Privacy Commissioner has slammed Social Development data collection plans as too intrusive
Social Development Minister Anne Tolley has lambasted her officials and referred a near major privacy breach to her chief executive as an "employment matter".
She would not be drawn on whether she thought anyone should lose their job, after it emerged an IT system designed to hold highly sensitive, personal information, allowed organisations to access the client data of other organisations.
But she said she was "furious" that the breach could have occurred, and it comes at a sensitive time as she attempts to push through a policy to force non-government organisations (NGOs) to hand over personalised data of their clients, in order to be eligible for Government funding.
The Privacy Commissioner today rejected the plan - a day after Tolley was forced to send officials back to the drawing board to ready a brand new IT system, to cope with the change.
He described the Government plans to capture the individual and personal data of vulnerable clients as "excessive and unnecessary", and it could have serious and unintended consequences.
* Individuals may choose to stay away from seeking help at all, which could leading to worse outcomes for individuals and society as a whole;
* Individuals may choose to provide incorrect information in order to preserve their privacy – leading to inaccurate or useless data for analysis, or;
* NGOs may allow clients who were reluctant to have sensitive information given to MSD, access services without providing their personal information - that could risk the organisation's long-term viability, and see clients falling through the cracks.
"No NGO receives government funding as of right, and it is not only legitimate but important that Government takes steps to ensure the efficacy of any programme it funds. It needs good information in order to do so," Edwards said.
But the report found "insufficient consideration" had been given to the scope of unintended consequences that could occur as a result of the policy change.
Little or no thought had been given to developing possible alternative means to achieve the Government's aims without risking those consequences.
"There is a real risk that the new arrangement will deter some people who are most in need from seeking support or assistance," said Edwards.
"Not only could that put those people at further risk, and increase pressure on the NGOs, the ultimate result could be that those individuals become "invisible" to Government and policy makers."
Yesterday, Tolley revealed the ministry was forced to shut down its information sharing portal following a privacy breach. An error allowed one provider to view another provider's folder, but there was no data contained in the folder at the time.
Tolley said today that she understood the Privacy Commissioner's concerns around anonymised data.
"And if we were just looking at how effective the services are that would be sufficient, but of course, we're looking for coverage.
"We want to know that all the people that need the services are getting them, and for that we need to know who exactly is currently getting services."
But Tolley had - following discussions with the Commissioner - asked the ministry to investigate some for of exemption.
"To allow those NGOs - where someone is really concerned - to not give their data, and is going to walk away and not get those services, that there is an exemption regime that they can use."
A new IT solution would now be developed for the collection of individual client level data from non-governmental providers.
"To date, 136 providers have been invited to upload client level data into the DIA shared portal, only 10 providers have uploaded information so far," she said.
Tolley said she had asked officials for advice on the next steps, which would involve using a different IT platform "that will be robustly tested" and peer reviewed.
"It's vital clients and providers have confidence that their information is being protected. We will work with the Privacy Commissioner and the Government's Chief Information Officer to ensure we get this right."
Labour's social development spokeswoman Carmel Sepuloni said the commissioner's report was another "defeat" for the Government's data drive.
"The report confirms Labour's belief that those who are most in need of social services, such as Women's Refuge, Rape Crisis and Mental Health Services, may be deterred from seeking support.
"This could have considerable repercussions for individuals, and could result in many people missing the support they need," she said.
"The findings reinforce the concerns raised over the last few months by Labour, alongside social services, law experts, and the public."
Green Party spokeswoman Jan Logie said the Government needed to put an "immediate stop" to the plans.
"With the Privacy Commissioner and community groups like Rape Crisis and Budget Services coming out against this data intrusion, the Government must realise that it will not achieve its social objectives by overriding individuals rights to privacy."