Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Privacy Act 2020

This section allows an organisation to neither confirm nor deny the existence of information that has been requested.

In order for an organisation to rely on section 47, it must first be able to rely on one of the following grounds to refuse access to the information:

The organisation must then be satisfied that the interests protected by the refusal ground would likely be prejudiced if it confirmed or denied the existence of the information in question. In this way, only certain information can be subject to section 47 and it will only apply in very exceptional circumstances.

 

Privacy Act 2020 reference:

47. Decision to neither confirm nor deny personal information is held
(1) An agency may neither confirm nor deny that it holds the personal information, or some of the personal information, requested if the agency—
(a) is able to rely on section 49(1)(a)(i) or (d), 51, 52, or 53(c) to refuse to disclose the information or refuse to disclose the information if it existed; and
(b) is satisfied that the interest protected by any of those provisions would be likely to be prejudiced by the agency confirming whether or not it holds information about the requestor.
(2) The notice given under section 44(2)(d) must inform the requestor of the requestor’s right to make a complaint to the Commissioner in respect of the agency’s response.
 

Case notes

Case Note 0635 (Complainant alleged that SIS had disclosed inaccurate personal information about him)
Case note 284416 (SIS and GCSB access requests: section 32 [Privacy Act 1993] responses)

 

Further information

Doesn't this section contradict the purpose of principle 6 - the right to access? 

A fundamental part of principle 6 is the right of an individual to know whether or not an organisation holds information about them. A person cannot ensure that the information held about them is correct and used appropriately if they do not know whether or not an organisation holds such information. In this way, the Act ensures that organisations, public or private, are accountable to the individuals whose personal information they hold and use.

By necessity, section 47 overrides this fundamental right. Section 47 does, therefore, have the potential for misuse. However, the section only applies in very limited circumstances.

Can any organisation rely on section 47?

No. It is important that section 47 is used only in exceptional circumstances. To date, it has been raised only in relation to information held by the New Zealand Security Intelligence Service and, very occasionally, the Police.

In Australia and the United Kingdom, the regulatory bodies dealing with decisions made under their specific information privacy legislation take decisions to 'neither confirm nor deny' very seriously indeed. Most often, agencies seek to rely on the 'neither confirm nor deny' policy when protecting national security interests. For example, in Baker v Secretary of State for the Home Department [2001] UKHRR 1275, the UK Information Tribunal considered that the neither confirm nor deny policy was necessary in cases where secrecy was essential to the operations of an agency - in this case the Security Service - in order to safeguard national security. In Est v Department of Family Services & Aboriginal & Islander Affairs [1995] QICmr 20, the Queensland Information Commissioner held that the 'neither confirm nor deny' response should be reserved for use only where special circumstances make its use necessary and appropriate.

 

Return to the principle 6 page