mainly through the power of technology, our personal information is increasingly a tradeable commodity, with a real market value.
The day-to-day work of the Privacy Office in acting as a watchdog to protect personal information and to promote good practice has become increasingly focused on technology and science-driven issues.
On 1 April 2006 the Credit Reporting Privacy Code, developed by the Office, came into full effect. Credit reporting is a prime example of an industry that uses personal information for commercial purposes. The industry collects, holds and sells personal and credit related information about an estimated two million New Zealanders. The Credit Code now requires the industry to give individuals free access to their credit records and to limit information collected to that relating to credit. Credit reporters are obliged to ensure greater accuracy of information held and disclosed, and to increase controls on release and reduce misuse (eg. unauthorised release). The industry cooperated fully in our development of the code. The benefits are becoming clear - thousands of New Zealanders have used the new right to access credit information about themselves.
Our legal/policy staff have also continued to contribute to the development of government policy and legislation, especially involving the uses of technology. Examples this year included submissions on the SPAM (Unsolicited Electronic Messages) Bill, proposals on anti-money laundering and the financing of terrorism, and the Financial Transactions Reporting Act. The globalisation of information flows - for example for customs, immigration, passports and banking - has also generated work for the Office.
In its first full year, our three-person technology team actively participated in e-government development work, including the government logon service and all-of-government online identity authentication. The team established information forums for the public, business and government on data matching, and technology and privacy, and carried out a survey of private and public sector websites. The survey showed that only just over half of the websites had privacy notices. Two consumer-oriented guides, one on websites and personal information and the other on the safety of personal information on the internet, were produced. Among the issues the team dealt with were privacy aspects of digital rights management, CCTV use and guidelines for biometric technologies. Government information matching continues to expand, with 40 programmes operating during the 2005/06 financial year.
Internationally, good personal information handling is becoming a key part of globalised commerce. Cooperation amongst government and privacy authorities worldwide has produced a number of significant developments. The Asia Pacific Economic Cooperation (APEC) grouping approved an APEC privacy framework in November 2005 and our Office played a strong role in its development. Regional cooperation has been enhanced by the adoption by the expanded Asia Pacific Privacy Authorities forum (APPA) of a formal statement of objectives. These set out to improve standards, share knowledge and promote best practice. The International Privacy Commissioner Conference in late 2005 unanimously adopted a declaration about global coordination to enhance privacy objectives. Although these are first steps, they mark a new impetus for cooperation to advance privacy protection internationally, against a background of electronic cross-border information flows.
During the year the news media raised many technology related privacy issues. These included biometrics (such as finger scanning in the workplace), widespread use of CCTV, the potential for the sharing of health and DNA databases, internet blogs, skimming of EFTPOS terminals, the safety of home computers, covert filming and bugging, the use of public registers by direct marketers, proposals for a variety of new databases (eg. all children and all state housing tenants), the use of radio frequency identification devices (RFIDs), the transfer of New Zealanders' information overseas, checking of employee emails, the sale of CCTV footage, internet banking, a prostitutes' register, infant heel prick cards, tracking people via their mobile phones and credit reporting. This extensive list of topics reflects a broadening and welcome media awareness of privacy issues. I am pleased that the media are now playing a valuable part in telling the many developing privacy stories and alerting the public to risks. In March this year we were encouraged that our Privacy Issues Forum attracted overseas speakers, a more than full attendance, and significant media interest in the wide-ranging issues covered.
Our new website is now online. New material includes guidance for employers, a "your privacy" section and a special area where we offer help with common fears about internet safety, including email, web browsing and e-commerce.
Demand for our 0800 line has remained constant, with around 6,000 calls received this year and an increasing number of email enquiries.
Incoming written privacy complaints continued their steady (although slowing) decline to a total of 636 during the 2005/06 year. A combination of proactive handling by the enquiries and complaints teams - encouraging early action and self-resolution - and training of the staff of organisations complained about seems to be responsible for reducing numbers of formal complaints. The assessment and conciliation team in the Office now closes around 60 percent of new complaints, usually within six months of receipt. Problems with access to personal and health information continue to dominate, at 50 percent of complaints. The Office is targeting areas generating clusters of complaints and held 88 education seminars on these during the reporting period. Our backlog of old files also continues to drop, with complaints over 12 months falling from 248 at the end of June 2005, to 88 at the end of June 2006.
Through the power of science and technology, what we formerly regarded as free or private space is increasingly being invaded. Who would have envisaged 20 years ago that our choices of food, clothing and books could be logged, monitored and used; our health information exchanged freely; or that our children would interact with the world via the internet? Our homes are no longer sacrosanct if we commit personal information to technology and the internet. It is within our power to benefit from and to control this, but we do need to be aware of the opportunities and risks.
A senior IT figure said some years ago "you have zero privacy anyway - get over it". Fortunately the news is not all bad. Business and government agencies, initially dazzled by the profit and efficiency potential of technology, are now increasingly alive to the privacy message. They are aware that responsible information management is needed to protect client and consumer loyalty and trust, and thus the ability to run a viable and profitable operation. That same senior IT figure is reported to have remarked this year, following his own personal information being disclosed, that privacy and security were now his top priority and that he now understood the consumer perspective.
A silent revolution has occurred in the way our personal information is handled. This revolution has the potential to be as far-reaching and pervasive in its effects as the invention of the printing press more than 500 years ago. We need to grasp this change, direct and use it. But we also need to protect our identities in the process, and value our information as much as do those who profit from it.