The Privacy Commissioner - and the hiding of information by government bodies

DE Sheridan made this Official Information request to Privacy Commissioner

The request was successful.

From: DE Sheridan

Dear Privacy Commissioner,

Background to this request for information:
The following quote might refer to the U.S. situation - but when the intent of the the Privacy Act, the Official Information Act and the Human Rights Act in New Zealand are taken into consideration, it applies equally here:
“When the state constitution grants each citizen an “inalienable right” to “privacy,” it’s talking about individuals seeking safety from an overreaching government, not an elected official trying to evade the oversight of constituents. It’s the difference between seeking protection from tyranny, and seeking protection from democracy.”
- Jon Mendelson

Transparency is critical for democratic government to exist. Otherwise, we are at risk of being ruled by corrupt, unethical despots.

True independence of employees working in the office of the Privacy Commissioner from politicians is important for transparent, just, democratic government; and to insure that New Zealand government bodies are complying with the law, and human rights, and are acting in a fair manner towards New Zealand citizens.

New Zealanders are having on-going major issues obtaining information regarding themselves from various government agencies. This is an on-going bone of contention noted in social media and forums. New Zealanders cannot correct errors or deliberate misrepresentations in documents held by government if the government hides this information from them (Note: I am not talking about national security matters here).

There is good reason to suspect that the government's machiavellian machinations exposed in Dirty Politics are not limited to poison pen political manipulation; and it is likely that similar distortion of information is occurring with regard to providing information under the Privacy Act and the Official Information Act.

It is likely that certain government employees and the office of some ministers themselves have malevolent agendas against individuals, whom for whatever reason either they don't like, or consider a potential threat - fearing that the release of the requested information to them might cause embarrassment to the government body, it's minister, or the government in general; or show evidence of corruption or wrong-doing.

It is argued that in certain instances the office of the Privacy Commissioner has acted to allow government bodies to hide what they are doing; by accepting at face value whatever the government body says is true.

It goes without saying that if people are up to no good they won't admit it and will do what they can to hide it. This is particularly likely to be the case if requests for information are vetted by the office of ministers and government bodies to see if it involves information that might prove embarrassing to the government body, the minister or the government in general; or might expose wrong-doing. Such censorship acts against the principles of transparency and allows malevolent practices to thrive in government.

The intent of the following questions is to determine the role of the Privacy Commissioner's office in facilitating government bodies hiding information from members of the public.

Questions:
Could you please provide the following information;
1. Is it correct that there was a presentation by Mike Flahive and Dawn Swan of the office of the Privacy Commissioner at the 2012 Privacy forum, in which they presented a slide called:
"Managing Access requests".
This advised government bodies to create two separate records: one containing all information, and one containing withheld redacted information?.
http://privacy.org.nz/training-and-educa...

2. Did this talk include the following advice (from the office of the Privacy Commissioner's staff):
"Anticipate having to explain what you have done."
"Create separate record of total information"
"Create separate record of withheld/redacted information"

2. Doesn't this mean there is a third set of records - the records government bodies decide is "safe" to make public?

3. Isn't this an invitation for government bodies to hide embarrassing information or evidence of corruption or other forms of wrong-doing; and manipulate the provision of data supplied in legal cases so it is swayed to the benefit of the government body?

4. Do the offices of ministers screen information requests, and decide what is to be withheld or redacted?

5. Do the press / information support staff of government bodies also screen information requests, and decide what is to be withheld or redacted?

6. In fact, isn't it likely that there are so many levels of potential censorship as a consequence of this multi-tiered information system; that it promotes and supports a culture of government secrecy, and allows corrupt acts and wrong-doing by government officials to be hidden and to continue and grow?

7. Does the office of the Privacy Commissioner support government bodies in hiding information by supporting government bodies; when they agree with government bodies who claim that their "public" record is all that there is?

8. Does the office of the Privacy Commissioner support government bodies in hiding information by allowing government bodies to justify withholding information on the very "non-transparent government" basis that employees have a right to keep secret what they have said and done regarding an individual; and that the employees right to keep secret what they have said and done trumps the individual's right to know the truth about what has been going on?

9. To whom does the Privacy Commissioner report?

10. Does the Privacy Commissioner receive directives or guidelines from ministers' offices or the Prime Minister's office?
Please specify which ministers or the prime minister have provided directives or guidelines to the Office of the Privacy Commissioner for each of the past 5 years; and please provide a link where these can be publicly accessed on line.

11. Re: Connection of staff with Judith Collins:
i. How many staff are there in the office of the Privacy Commissioner in total; and who are the senior management and what are their roles?

ii. How many people in the Privacy Commissioner's office are from the legal profession; and how many of those have worked in any capacity under Judith Collins in any of her Ministerial roles?

iii. For those who have previously worked in the police department or department of justice, please specify their former roles and whether or not they knew Judith Collins personally.

iv. Over each of the past 5 years, did Judith Collins or John Key recommend the appointment of any staff to the office of the Privacy Commissioner?
(If so, who are they, and what roles did they assume?

12. How often per year has Judith Collins contacted the office of the Privacy Commissioner by email, letter, or official guideline or in any other way over the past 5 years?
How often in these communications has she given direction to the office of the Privacy Commissioner that information is to be withheld?

13. Re: Phil Riley of ACC
i. What has been, and currently is the relationship of Phil Riley of ACC with the office of the Privacy Commissioner?

ii. Which meetings of the Privacy Commissioner's office does Phil Riley normally attend (and what is his role in these meetings)?

iii. Does Phil Riley brief the office of the Privacy Commissioner on what ACC is doing with regard to privacy? [Please provide a link to a public copy of these briefs for each of the past 5 years]

iv. For each of the past 5 years, how many staff of the office of the Privacy Commissioner have formerly worked with ACC; and what was their ACC role?

v. For each of the past 5 years, how many staff of the office of the Privacy Commissioner have formerly worked with DRSL or Fairway Resolution; and what was their DRSL or Fairway Resolution role?

14. Does ACC subsidise, or any other government body subsidise the Office of the Privacy Commissioner?

15. How often per year for each of the past 5 years have senior management of the office of the Privacy Commissioner briefed the senior management of ACC on privacy issues?
[Please provide a link to a public copy of these briefs for each of the past 5 years]

16. Abnormal frequency of file access is a potential significant sign of breech of privacy.
Is the Privacy Commissioner supporting government bodies who refuse to provide data on the number of times an individual's file is accessed? (What is the rationale to collaborate with government bodies to hide such information?)

17. Particularly when there has been an abnormal amount of file access; metadata related to who accessed files is a potential significant sign of breech of privacy.
Is the Privacy Commissioner supporting government bodies who refuse to provide metadata on who has accessed an individual's file when there are allegations of breech of privacy or excess access?
(What is the rationale to collaborate with government bodies to hide such information?)

18. Have members of the staff of the office of the Privacy Commissioner ever advised (in any form) government bodies to either destroy information or move it to a secret part of their database system so the government body can claim it does not exist?

Yours faithfully,

DE Sheridan

"Restrictions whose aim is to protect governments from embarrassment or the exposure of wrongdoing can never be justified."
http://www.article19.org/data/files/pdfs...

Link to this

From: Katrine Evans
Privacy Commissioner

Dear DE Sheridan

 

Thank you for your OIA request, which we received on 27 August 2014. I
have duplicated your questions below, and have provided answers to each. I
hope that this is helpful for you.

 

Yours sincerely

Katrine Evans, Assistant Commissioner (Legal and Policy)

 

 

 

 

 

1. Is it correct that there was a presentation by Mike Flahive and Dawn
Swan of the office of the Privacy Commissioner at the 2012 Privacy forum,
in which they presented a slide called:

"Managing Access requests".

This advised government bodies to create two separate records: one
containing all information, and one containing withheld redacted
information?.

[1]http://privacy.org.nz/training-and-educa...

 

Yes.

 

The advice related to what agencies have to show the Office when we ask
for it (the slide does not refer to the information that agencies are
required to provide to the public).

 

We often receive complaints asking us to review decisions to withhold
information from requesters. To perform this role, we need to know what
information has been given to the requester, and what information has been
withheld. Only then can we judge whether the agency had a legal reason to
withhold the information.

 

Sometimes, agencies fail to keep a record of what they have released, or a
clear note of the redactions that they made. Other agencies only show us a
copy of the information with the redactions in place, rather than the
whole of the information.

 

Either situation is unacceptable. It can be frustrating for the requester
and time consuming for us to clarify what has been provided and what has
been released. Agencies should keep clear records. This was what the slide
was instructing agencies to do.

 

2. Did this talk include the following advice (from the office of the
Privacy Commissioner's staff):

"Anticipate having to explain what you have done."

"Create separate record of total information"

"Create separate record of withheld/redacted information"

 

Yes. See above.

 

2. Doesn't this mean there is a third set of records - the records
government bodies decide is "safe" to make public?

 

No. See above.

 

3. Isn't this an invitation for government bodies to hide embarrassing
information or evidence of corruption or other forms of wrong-doing; and
manipulate the provision of data supplied in legal cases so it is swayed
to the benefit of the government body?

 

No. See above.

 

4. Do the offices of ministers screen information requests, and decide
what is to be withheld or redacted?

 

We do not hold information about whether Ministers’ offices screen
requests for personal information. You would need to ask the individual
agencies for that information.

 

5. Do the press / information support staff of government bodies also
screen information requests, and decide what is to be withheld or
redacted?

 

We do not hold information about this. You would need to ask the
individual agencies for that information.

 

6. In fact, isn't it likely that there are so many levels of potential
censorship as a consequence of this multi-tiered information system; that
it promotes and supports a culture of government secrecy, and allows
corrupt acts and wrong-doing by government officials to be hidden and to
continue and grow?

 

This is not a request for information that we hold and so is not covered
by the OIA.

 

7. Does the office of the Privacy Commissioner support government bodies
in hiding information by supporting government bodies; when they agree
with government bodies who claim that their "public" record is all that
there is?

 

No.

 

8. Does the office of the Privacy Commissioner support government bodies
in hiding information by allowing government bodies to justify withholding
information on the very "non-transparent government" basis that employees
have a right to keep secret what they have said and done regarding an
individual; and that the employees right to keep secret what they have
said and done trumps the individual's right to know the truth about what
has been going on?

 

No. Part 4 of the Privacy Act contains a fixed list of reasons for which
personal information about requesters can legally be withheld from them.
The reasons you raise are not on that list.

 

9. To whom does the Privacy Commissioner report?

 

The Privacy Commissioner is fully independent of Ministerial control,
under the Crown Entities Act.

 

The Commissioner’s funding comes from Vote Justice. He therefore sends
periodic reports to the Minister of Justice.

 

The Privacy Commissioner provides annual reports to Parliament. He can
also report publicly, can draw other Ministers’ attention to matters in
their portfolio areas, and can send reports to the Prime Minister.

 

10. Does the Privacy Commissioner receive directives or guidelines from
ministers' offices or the Prime Minister's office?

Please specify which ministers or the prime minister have provided
directives or guidelines to the Office of the Privacy Commissioner for
each of the past 5  years; and please provide a link where these can be
publicly accessed on line.

 

No. The Privacy Commissioner is independent of Ministerial control.

 

As with all Crown Entities we receive an annual letter from the
responsible Minister setting out the broad parameters for expenditure of
public funding.

 

 

11. Re: Connection of staff with Judith Collins:

i. How many staff are there in the office of the Privacy Commissioner in
total; and who are the senior management and what are their roles?

 

The office currently has 33 staff (31.88 FTEs).

 

The senior leadership team and a description of their roles are listed on
our website at [2]http://privacy.org.nz/about-us/who-we-are/

 

ii. How many people in the Privacy Commissioner's office are from the
legal profession; and how many of those have worked in any capacity under
Judith Collins in any of her Ministerial roles?

 

10 staff have current practising certificates as lawyers.

None have worked for Ms Collins or any of the departments for which she
has been a Minister.

 

iii. For those who have previously worked in the police department or
department of justice, please specify their former roles and whether or
not they knew Judith Collins personally.

 

As far as we are aware, no staff have worked under Ms Collins in any
capacity, including in the Police or in the Ministry of Justice.

 

iv. Over each of the past 5 years, did Judith Collins or John Key
recommend the appointment of any staff to the office of the Privacy
Commissioner?

(If so, who are they, and what roles did they assume?

 

No staff.

 

The Privacy Commissioner himself is appointed by the Governor General on
the recommendation of the Minister of Justice, in accordance with statute.

 

12. How often per year has Judith Collins contacted the office of the
Privacy Commissioner by email, letter, or official guideline or in any
other way over the past 5 years?

How often in these communications has she given direction to the office of
the Privacy Commissioner that information is to be withheld?

 

Ms Collins has never given us directions that information is to be
withheld. (The Minister cannot issue directions to us – we are independent
of Ministerial control).

 

Statistics are not available for the number of times Ms Collins has
contacted us. As an indication of the types of contact that we have with
the Justice Minister, Ms Collins acknowledges reports (eg annual reports,
periodic reports, information matching reports etc) that we send to her.
She also opened our privacy forum in May 2012, and an APEC conference that
we organised in July 2013, so we corresponded with her about those
arrangements. Also, as with all Crown Entities we receive an annual letter
from the responsible Minister setting out the broad parameters for
expenditure of public funding. 

 

 

13. Re: Phil Riley of ACC

i. What has been, and currently is the relationship of Phil Riley of ACC
with the office of the Privacy Commissioner?

We meet Mr Riley approximately bi-monthly, since he is the ACC manager
responsible for updating us on any significant outcomes on the ACC
Review. 

 

Our relationship with Mr Riley is no different to the relationship between
the Office and a person of Mr Riley’s equivalent position in any other
government or business agency.

 

ii. Which meetings of the Privacy Commissioner's office does Phil Riley
normally attend (and what is his role in these meetings)?

Mr Riley does not attend other meetings of our office.

 

iii. Does Phil Riley brief the office of the Privacy Commissioner on what
ACC is doing with regard to privacy? [Please provide a link to a public
copy of these briefs for each of the past 5 years]

 

Yes. Mr Riley is the ACC manager primarily responsible for updating us
about what ACC is doing with regard to privacy, in line with the
recommendations of the Independent Review of ACC’s Privacy and Security of
Information. We also talk to others in ACC and elsewhere as required.

[3]http://privacy.org.nz/assets/Files/Media...

 

iv. For each of the past 5 years, how many staff of the office of the
Privacy Commissioner have formerly worked with ACC; and what was their ACC
role?

No staff.

 

The Privacy Commissioner was in private legal practice until he took
office in February this year. In that capacity he was occasionally briefed
by, conducted investigations for, and provided training for ACC and
DRSL/Fairway (among many other agencies).

 

v. For each of the past 5 years, how many staff of the office of the
Privacy Commissioner have formerly worked with DRSL or Fairway Resolution;
and what was their DRSL or Fairway Resolution role?

No staff. For the Commissioner himself, see above.

 

14. Does ACC subsidise, or any other government body subsidise the Office
of the Privacy Commissioner?

ACC does not provide funding to the Office.

 

The Department of Internal Affairs’ appropriation includes some funding
for our office (relating to identity services work); and we receive a
small grant from the Ministry of Health under an MoU to support our
ability to provide independent advice within the health sector.

 

15. How often per year for each of the past 5 years have senior management
of the office of the Privacy Commissioner briefed the senior management of
ACC on privacy issues?

[Please provide a link to a public copy of these briefs for each of the
past 5 years]

Senior management of OPC do not provide ‘briefings’ for senior management
of ACC on privacy issues. We receive updates from ACC on progress on the
Independent Review recommendations (see question 13(i)). Our relationship
with senior managers at ACC is the same as it is with senior managers of
other government or business agencies.

 

For the Privacy Commissioner’s activities when he was in private practice,
see the answer to question 13(iv).

 

16. Abnormal frequency of file access is a potential significant sign of
breech of privacy.

Is the Privacy Commissioner supporting government bodies who refuse to
provide data on the number of times an individual's file is accessed?
(What is the rationale to collaborate with government bodies to hide such
information?)

No.

 

17. Particularly when there has been an abnormal amount of file access;
metadata related to who accessed files is a potential significant sign of
breech of privacy.

Is the Privacy Commissioner supporting government bodies who refuse to
provide metadata on who has accessed an individual's file when there are
allegations of breech of privacy or excess access?

(What is the rationale to collaborate with government bodies to hide such
information?)

No.

 

18. Have members of the staff of the office of the Privacy Commissioner
ever advised (in any form) government bodies to either destroy information
or move it to a secret part of their database system so the government
body can claim it does not exist?

No, we have not advised destroying or moving information so a body can
claim it does not exist.

 

Indeed, we have upheld complaints in situations where we have found that
an agency has destroyed information that is subject to a request by the
individual for access.

References

Visible links
1. http://privacy.org.nz/training-and-educa...
2. http://privacy.org.nz/about-us/who-we-are/
3. http://privacy.org.nz/assets/Files/Media...

Link to this

From: DE Sheridan

Dear Katrine Evans,

Thank you for your prompt and detailed reply.

Could you please confirm what roles Asst Privacy Commissioner Mike Flahive held in the NZ police force, and when.

Could you please supply copies, or links of copies of information that have been supplied by the office of the Privacy Commissioner to ACC or supplied by the Privacy Commissioner himself when he formerly worked with ACC and DRSL that addresses what information ACC staff are allowed to keep secret.

Yours sincerely,

DE Sheridan

Link to this

From: Katrine Evans
Privacy Commissioner

Dear DE Sheridan

Mike Flahive was with the Police from 1972 until 1994. He was mainly employed in various CIB roles until he left in 1994.

The second part of your follow up request is to ask for documents "supplied by the Privacy Commissioner himself when he formerly worked with ACC and DRSL that addresses what information ACC staff are allowed to keep secret."

The Commissioner advises that over a 20 year career he has advised a wide number of agencies. He holds none of the information you are seeking in his capacity as Privacy Commissioner. As a practicing lawyer he was, and remains obliged to comply with the Lawyers Conduct and Client Care Rules, which preclude him from discussing any brief or instruction with any third party without the express consent of the client.

If the Commissioner believed that either of the agencies held information of the sort you describe, our obligation would be to transfer your request. However, the Commissioner advises that there are no grounds for believing that the information you are requesting is held by any other agency, and therefore this aspect of your request is refused pursuant to section 18(g) of the Official Information Act.

Section 18(g) says a request can be refused if:
the information requested is not held by the department or Minister of the Crown or organisation and the person dealing with the request has no grounds for believing that the information is either—
(i) held by another department or Minister of the Crown or organisation, or by a local authority; or
(ii) connected more closely with the functions of another department or Minister of the Crown or organisation or of a local authority:

You have the right to ask the Ombudsman to review our decision if you are not satisfied with the response.

I hope this helps.

Yours sincerely
Katrine

show quoted sections

Link to this

Things to do with this request

Anyone:
Privacy Commissioner only: