Wednesday, July 03, 2013

Parliamentary Services are breaking the Privacy Act

Ever since we learned that the government had spied on journalist Andrea Vance in their efforts to get to the bottom of who had leaked her the Kitteridge report, people have been asking to see what exactly she signed for her parliamentary access pass. Did it mention that where she went was logged? Did it mention that this information could be used in the event of a security incident? Did it, in short, comply with the Privacy Act?

Of course not:

In the interests of settling at least one point of interest, Scoop's latest Press Gallery signup, Hamish Cardwell requested a copy of the form he signed when obtaining his Parliament access card in May. The form, pictured below, concerns security and safety obligations and does not mention the collection or use of person information in any way.

Privacy Principle 3 is crystal clear:
Where an agency collects personal information directly from the individual concerned, the agency shall take such steps (if any) as are, in the circumstances, reasonable to ensure that the individual concerned is aware of

(a) the fact that the information is being collected; and
(b) the purpose for which the information is being collected; and
(c) the intended recipients of the information...

So Parliament is breaking the law. And a pretty basic one at that. Which in turn undermines their legitimacy. If they purport to legislate for the rest of us, it is hypocritical to refuse to obey the law themselves.

There's scope for further investigation here. What exactly is collected? How long is it retained for? Who is it made available to, and on what terms? We deserve to know, so we can find out exactly how far the rot goes.