Misuse of information investigated by Authority

Press, 2 May 1985, Page 12

Misuse of information investigated by Authority

PA Wellington So you think you are a good credit risk ... There was a spot of trouble over the tele repayments a few years back, but nobody knows. Right? They just might. You see, there are more than 400 acts and regulations requiring people to supply information about themselves to government agencies. That is not to mention the little secrets people volunteer every day to their banks, insurance companies, rental firms, and shops. Stir all that up with a little computerised information processing and you have any number of complete strangers who could spill the beans on just about anything. Who collects this information, and who can reveal it, is being reviewed at the moment by the Information Authority, which will decide if present information collection powers are fair and reasonable. The authority will also say if the use made of the information is proper, and recommended ways to stop improper use. The authority has published a pamphlet looking at the issues of information collection, to help the public understand and participate in the review.

The booklet points out that the Government collects information for a lot of very good reasons — to see if people qualify for a benefit, to ensure public health and safety and to plan for future needs in health and education. However, the authority also says that changing technology has increased the possibility of misuse of information. “Until the age of the computer, with its potential to match and aggregate large amounts of data, the possibility of personal information held in one department being accessed by another was remote. “Today it would be possible to assemble extensive profiles of individuals and corporate bodies and their activities which could be used, unbeknown to them, to their disadvantage.” Because of this, the authority says it is important to set up criteria to control the development of Government systems that use personal information. How does the Government get all this information? These are for example: • The Post Office Act, 1959, which requires sellers of Television sets to advise the Post Office of the name and

address of the purchaser and the date of sale. • The Social Welfare Department, War Pensions Board, Accident Compensation Corporation, Government Life and a number of other agencies which can require medical referees’ reports and other information about applicants for benefits or life assurance. • The Customs regulations, 1968, which give powers to acquire details of sea and air passengers’ effects. • More than 150 separate powers of entry in the Statute Books which give officials of central, regional, and local Government the power to enter private property to obtain information. And of course the Social Welfare Department and the Inland Revenue Department both require detailed financial information and have extensive powers to get it. It’s not just Government agencies which can compel people to provide personal information. People wanting to get a loan or take out insurance have to answer questions about their income and lifestyles. No answers, no loans.

Privacy is not legally protected as such, the authority says, and outlines a “basic set of principles"

which have been developed in overseas studies. There should be no secret personal data record-keep-ing systems; individuals or organisations should be able to find out what information about them is on record and how it is used; and be able to stop information about them obtained for one purpose being used or made available for other purposes without their consent. Individuals or organisations should be able to correct, challenge, or amend information about them whether it be wrong or just unnecessary; and any organisation creating, maintaining, using, or disseminating records of personal data must assess the reliability of the data for their intended use and take reasonable precautions to prevent its misuse. The authority is also reviewing what happens to the information once the agency or organisation concerned has got its hands on it. Information will often be used for reasons quite different to what the subject agreed to, the authority says. An example of this is computer matching, where information from two files is compared to identify any overlap.

“There are several dangers to privacy involved in the use of computerised matching. First, information collected for one purpose (e.g. an application for a benefit) is made available for another purpose (e.g. an assessment of means for a bursary or education allowance). “Inaccurate conclusions can be drawn from a comparison of unrelated record systems. In some cases, matching the data may not be very reliable — it can only work efficiently where the information bases are similar.

“Finally, matching is essentially a random technique, initiated not because any person is suspected of misconduct but because his or her category is of interest to the Government.” The more people who handle personal information, the greater the threat to the person’s privacy, the authority says. For example, in a doctor’s surgery, one or two members of the doctor’s staff will learn something of the patient’s condition. In a hospital, the number of people “in the know” will be many times greater. Apart from the dangers of multiple handling, information is also often disclosed

to third parties, the authority says. For example, the Statistics Department has access to the Immigration Division’s arrival and departure cards for compilation of migration statistics. The Social Welfare Department monitors arrival and departures to prevent incorrect payment of benefits. The Inland Revenue Department has under its empowering statute right of access to immigration information about indivduals to enable it to collect tax arrears from visitors from overseas who have worked in New Zealand. The authority suggests adopting a series of safeguards to govern the collection and use of information including: Personal information should not be collected unnecessarily or unlawfully. The person who collects the information should tell the subject why it is being collected and who is going to be able to see it. The information should be used only for the purpose it was collected for unless the subject gives permission or the user of the information feels the use is necessary to prevent or lessen a threat to the life or health of the subject. Anyone using personal information should take reasonable steps to ensure that I the information is accurate, complete, and up-to-date. The authority’s booklet can be bought at Government bookshops. Anyone I wanting to comment on the I issue should write to the Information Authority by July 31.