Editorial: Agencies cavalier with data
Data-matching is an inescapable fact of modern life. When a society, rightly, takes upon itself the responsibility of looking after those unable to look after themselves, it has an equal responsibility to ensure citizens' generosity is not abused.
By matching the names of those newly admitted to prison with the names on its own database, ACC is able to ensure it is not paying earnings-related accident compensation to those incarcerated at Her Majesty's pleasure.
By supplying the Inland Revenue Department and the Ministry of Social Development with the names of people with outstanding fines, the Justice Department last year was able to track down more than 200,000 fines defaulters and recover more than $100 million.
And by matching births, deaths and marriage records with the names of those applying for passports, the Department of Internal Affairs is able to prevent foreign spies, criminals and pranksters from fraudulently gaining New Zealand passports.
All told, government agencies are involved in 54 data-matching programmes. The majority are carried out in accordance with the rules, but outgoing Privacy Commissioner Marie Shroff, whose office is responsible for vetting the programmes, reported last year that 22 were not. Of the breaches, some were "technical" in nature. For example, Immigration New Zealand had not "fully destroyed" information supplied to it by the Corrections Department, although there was little likelihood of the information being misused.
However, 10 breaches were what Ms Shroff described as "substantive" in nature. The malefactors included the ministries of justice, health and social development, Inland Revenue, the New Zealand Transport Agency and the Ministry of Business, Innovation and Employment.
The performance of the agencies which have technically breached the Privacy Act and/or their data-sharing agreements with other agencies is not satisfactory. The performance of those responsible for substantial breaches is even less so.
Data-matching is a contentious issue. The notion that information supplied to one branch of government for one purpose can be used by other branches for entirely different purposes, often without the knowledge of the person involved, runs counter to notions of privacy and individual liberty.
It is not that long ago that Parliament devoted long hours to debating the pros and cons of permitting data-matching at all. After much debate, politicians reluctantly accepted that the only way to safeguard the integrity of the health, welfare and ACC systems and New Zealand's borders was to permit data-sharing, but the quid pro quo for that agreement was that the data sharing would be conducted in a controlled manner in strict accordance with the rules.
The revelation that several agencies have adopted what can only be described as a careless or cavalier approach to the rules does not inspire confidence in the system. They need to be reminded of their responsibilities.
The Dominion Post