'Protecting Privacy in an Age of Joined-up Government Services'
25 November 2012
The end of the political year 2012 probably cannot come quickly enough for the Government.
Even though it remains comfortably ahead in the opinion polls, it would be the first to concede this has not been its best year.
Flush from its election victory last year – the most substantial by any party under MMP – the Government might reasonably have expected 2012 to be a year of consolidation, in which the economy began a clear recovery, and the start of a second term in which it was able to focus on its policy agenda, while a shell-shocked Opposition came to grips with its worst defeat since the mid 1990s, got used to its new leadership, and started to lay its plans for the future.
Instead, although the Opposition has still been ineffectual with continued unresolved leadership doubts, the Government has found itself bedevilled by the ongoing depth of the Global Financial Crisis, the slower than anticipated domestic recovery, including delays on the rebuilding of Christchurch; and, a series of domestic crises, largely around the issue of information gathering and the protection of individual rights.
First, there was the Bronwyn Pullar ACC affair which led to the resignation of the Minister and the chief executive, and a restructuring of the ACC Board.
Then there were the events surrounding the illegal activities of the GCSB in the Dotcom case, and subsequent allegations about more widespread illegal Police operations in other cases.
That was followed by the issues relating to the improper accessing of client data held by the Ministry of Social Development, and the recent highly critical report on the Ministry’s performance in that regard, leading even the Minister to describe her department’s kiosk operation as “atrocious”.
Now it appears the Education Ministry’s new teacher pay management system Novopay may also have fallen prey to privacy lapses.
And, finally, there have been the privacy lapses by my own department, Inland Revenue, which are in the realm of human error, rather than system failure.
While these are all separate cases, which even the most ardent conspiracy theorist would have difficulty linking, there are some common themes that I wish to explore this evening.
I do so, not in my Ministerial capacity, but as the leader of UnitedFuture, because of our clear liberal democratic commitment to upholding and protecting the rights of the individual, and also as someone who has had a long interest in individual privacy issues.
My starting point is a simple one: free societies like ours operate on the basis of mutual consent.
As citizens, we tolerate the authority of the state because we believe it will be exercised in our best interests.
When confidence in our institutions is diminished by their own actions, the cohesion of our society is eroded.
There has been an erosion of public confidence as a result of each of the cases I have referred to a Colmar Brunton poll released last weekend showed 60% of New Zealanders were uncomfortable with the way the Government handled their information.
The risk is that in a time of already heightened uncertainty, principally because of the international economic situation, such erosion could easily escalate into a general crisis of public confidence, unless the Government is extremely careful.
I spoke earlier of my long interest in the protection of individual privacy.
It goes back to the time when, amongst other portfolios, I held the position of Associate Justice Minister in the Palmer Labour Government.
In that role, I did a lot of work on privacy issues, and in Opposition after 1990 developed and introduced to Parliament what is apparently still the largest private member’s Bill – the Information Privacy Bill – which eventually became the Privacy Act we have today.
At the time, I described the Bill’s essential purposes as providing for the “better protection of the privacy of natural persons in relation to personal information collected, held or used by any agency,” and that there be “proper access by each person to official information relating to that purpose".
In the current context, those themes are as relevant today as they were over 20 years ago, even though the ways in which we gather, hold and use personal information have changed dramatically.
The growth, development and constant use of the Internet, and on-line technologies generally have changed our world completely in the last 20 years, and those trends will only accelerate.
Cyber-crime, identity theft, and the newspaper hacking of personal telephone accounts elements of the Murdoch press engaged in in Britain could not have been accurately quantified or imagined in the early 1990s.
At that time, our focus was much more on ensuring people’s personal details were not sold or passed on indiscriminately to direct mail agencies like Reader’s Digest!
The mainline computer systems of state agencies like the Inland Revenue Department and the Ministry of Social Development were in their infancy, and the nightmare that was to become the ill-fated Police INCIS system was yet to be developed.
Government computer services in the main referred to the Wanganui Computer Centre.
But while the world might have been simpler then, the principles that underpinned my original Privacy Bill and the government legislation that was to follow endure, and are actually more relevant in today’s environment than they were in 1991.
Every New Zealand resident – whether they be a Kim Dotcom , or even a convicted sex offender, let alone just an ordinary person going about their daily lives – has an absolute right to expect that the information held about them by government agencies will above all else, be accurate, and not misrepresented.
They further have a right to expect that such information will be used solely for the purposes for which it was originally collected, and that the agencies responsible will at all times act in a lawful and proper way regarding both the collection of personal information, and the uses to which it is put.
At the same time, people have a right to expect that the information held about them is secure, and, even allowing for human errors, that it will not generally be disseminated more broadly without their knowledge and consent.
But, there is another important aspect to this latter point.
The way in which people provide their information to the government has changed, as have public expectations.
Much information is now provided on-line, and there seems to be an implied acceptance that this often basic personal information – name, address, contact details, and the like – will be shared across government agencies.
Indeed, I find constituents are frequently frustrated when asked by a government agency for their personal details “because I have already provided those to such and such a department.”
They tend to see government as an already joined-up entity, and assume that when information is provided to one branch, it is available to all.
So, on the one hand, there is an expectation that government agencies will share basic personal information, but, on the other, there is a perfectly reasonable belief that adequate personal privacy protections will be in place and observed to prevent the misuse of such information.
A couple of issues arise from this.
First, while the principle of information sharing is accepted as a general rule, there are legitimate concerns about its scope and exercise in practice, and government agencies therefore have to be cautious in how they go about information sharing.
To just assume the public’s broad acceptance justifies broad approaches is simplistic and wrong, and clearly, as extreme examples like the Dotcom case show, can lead to an “ends justify the means” culture developing, which would be as dangerous for personal liberty, as it would be improper practice.
Arising from this is the question of accountability.
A political journalist writing in the Sunday Star Times recently observed sagely and tersely that “our law enforcement agencies have become more concerned with the enforcement and less about the law”.
While she was commenting about a particular case, the point she was making has wider relevance.
It is the perennial question of who guards the guardians.
In a democracy, protecting the public interest does not justify carte blanche.
What are the sanctions, and how are they applied, when information sharing goes bad?
In a recent speech I quoted Pastor Martin Niemöller’s famous quote in 1930s Germany, and its powerful ending that: “… then they came for me, and there was no-one left to speak for me.”
There has to be someone left to speak for all of us when it comes to the protection of our rights and privacy, otherwise they will be diminished.
If the public do not see major breaches of their privacy, or their rights in respect of their privacy, being taken seriously, then we should not be at all surprised if their willingness to provide their personal details to government agencies reduces accordingly.
Because information sharing and personal data protection are increasingly core elements of many government agencies’ business, they all need to have in place robust, clear specific and enforceable processes for its management, and an equal awareness of the potential security risks, and how these can be mitigated.
It goes back to my point about the retention of respect for the public institutions we entrust our information to, and the level of confidence we are entitled to as to how that information will be used.
I said before that the ways we access our information these days will continue to proliferate, as will the pressures associated with that.
Look at the news media – on-line services and social media are rapidly supplanting the print media and arguably even the electronic media as our primary source of news.
Facebook and Twitter are the far more immediate sources of information these days.
Mainstream media’s new role seems to be back up or explain in depth what we already know in headline form from social media.
But here is another twist.
Just as we get our information instantly, we increasingly expect to be able to provide our information equally quickly, which is another potential complication for governments.
I highlighted before the potential contradiction between people being frustrated that they have to keep providing information they have already provided to another agency, while at the same time being concerned about its potential misuse.
I would add to that the concurrent expectation that they can provide their information in the same way as they now provide their information to, or interact with their bank, insurance company or travel agent.
It is this latter expectation that probably has the biggest implications for governments of the future, as the recent MSD kiosks case shows.
In my view, we are moving inevitably towards joined-up government services, where people will conduct their business with government on-line, probably from home, at a time which suits them.
They will expect single portal entry to a range of government services, and to manage their business with the government, pretty much the way they manage their banking right now.
That obviously has implications for old current operating systems – like Inland Revenue’s for example.
While that is not the focus of my particular remarks today, I will say that following the receipt of our consultant’s report in July on the future role and direction of Inland Revenue, I have been working very closely with the Commissioner and her team, and my Ministerial colleagues on what has been previously estimated could be a $1.5 billion upgrade project.
Consistent with everything I have been saying this evening , I am determined that we get this right and that we are not harried into rushed or inadequate solutions because of ignorant political clamour from people who do not know what they are talking about.
We have made a good deal of progress, and I will be taking a programme business case to Cabinet early next year to set the broad direction for how Inland Revenue’s systems will develop over the next 10 years.
Overall, the important point to remember is that these issues go far beyond just replacing computer systems – to think otherwise is pretty naïve.
While the issue has to be treated on a whole of government basis, both in terms of the way government services are provided, across a range of specific government agencies, my focus tonight is on the more generic issue of how, whatever systems we develop for the future, we protect individual privacy, now and into the future.
Let me return to the theme of who guards the guardians.
I am not speaking here of cases which occur as the result of genuine human error.
While I am not diminishing the impact of these, I would expect that in such situations the chief executive of the organisation concerned would investigate the circumstances to determine what further action, including disciplinary and procedural steps, may be necessary to prevent recurrences in the future.
Rather, I am thinking about situations where the breaches go far beyond genuine error, and enter the realm of potential illegality with an adverse impact on the rights and freedoms of New Zealanders.
Effective accountability for failing to uphold the law is an important way of assuring the public on whose consent the law is founded that the law is being upheld.
On the face of it, current practice appears inconsistent.
In this regard, the Privacy Commissioner summed it up very well recently when she said, “There's been far too little focus on the fact that there are real people behind the information that government agencies hold.”
My own view is clear – whether it be an agency with a law enforcement function, like, for example, the Police, or any other government agency for that matter, which breaches the law with regard to individual privacy, they must be held to account for their actions.
Attempting to justify such incidents on the basis the agency thought they were complying with the law, or sweeping them under the carpet, or just leaving the issue to internal procedures to resolve is not good enough.
There need to be clear, external, enforceable, and consistently applied standards of conduct in these circumstances.
This is not a witch-hunt mentality, but recognition of the precious nature of personal information and the vital importance of, to quote my original legislation, providing for the “better protection of the privacy of natural persons in relation to personal information collected, held or used by any agency.”
It is interesting to note that the Australian Federal Government has just released a formal discussion paper on how privacy breaches should be handled, including the possible introduction of a mandatory breach notification scheme, although as their Attorney-General notes, that may not be as simple or practical as it first sounds.
She raises the valid point – consistent with the tenor of my remarks this evening – that, “If
there is to be a mandatory data breach notification scheme, how do we make sure it gets the balance right between the public interest in mitigating the adverse effects of data breaches while ensuring we do not create an overly burdensome compliance requirement on entities that make their business from collecting, storing and using personal information?”
My own view is that the balance has to err on the side of the individual, for the following reason.
I am a supporter of the institutions of the state – like the Police and the security services – and recognise their role to protect the public interest.
Their task is often a thankless one, which I would not want to undertake, but it is not an unfettered one.
I believe very strongly that, when exercising their responsibilities, those agencies of the state must at all times not only act, but be seen to act, within the law they are pledged to uphold, especially so far as the rights of individuals are concerned.
That is a high test, but in a free state, it cannot logically be otherwise.
After all, one of the fundamental responsibilities of any government in a free society is to uphold the rights and liberties of its citizens.
Protecting their personal information from abuse or misuse by the agencies of the state is an important part of meeting that responsibility, and ultimately of retaining confidence in our system.