Text of the address prepared by Rodney Haines, Wellington Manager, Office of the Privacy Commissioner, 13 May 1995
By being
here you have demonstrated interest in knowing more about how to respect the
privacy of your subjects while continuing your work.
Privacy is
not a new issue but it has become important because of the passing of the
Privacy Act. Speaking generally, there
will be times when you need to weigh in your own mind the protection of a
person's privacy against the need to have some information. Factors you might want to bear in mind are
the era in which the person lived, the values of that time and the values of
that individual, which may be demonstrated by the lengths by which he or she
went to protect that information. Was
there shame? Was it a deal that was not
quite straight? Would the “bringing to
light” of the information have the potential to visit the sins of the ancestors
on the descendants?
A common
sense test might be to “Do unto others”, “How would I feel if I was the
subject?” or “Would I like this to be done to me?”
The Privacy
Act is concerned with the promotion and protection of personal
information. This is only one part of
the culture of respect for each other's rights to privacy.
The Act
sets out 12 information privacy principles which guide any agency (as you are
described in the Act) which handles personal information. Some of the principles contain a wide number
of exceptions into which many activities can be fitted. I propose towards the
end of the session to run very briefly over the individual principles for those
of you who have not yet found a comfort level with the provisions of the Act.
Any person
can lodge a complaint with the Privacy Commissioner of an “interference with
the privacy of any individual”. The
information privacy principles apply to personal information which is
information about a natural person who is not deceased.
So to come
within the Act you must be dealing with personal information and this by
definition is about a living individual.
There is a
slight exception in relation to the deaths register (which I will come to
later.)
Except in
relation to the principles relating to access and correction (principles 6 and
7) where it is sufficient that the principle was breached, it is necessary for
there to be a second element before there can be an interference of
privacy. This involves some loss,
detriment or harm to an individual. The
Act therefore is not just about technical adherence to principles but about
outcomes. Section.66(1) (See Appendix)
However,
outcomes are not always predictable.
Most agencies try to get themselves into the position where they are
routinely complying with the information privacy principles.
The Act
also contains certain public register privacy principles. These apply to a number of public registers
listed in the Act [Append from fact sheet]. You may well ask why such registers
should be controlled. I would simply point out that people are required to
provide information for these registers they have no choice. They are required to do so according to
law. It would seem that some reasonable
limits on the use of that information.
One such
principle concerns the re-sorting or the combining of personal information from
one public register with personal information obtained from another public
register for the purpose of making available for valuable consideration personal information assembled in a form
in which it could not have been obtained directly from the register.
The evil which
this is intended to deal with is that the gathering of information for the
purposes of profiling a person from sources of information obtained by the
state by coercive legislation should not be the subject of commercial
exploitation. For instance, by
reassembling it so that we can identify all the purchasers of a certain type of
car who are owners of dogs of a certain breed and who live in a property above
a certain valuation we create a new database of information which can be used
for purposes unconnected with the reason why the information was attained in
the first place.
People do
resent this use of their information.
However,
the public register privacy principles are but a gentle attempt to bring about
some sort of privacy regime. A breach
of them does not constitute an interference of privacy. But complaints can be investigated by the
Privacy Commissioner. The injunction
upon you as genealogists is to comply with principle 2 of the public register
privacy principles “so far as is reasonably practicable”.
Before I
leave this issue I should perhaps point out that the preparation of a genealogy
which contains several pieces of information from various registers would not
appear on the face of it, to be a resorting.
Certainly “combined” raises in my mind and I cannot speak for the
Commissioner - the idea of making information from two or more lists into one,
though, and this may be a problem.
However, to keep it in perspective, a family history containing pieces
of information gathered from registers does not seem to me to be the evil to
which that public register privacy principle was directed.
If there is
a problem of course, the Act does provide an opportunity for the Commissioner,
in relation to public registers, to issue a code of practice. A breach of such a code could, then, give
rise to allegations of interference with the privacy of individuals and the
individual could make a complaint to the Privacy Commissioner.
Concepts of
privacy are not static. The computer
has converted the privacy afforded by the difficulty of searching manual files
to a real threat to many people that personal information about them can become
available to others to such an extent that real information about their
lifestyle can become readily available without their consent.
Just
because you are engaged in the business of genealogical research, I suggest
does not give you any greater authority to interfere in the privacy of
individuals than a private inquiry agent.
You may
well be interested in the fact that there is an exemption for the news
media. Parliament in its wisdom
considered that issues of press freedom were better not regulated by this
legislation, at least until the Commissioner reviews it after three years of
operation. That decision is not always
well received by people in contact with the Commissioner 's office about
breaches of privacy. There is some
protection to them under the Broadcasting Act under which complaints about a
breach of privacy can be made to the Broadcasting Standards Authority, which
can also award compensation of up to $5,000.
Retrieving
information about living individuals can be described as research or it can be
described as spying, historical research or as profiling. Call it what you will. The label is not as important as the
activity. The activity threatens the
privacy of individuals and for this reason there is a need to refer to the
information privacy principles which try to maintain some balance between the
need for a free flow of information and respect for the autonomy of
individuals.
It is
appropriate before I become more specific that I should insert what we call in
the office “the caveat”. This is the
warning that what I am saying to you and any answers that I give in response to
questions are not rulings which bind the Commissioner. The Commissioner has been careful to avoid
attempting advance rulings short of a case investigation. Where there are investigations and the
Commissioner considers that the opinion he has formed at the end of the day
will be of use to people in similar situations, a case note is issued. Thirty five case notes have been issued so
far. But subject to the caveat let's
look at how the Act affects you.
If you are
only interested in nurturing your family tree, could it be that your activity
need not comply with the information privacy principles? Section 56 of the Act says that they don't
apply where the agency is an individual and the information is being “collected
or held by that individual solely or principally for the purposes of, or in
connection with, that individual's personal, family, or household affairs”.
So if you
are an individual person (not a company or a society) and the action at issue
relates to something that you are doing solely or principally for the purpose
of your own personal family or household affairs you are not bound by the
information privacy principles.
You will
remember from a definition I gave you earlier that personal information is
information about a living person. So
generally you do not have a problem over collecting information about people
who have died.
In fact of
course agencies may still be unwilling to supply you with information because
they may believe they would be in breach of other ethical contractual,
fiduciary or other duties under which the information was gained in the first
place. For example, if you were seeking
health information, you should be aware that the Health Information Privacy
Code 1994 specifically forbids the disclosure of health information about an
individual within 20 years of that person's death. This is an exception to the normal provision that personal
information only relates to a living individual.
Some people
have also been troubled by a provision in the Act which says that the
definition of personal information includes the deaths register under the
Births & Deaths Registration Act. I
am not clear exactly why this is causing concern because if you were collecting
information about a deceased person you can hardly approach them directly as
required by principle 2 for the information. I understand the reason that the
death register is included in the definition of personal information was to
ensure that along with the births and marriages registers it would constitute a
public register and be subject to the public register privacy principles. This incidentally means that as a public
register it is “publicly available” information and therefore if the
information is contained in that register it can be collected and information
sourced from that register can be disclosed because of the exceptions in
principles 2 and 11.
I should
remind you in the discussion of the application of information privacy
principles that they do not apply to those individuals who are doing their own
genealogies for their personal family and/or household purposes. This is not to say that I advocate wholesale
disregard of the information privacy principles. Adherence to them may be the only way to ensure that some subsequent
publication does not make you liable for the breach of the information privacy
principles. There could be a temptation
to collect and hold the information ostensibly for fan-iily purposes but in
fact to develop a new purpose that is unrelated to the family affairs and
disclosure may well be made in circumstances which do not bring section 56 into
play as a defence.
I next move
to those of you who are doing genealogies for other people. It is only if you are resorting or combining
information from more than one registers for the purpose of making it available
for valuable consideration that you need be bothered by PRPP 2.
If as one
of your services you are offering to collect deaths information and combine
with births information and electoral roll information and provide lists for
other people, then quite properly, your activities should be subject to the
public register privacy principles. The worthiness of the purpose of your
research is not really the issue. The
issue is that you are dealing in other people's information and they do have
some rights.
What then
if you find it unacceptable to comply with the Act? The Commissioner was surprised to receive a letter from some
interested genealogists proposing that they simply be exempted from the
provisions of the Act. They proposed
that the Privacy Act be changed to suit their situation. Doubtless there are lots of other lobby
groups who would like simply to be exempt from this piece of legislation.
However,
the Privacy Act is unique. It actually
provides an exemption procedure under provisions for codes of practice. These codes of practice can be issued by the
Commissioner and are as binding as the principles which they supersede. The process is careful and is widely
consultative. So far only two codes
have been issued. The Health
Information Privacy Code which can be purchased from my office for $12.50, and
GCS Information Privacy Code which relates to the Govermnent Computing Services
which are to be privatised. The former
is worth reading to get a feel for what a code can do.
Further
codes are under way. One of the advantages
of a code is to make it clear to individuals engaged in a particular activity
exactly how that activity can be carried out to accord with the information
privacy principles. If any of you feel
that a code is needed the Commissioner would be pleased to hear from you with
your analysis of why it would be required.
If you believe that some wide exemption should simply be incorporated in
a code of practice then you would need to make that case out and have it to
stand up to scrutiny by other groups which you would be expected to consult
before the Commissioner would consider your application.
Codes of
practice are a flexible and reasonable way of applying the Act to particular activities in a sensible way.
If a
perceived problem appears to result from differences in interpretation within
the Society, the Society could introduce its own guidelines to help
members. Such guidelines are best
initiated by those who are engaged in the activity rather than by a Commissioner.
Let us now
look at the information privacy principles.
The first four relate to the collection of personal information.
Principle 1 - personal information shall not be collected
unless it is for a lawful purpose and it is necessary to collect it for that
purpose. Don't collect information that
is not necessary for your purpose. If
it is not relevant then you don't need to collect it no matter how titillating
it might be.
Principle 2 - source of personal information. In general information should be collected
directly from the individual concerned.
You will already be working on the basis that if you want the most
accurate information you should start by gathering it from the subject where
that is practicable. On the other hand
you will want the opportunity to gather information which may have been
forgotten or may need to be verified from other sources. The individual concerned may authorise you
to collect the information from someone else.
There are other exceptions, such as, that compliance will prejudice the
purpose of the collection. Another
exception is that the information is “publicly available information” which
means that it is in a public register as defined in the Act or some magazine,
book, newspaper or other publication that is or will be generally available to
members of the public. But your first port of call should generally be the individual concerned.
Principle 3 - collection of information from subject. I think
this is vital to the proper carrying out of your duties when you are doing your
genealogical work. If you propose to
collect information from an individual you must tell that individual what the
purposes of the collection are. If for
instance, you were to say it was to research the history of the Haines family
for Rodney and his family but you secretly intend to publish any interesting
titbits in the Genealogical Gazette or
the Famous Families Fortnightly then Rodney and the rest of the family
ought to be told at the very start.
Every person interviewed should clearly understand that this
information, whatever it might be, could be thrust into the public domain. You have to give your name and address and
that of any other agency which will hold that information, any intended
recipients of the information. You will
also need to advise people that they have the right to access and correct the
personal information about them. There
is more to principle 3 than I am describing here but it is part of the openness
principle which permits information privacy laws around the world. This principle could catch out those who say
they're doing it for their s.56 reasons but actually always intend to publish
the “dirt” elsewhere.
Principle 4 - manner of collection of personal
information. This principle says that
you shall not collect information by unlawful means or means which, in the
circumstance of the case, are unfair or intrude to an unreasonable extent upon
the personal affairs of the individual concerned.
Principle 5 - storage and security of personal
information. Whether you went out and
got the information or it simply was supplied to you, you must use such
security safeguards as are reasonable in the circumstances to prevent loss, or
access use modification or disclosure of that information without your
authority, or any other misuse.
And if you
have to supply information to another person who is providing a service to you,
perhaps an agency to conduct a search for you, then you must do everything
reasonably within your power to prevent the unauthorised use or unauthorised
disclosure of the information.
Principle 6 - access to personal information.
Principle 7 - correction of personal information.
Both these
principles in effect give the individual concerned the opportunity to audit the
information that you have. You are
required under principle 3 to make people aware of that right when you collect
information from them. They are
entitled to ask if you have any information about them and then to ask to have
access to it. There is provision for
you to charge for that access. But they
also have the right to ask for the information to be corrected or at least if a
correction is not possible then to have their version to be placed with your
version so it would always be read when anyone looks at your version. About half the complaints received by the
Commissioner relate to access and correction.
Principle 8 - accuracy etc., personal information to be
checked before use. Before you use
information you need to consider what steps if any, are reasonable in the
circumstances to ensure that having regard to the purpose for which the
information is to be used it is up to date, it is accurate, up to date,
complete, relevant and not misleading.
Principle 9 - agency not to keep personal information for
longer than it can lawfully be used. It
is important here to bear in mind that if you have a contract with someone to
collect information about their family tree, and you have made a proper
arrangement with them and had their consent on appropriate disclosures have
been made of your intended use of the information, you are under obligation to
keep the information no longer than you can lawfully use it.
Principle 10 - limits on use of personal information. There are a number of exceptions to this
principle but it again this and the next principle reflect the “purpose specification”. If you hold information that was obtained in
connection with one purpose you should not use that information for any other
purpose. A notable exception is for the
information used in the form in which the individual concerned is not identified
or used for statistical research purposes and if it will not be published in a
form that could reasonably be expected to identify the individual concerned.
Principle 11 - limits on disclosure of personal
information. Likewise you should not
disclose the information unless you believe the disclosure is one of the
purposes in connection for which you got it or is directly related to those
purposes. An exception may be that the
source is a “publicly available publication” which, remember, includes a public
register. So, subject to public
register privacy principle 2 about re-sorting and combining the personal
information when you are making it available for valuable consideration, you
can disclose information which has been sourced from a public register. Remember that the source is important. The fact that the information may be in some
public register or other publicly available publication is not
the test here. It is where you got it
from.
This run
down on the information privacy principles is not complete. You need to know the exact words of these
principles. We have fact sheets which
set them out. There is now a reasonably
priced book on the market.
It is
common when particular groups tackle the Privacy Act for there to an initial
panic that the Act is going to make their activity impossible! We usually fmd that after careful analysis
this does not prove to be the situation.
We also emphasis that if people get the correct authorisation if they go
about the collection in the proper way, if they comply with information privacy
principle 3 about their purposes when they are collecting for individuals, then
it is less likely that they will have any problem later in disclosing that
information.