- Date published:
11:36 am, April 7th, 2017 - 16 comments
Categories: Abuse of power, human rights, law, national, Spying, useless - Tags: data, fail, incompetence, msd, privacy, social investment, surveillance
Very much in the news at the moment, but the best piece on the government’s plans for our privacy is by Shane Cowlishaw Newsroom:
Backdown unlikely after big data report
A damning report from the Privacy Commissioner has raised serious concerns about MSD’s demands for client data. What will it mean for the Government’s wider social investment approach?
Among the hundreds of submissions to the Privacy Commission’s inquiry into data collection, one comment summed up the public concern more than others.
“If MSD knows my budget is so tight, will they take my children off me?”
It illustrates the fear behind the questions people are asking; why does the Government want my personal information and what will it do with it?
An increase in the collection of highly confidential data about social service users is at the centre of National’s social investment approach.
It wants to use new technology to crunch the information down, so it can target money at the regions, and groups of people, that need it most.
The Ministry of Social Development is leading the charge, introducing a policy that requires more than 2300 NGOs it funds to hand over their clients’ data in order to receive funding.
The information is detailed, consisting of name, address, gender, date of birth, ethnicity, iwi, plus details of any dependents.
Many organisations who deal with New Zealand’s most vulnerable people felt uncomfortable with the policy. Their complaints to Privacy Commissioner John Edwards led to him launching an investigation, and the result is not flattering to the Government.
What does the report say?
Edward’s report identifies a litany of problems with MSD’s approach.
It says there appeared to have been little or no analysis of the impact of the policy or possible unintended consequences. …
Read on in the original for plenty more. Here’s one standout:
Security of the information and MSD’s ability to protect it was also a concern for Edwards.
In talking to MSD for the review and analysing documents provided to the Minister, he discovered MSD had stated it was working on a Privacy Impact Assessment to identify risks, alongside a separate Security Risk Assessment.
Neither of these was completed.
We can trust the MSD to get it right anyway, can’t we? Sorry – couldn’t keep a straight face there. With impeccable timing:
Tolley furious at Ministry for Social Development privacy breach, hints at job losses
Social Development Minister Anne Tolley says she is furious about a privacy breach at her ministry and has hinted jobs could be lost as a result of the blunder.
The breach is deeply embarrassing as it comes at a time when Government is trying to persuade non-government organisations (NGOs) to share detailed, sensitive information about their clients.
It also gives fresh ammunition for Opposition parties to attack National’s much-vaunted social investment approach, which depends on greater information-sharing among agencies. …
Lets give these clowns more data shall we? Gordon Campbell follows up:
Gordon Campbell on the MSD’s privacy problems
As Anne Tolley, the Minister of Social Development told RNZ this morning there will now be some delay in implementing this policy – a few months, maybe longer – until MSD can devise a data storage and handling system that can keep the information safer than it is capable of doing now. Agencies that deal with victims of sexual violence will be exempted for a year from this demand for compliance.
This fiasco has been a perfect example of a bad policy, terribly executed – on a rushed timetable that appears to have been driven by an MSD desire to cut costs in the contracts due for renewal, mid year. Obviously, the real priority should be the people at risk. Yet this policy is likely to deter them from seeking help because (a) MSD has proven time and again, that it can’t keep confidential information safe and (b) the information they provide to an NGO may return to bite them if government chooses to use it against them by altering the terms of their access to assistance.
Such fears are well grounded. (Evidence has emerged this week of two recent privacy disclosure lapses by MSD.)
More to the point, Tolley has hinted that the compulsory-acquired data will be used against the clients of the NGOs in question… To RNZ, she talked about how this allegedly anonymised data will be used for “coverage” purposes, to detect if some people are accessing more than one agency – as if this was something that should be deterred in future. Nothing is more likely to destroy the relationship of trust between an NGO and its clients than a policy that forces the NGO to rat on its clients in this fashion. …
I/S at No Right Turn is, as usual, pretty blunt:
An unnecessary intrusion
Reading through the [Privacy Commissioner’s] full report, they find that it is not clear that universal collection meets the necessity test of privacy principle 1, and that unclear purposes for collection threaten serious problems for both agencies and WINZ around informed consent, accuracy, and future use. From the policy development trail they give, its clear that WINZ has no real idea what they want to use this for (except maybe budget cuts) or who they will share it with, and seems to regard big data as magic: if they collect everything and throw it in a pile, then somehow policy solutions will magically emerge. Its also clear that they don’t give a shit about the privacy of their victims: they never completed a privacy impact assessment of the policy, and still haven’t, despite serious concerns being raised.
Given the serious problems identified by the Privacy Commissioner, this is not a policy that should continue. WINZ needs to end it, now. If they want proper data to enhance their policies, they should go back to the drawing board and find some way to get it legally and without deterring people from accessing services, rather than creeping on people with intrusive data surveillance.
So all up, a perfect cocktail of over-reach and incompetence. National needs to actually listen to the people for a change, and bin this mess right now.