Wednesday, April 05, 2017


Last year the Ministry of Social Development started imposing new contracts on community agencies requiring them to hand over highly personal information on their clients in exchange for funding. The decision had massive privacy implications. So did they consult the Privacy Commissioner first to ensure they weren't violating the Privacy Act? Of course not:

CARMEL SEPULONI to the Minister for Social Development: What advice did she receive from the Privacy Commissioner during the development of the private client data-sharing requirements for contracted social services?

Anne Tolley: I did not directly receive any advice from the Privacy Commissioner during the development of the proposal to collect individual, client-level data. I did however receive a letter from the Privacy Commissioner on the 10th of March this year regarding his provisional conclusion of his inquiry into the proposal to collect individual, client-level data...

In other words, she only talked to the Privacy Commissioner six months after the decision had been made, once it was being investigated as a complaint.

This is a serious and basic failure of governance at MSD. The decision obviously had serious privacy implications, and that means that they should have checked whether it was OK. I'd ask how it happened, except we already know: WINZ's systematic dehumanisation on beneficiaries and attitude that they have no rights. This attitude is completely inappropriate for a government department (or indeed, a decent human being), and it needs to be stamped out.