1 / 22

Privacy Awareness Week 2012 Notes from the coalface Presentation by Mike Flahive and Dawn Swan

Privacy Awareness Week 2012 Notes from the coalface Presentation by Mike Flahive and Dawn Swan. In March : The News. Australian Cricket Association ACC data breach Ports of Auckland Law Commission / Code amendments CCTV in Pukekohe Police to pay damages Coronor’s comments.

jiro
Download Presentation

Privacy Awareness Week 2012 Notes from the coalface Presentation by Mike Flahive and Dawn Swan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Awareness Week 2012 Notes from the coalface Presentation by Mike Flahive and Dawn Swan

  2. In March : The News • Australian Cricket Association • ACC data breach • Ports of Auckland • Law Commission / Code amendments • CCTV in Pukekohe • Police to pay damages • Coronor’s comments

  3. The Reality • Complaints > 968 last year, 915 currently • Enquiries > 7006 last year, 6475 currently • Eight team members hold files • On average, each investigator will receive 125 files and close 120 each year

  4. Work in progress • An average of 50 files • Half access, 25% disclosure • Even split public and private sector • Age of files: 88% under 6 months • Dominant focus settlement • 30% settled

  5. Outcomes on closed files 2010/11 Closed999 No interference withprivacy686 Complaint hassubstance313 Settled /mediated281 Referred to Director of Human RightsProceeding19

  6. Settlement record (2010/11) Access • 534 access complaints • 208 settled • 185 involved release or partial release of information • 21 involved payment of money averaging $650 for slow release or refusal • 2 payments in excess of $2,000

  7. Settlement record (2010/11) continued Disclosure • 267 closed • 52 settled • 19 involved payment of money averaging $8000 • 3 payments in excess of $10,000 • 1 payment more than $40,000 • Average without large payment $5,000

  8. Examples of settlement Health agency • Gave information to person about patient • Person not a relative or holding EPOA • No checking by health agency • Apology, assurances, training and $5,000

  9. Examples of settlement continued • Agency repeatedly sent correspondent to complainant’s residential address contrary to arrangements to use PO Box • Spouse found out about secret arrangement • $1,000 new terms of contract

  10. Examples of settlement continued Agency employee browsing • Information used outside agency to significantly embarrass complainant • Loss of confidentiality • Loss of employment • Agency paid more than $40,000

  11. Lochead-MacMillan vs AMI Insurance Ltd[2012] NZHRRT 5 • Fire damaged property, home and contents insurance claim • $10,000 damages • “Multiple, sustained and systemic failures” to comply with Privacy Act

  12. Multiple information requests • 4 February – request for audio files and transcripts • 2 March – request for audio repeated • 13 April – Feb and March requests repeated • 6 May – request for fire report • 19 May – first three requests repeated • 8 July – request for AMI file

  13. Breaches by AMI • Failure to comply with statutory time limit = deemed refusal • Failure to advise of right to seek an investigation by Privacy Commissioner • Refusal to release fire report – unjustifiably withheld twice

  14. Damages Awarded • $10,000 for injury to feelings • Repeatedly ignored requests • Plaintiffs kept in dark • Impression Privacy Act obligations not important • Unequal relationship • Plaintiffs made to feel insignificant, ineffectual and unimportant

  15. HRRT Comments • Privacy principles are fundamental to good process • Requests for information cannot be ignored or dismissed • Good administration demands full compliance with Privacy Act

  16. Sharoodi v Director of Civil Aviation [2011] NZHRRT 5 (25/2/11) • Withholding grounds [2011] NZHRRT 6 (9/3/11) • Non compliance with Part 5 procedural provisions of the Act

  17. General Advice from Tribunal • Full index of documents • Pagination of documents • Identification of released, withheld or redacted information

  18. Managing Access Requests • Anticipate having to explain what you have done • A discovery process of indexing all documents is very handy • Create separate record of total information • Create separate record of withheld/ redacted information

  19. Tribunal discussion • Series of misunderstandings around request for personal information which became “personnel” information • Request not answered until 21/2 months after reasonably expected to comply Therefore • Deemed refusal and undue delay

  20. Damages Loss of benefit - $5,000 • A reluctant and piecemeal release • Revoked pilot’s licence before release • Not able to use/check information before revocation • Not given a “fair crack of the whip”

  21. Damages continued Humiliation, loss of dignity, injury to feelings - $5,000 • Interpreted request in a limited way • Revoked pilot’s licence knowing that information yet to be released • Late decisions to mitigate only after involvement of Privacy Commissioner

More Related