State agencies should know the limits of their power to spy
Click on the image below to enlarge.
The government spy agency, Security Intelligence Service, using private investigators to spy on citizens for improper purposes isn't new. It isn't secret either. Other government agencies have employed private investigators to dig for dirt for years.
Too many government agencies have a cavalier attitude towards the collection, protection and sharing of personal information.
It has become too frequent that stories emerge of bureaucracies collecting irrelevant personal information or using personal information outside their legislative mandate.
Take, for instance, where an error in Winston Peters' superannuation payments fell into the hands of political opponents. Regardless of who people voted for or what people thought of the personal information, it should concern everyone that such personal information could conveniently surface close to an election.
Personal information is valuable. Debt collectors used contacts in IRD to obtain earnings and address details of absconding debtors. A private investigator used contacts in Immigration NZ to obtain personal information on a person of interest's spouse.
Nevertheless, if there has been an alleged breach of privacy, proper process applies to authorities as much as they do to citizens.
Nicky Hager used leaked material to sell a book close to an election. The police's illegal search for the source of the leak resulted in a significant financial settlement.
Search warrants have been abused before. Every law student studies the 1994 Court of Appeal decision called Baigent's Case, where police knowingly searched the wrong property but decided to see what incriminating evidence could be found anyway.
It shouldn't take large legal fees each time a judge has to remind a government agency how to do their job.
The standards applied to police in the search for evidence should be no different to how government agencies obtain personal information from other agencies.
David Garrett used the birth certificate of a deceased to fraudulently obtain a passport. Others obtained welfare. It was clear that some sharing of personal information between government agencies was necessary.
ACC claimant Bronwyn Pullar accidentally received the personal information of hundreds of claimants. It was clear that a balance was needed where agencies needed proper checks and balances so that only relevant personal information was shared.
The result was a raft of information sharing agreements, regulations, and amendments to legislation.
The scope of information that one agency can ask from another is narrow to avoid an Orwellian "Big Brother" intrusive state. Officials stamping passports at the border should not be able to view academic records. IRD officials shouldn't access health records.
So, if one agency asks another agency for information, there must be a valid and specific reason to ask for it. The request can't be so vague that it is effectively looking around for other information that it might be able to use.
Shared information should be used for verification, not intimidation. Civil servants have a legal obligation to ask people for personal information first. "We know something you don't know" tactics can't be used to trick the disclosure of additional personal information.
A hunch is not sufficient grounds to seek information from another agency. If a person provides incorrect or conflicting information, they should be given an opportunity to explain before an official thinks "gotcha" and commences a probing investigation.
The Privacy Commissioner cannot investigate complaints of privacy breaches where legislation allows it. However, where an agency acts outside of legislation, it can investigate.
The Ombudsman won't get involved where legislation provides complaint processes.
The information sharing legislation often means that, due to the lack of watchdog interest, aggrieved parties must, after exhausting an often-flawed complaints process, pursue matters through the courts.
The Privacy Commissioner and Ombudsman need to show more interest in the information-sharing cultures within agencies. The last time the Privacy Commissioner took a serious look at an agency was in 2012, which led to the ACC minister, half the board, CEO and three directors resigning.
I hope that the Winston Peters case is a wake-up call for the civil service because, as much as the Deputy Prime Minister enjoys fishing trips, I know he certainly doesn't enjoy bureaucratic "fishing expeditions" with his personal information. Nor should anyone.
• Grant McLachlan is a former researcher in Parliament who advised on privacy and security-related issues in government agencies.