Twenty-seven
years ago I introduced to Parliament what was then - and probably still is -
the largest ever Private Member's Bill - the Information Privacy Bill. It drew
heavily on work I had begun as Associate Minister of Justice in the previous
Labour Government. The Bill was followed a few hurried and embarrassed weeks
later by the National Government's own effort, the Privacy of Information Bill,
which bore a remarkable, if not identical resemblance to my own Bill! Both
Bills eventually morphed to become what we know now as the Privacy Act. This
was passed twenty-five years ago, and this week, Privacy Week, is an occasion
to celebrate that, and to consider where we need to go with Privacy law in the
future.
Of course, a huge
amount has changed in the last few years, let alone the last twenty-five years.
When we were first looking at the issue in the late 1980s and early 1990s the
principal focus was on ensuring that people's privacy was protected from their
being included unknowingly on various corporate mailing lists - Readers' Digest
was cited frequently as the main offender - and ensuring that they could get
off those lists and stop the flood of unsolicited mail. Today, of course, the
scope is much wider as there is more collection of data by Government agencies,
and that data is shared with and by a wide variety of organisations, for often
beneficial, but no means exclusively so, purposes. On top of that, have been
the activities of social media entities like Facebook, and more notoriously
recently Cambridge Analytica, which have taken the issue to an entirely
different level. Just as communications and technological advances have now
rendered national boundaries obsolete, so too and even more so in the data
world. It is pervasive and constant, a far cry from the occasional unwelcome
and incredible offer from an international mailing company. Little wonder,
then, that the Government has recently introduced legislation to modify and
upgrade the original Privacy Act.
Earlier this
week, the Office of the Privacy Commissioner released some sobering figures
regarding how New Zealanders feel about the way their data is being treated.
Its latest annual survey shows more than two-thirds of New Zealanders are
concerned about their individual privacy, and that that figure has been rising
over recent years. Perhaps not a surprise given recent widely reported data
breaches here and elsewhere. Of more concern, though, at a time when more and
more of citizens' transactions with Government take place on line, and New Zealand is recognised as one of
the most digitally advanced countries in the world, confidence in the
Government's ability to handle individual citizens' data securely has fallen
sharply over the last five years. Yet during these years, Government practice
with regard to the handling of individual data has improved dramatically. But
the test here is a simple one - it is not the actuality of what is happening
that matters, but the perception of it. Put simply, if people feel their data
is less safe with the Government, they will become far less inclined to comply
with data gathering and sharing requirements, which will in turn defeat the
purpose and efficiency of greater data use and sharing to improve the delivery
of public services.
There are some
stark lessons here for the Government, whatever its political hue. They will be
ignored at their peril. Governments can only move in this space to the extent
they have the public's confidence and endorsement. So, a major part of any
Government's effort in the digital transformation space has to be about getting
and keeping the public on-side. The Privacy Commissioner's survey results,
although mildly encouraging overall, sound the timely reminder that there is
still some way to go.
When the original
Act was passed in 1993, it was launched in a vacuum. Inexplicably, given the
nature of the reform, the Government then did nothing to explain what the Act
was about. Consequently, incredibly cautious, risk-averse middle ranking
bureaucrats in both central and local government were left to fill the spaces,
leading to many bizarre and downright silly rulings and new procedures that
risked severely quickly bringing the whole Act into disrepute and ridicule. So,
whatever the outcome of the current Bill, I strongly plead that the Privacy
Commissioner is given the resources and the time to explain what it will and
will not do, so that it can become an effective protection of individual
privacy from the day it comes into effect. In this fast-moving space, that is
not just a pious wish, but an absolute necessity.
No comments:
Post a Comment