Greens call for inquiry, fresh laws on databases

The Green Party has called for Government to mount an inquiry into the privacy concerns raised by Privacy Commissioner Marie Shroff about the oversight of public and private databases that contain information on New Zealand citizens, Green Party Human Rights Spokesperson Keith Locke says.

Mr Locke was responding to a speech last week by the Privacy Commissioner in which she queried whether sufficient protections exist under New Zealand law regarding local databases situated overseas – or where local data is sent, or accessed from, offshore.

“When similar concerns surfaced in British Columbia in 2004, the conservative government of Premier Gordon Campbell ordered an inquiry by their Privacy Commissioner. Even before that report was concluded, British Columbia passed a law restricting the disclosure of personal information outside Canada, expanded the scope of personal liabaility and raised the penalties for violating the relevant laws,” Mr Locke says.

“A similar inquiry and new legislation is needed here, given the trend for public organizations to outsource data processing. We need to be sure that the processes for handling sensitive personal information are transparent — and that such data is not being turned over to firms and state agencies offshore, who may well use it in ways not consistent with New Zealand privacy laws.

“First, we need to assess the scale of the problem. The Government needs to order an audit of data bases sent overseas. The audit should include a list of public databases, such as the New Zealand passport database, which is held in Sydney. Private databases held by the likes of banks and credit agencies located offshore also need to be identified.

” Such an audit would for instance, clarify whether and where our airline travel data is located offshore – since we now know that information on New Zealand air travellers to the US is routinely forwarded to Atlanta for security vetting by the US Department of Homeland Security. The harder, but no less essential task will be to identify all the private New Zealand databases located overseas — including those situated here that are directly accessed from overseas.

“The Government inquiry needs to identify how consistent the privacy laws operating in those overseas countries that hold or access New Zealand databases are with our own privacy laws – and establish our laws as the bottom line acceptable, with penalties for those that contravene the rules.

“Currently, the US Patriot Act requires US owned firms to provide data on a confidential basis — ie, without informing the host country. In 2005, the Greens raised concerns about New Zealand contracts outsourced to the US firm EDS. The Privacy Commissioner assured us that a voluntary agreement existed whereby EDS promised to notify New Zealand if it was forwarding Government data to the US for processing, with all the related risks. Such promises are no longer enough,” Mr Locke says.