BY CLAUDIA RUSSELL
Privacy concerns over the Ministry of Social Development’s (MSD) new ‘data-for-funding’ policy were the subject of an urgent Parliamentary debate earlier this month. MSD’s somewhat unpolished approach in creating the policy has caused people to question how much the Ministry respects the privacy of our country’s most vulnerable people.
Admittedly, the controversy is difficult to understand at face value. When the political noise is stripped away, however, it is fairly simple. The Ministry of Social Development is our country’s biggest Government agency, and among other things they are in charge of allocating funding to Non-Governmental Agencies (NGOs). These agencies include Women’s Refuge, the Problem Gambling Foundation, Child, Youth and Family Services (CYFS), and the Mental Health Foundation of New Zealand. Because a lot of NGOs are not-for-profit charitable organizations, they survive largely on government funding allocated to them by MSD. To figure out how much funding an agency requires, MSD needs data which tells them things like how many people are accessing the service. Data collection up until this point has gone on without issue because it has all been in the form of aggregate data and anonymised statistics. The sharing of this kind of information between agencies is important. It can help them to provide better and more efficient services through coordinated service delivery, to detect wrongdoing, or to take joint action against social problems such as child abuse. The problem is, MSD now want to change the scope of their data collection – they want individual, client-level data; your name, date of birth, iwi, ethnicity, address, the details of your children, and the services that you access. This information is not optional. NGOs must sign a contract agreeing to give up these details to receive any Government funding. Put simply, it means that all clients must agree to have their personal details and name circulated around Government agencies if they are to be the beneficiary of any services. Several NGO’s have said they would forgo funding for the sake of their client’s’ privacy, but others simply could not survive without it.
“The Privacy Commissioner … has released a 49-page report which calls the policy “excessive, disproportionate to Government’s legitimate needs [and] inconsistent with the information privacy principles.”
While privacy law in New Zealand is still in the early stages, our legal history shows a commitment to privacy principles. Article 12 of the 1948 Universal Declaration of Human Rights (to which NZ is a signatory) provides that “no one shall be subjected to arbitrary or unlawful interference with his privacy.” The Privacy Act 1993 promotes similar aims. Under section 13 of the Act, the Privacy Commissioner is empowered to conduct enquiries into the compliance of organizations with privacy principles. In relation to the MSD policy, he has released a 49-page report which calls the policy “excessive, disproportionate to Government’s legitimate needs [and] inconsistent with the information privacy principles.” Labour MP Carmel Sepuloni identified in Parliamentary debate the three major concerns raised in the report. These are:
1) that people will be deterred from accessing social services,
2) that MSD does not have the security measures in place to be able to collect and store the sensitive information they are seeking,
3) that the data the Government is seeking to get through this system is not necessary, and that it can get just as useful information if it is anonymised.
Minister for Social Development Anne Tolley adamantly rejects the first claim, asserting that people seeking help will not be deterred when they are told their details will be passed on to the Government. This may be true for some. But for those who are dealing with highly sensitive topics such as sexual abuse, domestic abuse, addiction and suicidal ideation, the disclosure of this information could be devastating. One organisation reported that it had interviewed 17 of its male sexual abuse survivors, and all 17 responded that they would cease to seek help if they knew that information was to be shared. There is also concern that individuals seeking help for mental health, addiction or domestic violence may have their information shared with CYFS and become identified as unfit parents. Some politicians are sceptical of the intentions behind the policy, too, speculating that when MSD can identify which services an individual is using, they might decide they are receiving too much help from social services and cut their aid down in the name of efficient spending. The NGOs fear it will be a ‘lose-lose situation,’ where they risk losing funding if fewer people approach a service due to personal information being sent to MSD. Trust is an essential part of the work these groups carry out, and without this trust relationship potential clients may decide not to seek help.
On the second point, there is a very real concern that MSD simply does not have the privacy measures to handle this information. A number of privacy breaches have occurred over the years, to the point where MSD has developed something of a reputation for having poor security measures. Notable among these breaches were in 2012, where thousands of personal files were accessible to anyone using the self-service kiosks at work and income. An estimated 60 privacy breaches have occurred at MSD over the last 8 years.
It seems as though the risks outweigh the benefits, which are vague at best. Social Service Providers national manager Brenda Pilott has said that she cannot draw a line of sight between the private information MSD wants to collect and the ‘efficiency and effectiveness’ outcomes they are proposing. If information is only limited to name, address, and the like, why can’t this data be anonymised? The Privacy Commissioner similarly stated that the level of data collection proposed does not appear to be necessary for the purpose of assessing the effectiveness of services. He is doubtful that it meets the necessity test set out under S6 principle 1 of the Privacy Act 1993.
Behind these concerns is the fear that the privacy of vulnerable people is simply not being respected. Privacy is an essential part of human dignity and self-determination. Receiving government aid can be life changing but it is also an incredibly invasive experience. Not needing to interact with social services allows one freedom from interference or questioning into their living situation, working arrangements and children. In this sense, privacy is a luxury not afforded to lower socio-economic groups. The more information we allow these services to collect, the more we risk widening this privacy gap.
The views expressed in the posts and comments of this blog do not necessarily reflect those of the Equal Justice Project. They should be understood as the personal opinions of the author. No information on this blog will be understood as official. The Equal Justice Project makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The Equal Justice Project will not be liable for any errors or omissions in this information nor for the availability of this information.