1. Privacy Awareness Week 2012 Notes from the coalface Presentation by Mike Flahive and Dawn Swan

2. In March : The News Australian Cricket Association ACC data breach Ports of Auckland Law Commission / Code amendments CCTV in Pukekohe Police to pay damages Coronor’s comments

3. The Reality Complaints > 968 last year, 915 currently Enquiries > 7006 last year, 6475 currently Eight team members hold files On average, each investigator will receive 125 files and close 120 each year

4. Work in progress An average of 50 files Half access, 25% disclosure Even split public and private sector Age of files: 88% under 6 months Dominant focus settlement 30% settled

5. Outcomes on closed files 2010/11 Closed 999 No interference with privacy 686 Complaint has substance 313 Settled / mediated 281 Referred to Director of Human Rights Proceeding 19

6. Settlement record (2010/11) Access 534 access complaints 208 settled 185 involved release or partial release of information 21 involved payment of money averaging $650 for slow release or refusal 2 payments in excess of $2,000

7. Settlement record (2010/11) Disclosure 267 closed 52 settled 19 involved payment of money averaging $8000 3 payments in excess of $10,000 1 payment more than $40,000 Average without large payment $5,000 continued

8. Examples of settlement Health agency Gave information to person about patient Person not a relative or holding EPOA No checking by health agency Apology, assurances, training and $5,000

9. Examples of settlement Agency repeatedly sent correspondent to complainant’s residential address contrary to arrangements to use PO Box Spouse found out about secret arrangement $1,000 new terms of contract continued

10. Examples of settlement Agency employee browsing Information used outside agency to significantly embarrass complainant Loss of confidentiality Loss of employment Agency paid more than $40,000 continued

11. Lochead-MacMillan vs AMI Insurance Ltd [2012] NZHRRT 5 Fire damaged property, home and contents insurance claim $10,000 damages “Multiple, sustained and systemic failures” to comply with Privacy Act

12. Multiple information requests 4 February – request for audio files and transcripts 2 March – request for audio repeated 13 April – Feb and March requests repeated 6 May – request for fire report 19 May – first three requests repeated 8 July – request for AMI file

13. Breaches by AMI Failure to comply with statutory time limit = deemed refusal Failure to advise of right to seek an investigation by Privacy Commissioner Refusal to release fire report – unjustifiably withheld twice

14. Damages Awarded $10,000 for injury to feelings Repeatedly ignored requests Plaintiffs kept in dark Impression Privacy Act obligations not important Unequal relationship Plaintiffs made to feel insignificant, ineffectual and unimportant

15. HRRT Comments Privacy principles are fundamental to good process Requests for information cannot be ignored or dismissed Good administration demands full compliance with Privacy Act

17. [2011] NZHRRT 5 (25/2/11) Withholding grounds [2011] NZHRRT 6 (9/3/11) Non compliance with Part 5 procedural provisions of the Act Sharoodi v Director of Civil Aviation

18. General Advice from Tribunal Full index of documents Pagination of documents Identification of released, withheld or redacted information

19. Managing Access Requests Anticipate having to explain what you have done A discovery process of indexing all documents is very handy Create separate record of total information Create separate record of withheld/ redacted information

20. Tribunal discussion Series of misunderstandings around request for personal information which became “personnel” information Request not answered until 21/2 months after reasonably expected to comply Therefore Deemed refusal and undue delay

21. Damages Loss of benefit - $5,000 A reluctant and piecemeal release Revoked pilot’s licence before release Not able to use/check information before revocation Not given a “fair crack of the whip”

22. Damages Humiliation, loss of dignity, injury to feelings - $5,000 Interpreted request in a limited way Revoked pilot’s licence knowing that information yet to be released Late decisions to mitigate only after involvement of Privacy Commissioner continued