Govt data haul plan ‘excessive’
Social Development Minister Anne Tolley has lambasted her officials and referred a near major privacy breach to her chief executive as an ‘‘employment matter’’.
She would not be drawn on whether anyone should lose their job, after it emerged an IT system designed to hold highly sensitive, personal information, allowed organisations to access the client data of other organisations.
But she said she was ‘‘furious’’ that the breach could have occurred, and it comes at a sensitive time as she attempts to push through a policy to force nongovernment organisations (NGOS) to hand over personalised data of their clients, in order to be eligible for Government funding.
Privacy Commissioner John Edwards yesterday rejected the plan – a day after Tolley was forced to send officials back to the drawing board to ready a brand new IT system, to cope with the change.
He described the Government plans to capture the individual and personal data of vulnerable clients as ‘‘excessive and unnecessary’’, and it could have serious and unintended consequences:
Individuals may choose to stay away from seeking help at all, which could lead to worse outcomes for individuals and society as a whole;
Individuals may choose to provide incorrect information in order to preserve their privacy – leading to inaccurate or useless data for analysis, or;
NGOS may allow clients who were reluctant to have sensitive information given to MSD, access services without providing their personal information – that could risk the organisation’s long-term viability, and see clients falling through the cracks.
‘‘No NGO receives government funding as of right, and it is not only legitimate but important that Government takes steps to ensure the efficacy of any programme it funds. It needs good information in order to do so,’’ Edwards said.
But the report found ‘‘insufficient consideration’’ had been given to the scope of unintended consequences that could occur as a result of the policy change.
Little or no thought had been given to developing possible alternative means to achieve the Government’s aims without risking those consequences.
‘‘There is a real risk that the new arrangement will deter some people who are most in need from seeking support or assistance,’’ said Edwards.
"There is a real risk that the new arrangement will deter some people who are most in need from seeking support or assistance." Privacy Commissioner John Edwards
‘‘Not only could that put those people at further risk, and increase pressure on the NGOS, the ultimate result could be that those individuals become ‘‘invisible’’ to Government and policy makers.’’
Tolley on Wednesday revealed the ministry was forced to shut down its information sharing portal following a privacy breach. An error allowed one provider to view another provider’s folder.
Tolley said yesterday that she understood Edwards’ concerns around anonymised data.
‘‘And if we were just looking at how effective the services are that would be sufficient, but of course, we’re looking for coverage.
‘‘We want to know that all the people that need the services are getting them, and for that we need to know who exactly is currently getting services.’’
But following discussions with Edwards, Tolley had asked the ministry to investigate some form of exemption.
‘‘To allow those NGOS – where someone is really concerned – to not give their data, and is going to walk away and not get those services, that there is an exemption regime that they can use.’’
A new IT solution would now be developed for the collection of individual client level data from nongovernmental providers.
‘‘To date, 136 providers have been invited to upload client level data into the DIA shared portal, only 10 providers have uploaded information so far,’’ she said.