Text of the address prepared by Rodney Haines, Wellington Manager, Office of the Privacy Commissioner, 13 May 1995
By being here you have demonstrated interest in knowing more about how to respect the privacy of your subjects while continuing your work.
Privacy is not a new issue but it has become important because of the passing of the Privacy Act. Speaking generally, there will be times when you need to weigh in your own mind the protection of a person's privacy against the need to have some information. Factors you might want to bear in mind are the era in which the person lived, the values of that time and the values of that individual, which may be demonstrated by the lengths by which he or she went to protect that information. Was there shame? Was it a deal that was not quite straight? Would the “bringing to light” of the information have the potential to visit the sins of the ancestors on the descendants?
A common sense test might be to “Do unto others”, “How would I feel if I was the subject?” or “Would I like this to be done to me?”
The Privacy Act is concerned with the promotion and protection of personal information. This is only one part of the culture of respect for each other's rights to privacy.
The Act sets out 12 information privacy principles which guide any agency (as you are described in the Act) which handles personal information. Some of the principles contain a wide number of exceptions into which many activities can be fitted. I propose towards the end of the session to run very briefly over the individual principles for those of you who have not yet found a comfort level with the provisions of the Act.
Any person can lodge a complaint with the Privacy Commissioner of an “interference with the privacy of any individual”. The information privacy principles apply to personal information which is information about a natural person who is not deceased.
So to come within the Act you must be dealing with personal information and this by definition is about a living individual.
There is a slight exception in relation to the deaths register (which I will come to later.)
Except in relation to the principles relating to access and correction (principles 6 and 7) where it is sufficient that the principle was breached, it is necessary for there to be a second element before there can be an interference of privacy. This involves some loss, detriment or harm to an individual. The Act therefore is not just about technical adherence to principles but about outcomes. Section.66(1) (See Appendix)
However, outcomes are not always predictable. Most agencies try to get themselves into the position where they are routinely complying with the information privacy principles.
The Act also contains certain public register privacy principles. These apply to a number of public registers listed in the Act [Append from fact sheet]. You may well ask why such registers should be controlled. I would simply point out that people are required to provide information for these registers they have no choice. They are required to do so according to law. It would seem that some reasonable limits on the use of that information.
One such principle concerns the re-sorting or the combining of personal information from one public register with personal information obtained from another public register for the purpose of making available for valuable consideration personal information assembled in a form in which it could not have been obtained directly from the register.
The evil which this is intended to deal with is that the gathering of information for the purposes of profiling a person from sources of information obtained by the state by coercive legislation should not be the subject of commercial exploitation. For instance, by reassembling it so that we can identify all the purchasers of a certain type of car who are owners of dogs of a certain breed and who live in a property above a certain valuation we create a new database of information which can be used for purposes unconnected with the reason why the information was attained in the first place.
People do resent this use of their information.
However, the public register privacy principles are but a gentle attempt to bring about some sort of privacy regime. A breach of them does not constitute an interference of privacy. But complaints can be investigated by the Privacy Commissioner. The injunction upon you as genealogists is to comply with principle 2 of the public register privacy principles “so far as is reasonably practicable”.
Before I leave this issue I should perhaps point out that the preparation of a genealogy which contains several pieces of information from various registers would not appear on the face of it, to be a resorting. Certainly “combined” raises in my mind and I cannot speak for the Commissioner - the idea of making information from two or more lists into one, though, and this may be a problem. However, to keep it in perspective, a family history containing pieces of information gathered from registers does not seem to me to be the evil to which that public register privacy principle was directed.
If there is a problem of course, the Act does provide an opportunity for the Commissioner, in relation to public registers, to issue a code of practice. A breach of such a code could, then, give rise to allegations of interference with the privacy of individuals and the individual could make a complaint to the Privacy Commissioner.
Concepts of privacy are not static. The computer has converted the privacy afforded by the difficulty of searching manual files to a real threat to many people that personal information about them can become available to others to such an extent that real information about their lifestyle can become readily available without their consent.
Just because you are engaged in the business of genealogical research, I suggest does not give you any greater authority to interfere in the privacy of individuals than a private inquiry agent.
You may well be interested in the fact that there is an exemption for the news media. Parliament in its wisdom considered that issues of press freedom were better not regulated by this legislation, at least until the Commissioner reviews it after three years of operation. That decision is not always well received by people in contact with the Commissioner 's office about breaches of privacy. There is some protection to them under the Broadcasting Act under which complaints about a breach of privacy can be made to the Broadcasting Standards Authority, which can also award compensation of up to $5,000.
Retrieving information about living individuals can be described as research or it can be described as spying, historical research or as profiling. Call it what you will. The label is not as important as the activity. The activity threatens the privacy of individuals and for this reason there is a need to refer to the information privacy principles which try to maintain some balance between the need for a free flow of information and respect for the autonomy of individuals.
It is appropriate before I become more specific that I should insert what we call in the office “the caveat”. This is the warning that what I am saying to you and any answers that I give in response to questions are not rulings which bind the Commissioner. The Commissioner has been careful to avoid attempting advance rulings short of a case investigation. Where there are investigations and the Commissioner considers that the opinion he has formed at the end of the day will be of use to people in similar situations, a case note is issued. Thirty five case notes have been issued so far. But subject to the caveat let's look at how the Act affects you.
If you are only interested in nurturing your family tree, could it be that your activity need not comply with the information privacy principles? Section 56 of the Act says that they don't apply where the agency is an individual and the information is being “collected or held by that individual solely or principally for the purposes of, or in connection with, that individual's personal, family, or household affairs”.
So if you are an individual person (not a company or a society) and the action at issue relates to something that you are doing solely or principally for the purpose of your own personal family or household affairs you are not bound by the information privacy principles.
You will remember from a definition I gave you earlier that personal information is information about a living person. So generally you do not have a problem over collecting information about people who have died.
In fact of course agencies may still be unwilling to supply you with information because they may believe they would be in breach of other ethical contractual, fiduciary or other duties under which the information was gained in the first place. For example, if you were seeking health information, you should be aware that the Health Information Privacy Code 1994 specifically forbids the disclosure of health information about an individual within 20 years of that person's death. This is an exception to the normal provision that personal information only relates to a living individual.
Some people have also been troubled by a provision in the Act which says that the definition of personal information includes the deaths register under the Births & Deaths Registration Act. I am not clear exactly why this is causing concern because if you were collecting information about a deceased person you can hardly approach them directly as required by principle 2 for the information. I understand the reason that the death register is included in the definition of personal information was to ensure that along with the births and marriages registers it would constitute a public register and be subject to the public register privacy principles. This incidentally means that as a public register it is “publicly available” information and therefore if the information is contained in that register it can be collected and information sourced from that register can be disclosed because of the exceptions in principles 2 and 11.
I should remind you in the discussion of the application of information privacy principles that they do not apply to those individuals who are doing their own genealogies for their personal family and/or household purposes. This is not to say that I advocate wholesale disregard of the information privacy principles. Adherence to them may be the only way to ensure that some subsequent publication does not make you liable for the breach of the information privacy principles. There could be a temptation to collect and hold the information ostensibly for fan-iily purposes but in fact to develop a new purpose that is unrelated to the family affairs and disclosure may well be made in circumstances which do not bring section 56 into play as a defence.
I next move to those of you who are doing genealogies for other people. It is only if you are resorting or combining information from more than one registers for the purpose of making it available for valuable consideration that you need be bothered by PRPP 2.
If as one of your services you are offering to collect deaths information and combine with births information and electoral roll information and provide lists for other people, then quite properly, your activities should be subject to the public register privacy principles. The worthiness of the purpose of your research is not really the issue. The issue is that you are dealing in other people's information and they do have some rights.
What then if you find it unacceptable to comply with the Act? The Commissioner was surprised to receive a letter from some interested genealogists proposing that they simply be exempted from the provisions of the Act. They proposed that the Privacy Act be changed to suit their situation. Doubtless there are lots of other lobby groups who would like simply to be exempt from this piece of legislation.
However, the Privacy Act is unique. It actually provides an exemption procedure under provisions for codes of practice. These codes of practice can be issued by the Commissioner and are as binding as the principles which they supersede. The process is careful and is widely consultative. So far only two codes have been issued. The Health Information Privacy Code which can be purchased from my office for $12.50, and GCS Information Privacy Code which relates to the Govermnent Computing Services which are to be privatised. The former is worth reading to get a feel for what a code can do.
Further codes are under way. One of the advantages of a code is to make it clear to individuals engaged in a particular activity exactly how that activity can be carried out to accord with the information privacy principles. If any of you feel that a code is needed the Commissioner would be pleased to hear from you with your analysis of why it would be required. If you believe that some wide exemption should simply be incorporated in a code of practice then you would need to make that case out and have it to stand up to scrutiny by other groups which you would be expected to consult before the Commissioner would consider your application.
Codes of practice are a flexible and reasonable way of applying the Act to particular activities in a sensible way.
If a perceived problem appears to result from differences in interpretation within the Society, the Society could introduce its own guidelines to help members. Such guidelines are best initiated by those who are engaged in the activity rather than by a Commissioner.
Let us now look at the information privacy principles. The first four relate to the collection of personal information.
Principle 1 - personal information shall not be collected unless it is for a lawful purpose and it is necessary to collect it for that purpose. Don't collect information that is not necessary for your purpose. If it is not relevant then you don't need to collect it no matter how titillating it might be.
Principle 2 - source of personal information. In general information should be collected directly from the individual concerned. You will already be working on the basis that if you want the most accurate information you should start by gathering it from the subject where that is practicable. On the other hand you will want the opportunity to gather information which may have been forgotten or may need to be verified from other sources. The individual concerned may authorise you to collect the information from someone else. There are other exceptions, such as, that compliance will prejudice the purpose of the collection. Another exception is that the information is “publicly available information” which means that it is in a public register as defined in the Act or some magazine, book, newspaper or other publication that is or will be generally available to members of the public. But your first port of call should generally be the individual concerned.
Principle 3 - collection of information from subject. I think this is vital to the proper carrying out of your duties when you are doing your genealogical work. If you propose to collect information from an individual you must tell that individual what the purposes of the collection are. If for instance, you were to say it was to research the history of the Haines family for Rodney and his family but you secretly intend to publish any interesting titbits in the Genealogical Gazette or the Famous Families Fortnightly then Rodney and the rest of the family ought to be told at the very start. Every person interviewed should clearly understand that this information, whatever it might be, could be thrust into the public domain. You have to give your name and address and that of any other agency which will hold that information, any intended recipients of the information. You will also need to advise people that they have the right to access and correct the personal information about them. There is more to principle 3 than I am describing here but it is part of the openness principle which permits information privacy laws around the world. This principle could catch out those who say they're doing it for their s.56 reasons but actually always intend to publish the “dirt” elsewhere.
Principle 4 - manner of collection of personal information. This principle says that you shall not collect information by unlawful means or means which, in the circumstance of the case, are unfair or intrude to an unreasonable extent upon the personal affairs of the individual concerned.
Principle 5 - storage and security of personal information. Whether you went out and got the information or it simply was supplied to you, you must use such security safeguards as are reasonable in the circumstances to prevent loss, or access use modification or disclosure of that information without your authority, or any other misuse.
And if you have to supply information to another person who is providing a service to you, perhaps an agency to conduct a search for you, then you must do everything reasonably within your power to prevent the unauthorised use or unauthorised disclosure of the information.
Principle 6 - access to personal information.
Principle 7 - correction of personal information.
Both these principles in effect give the individual concerned the opportunity to audit the information that you have. You are required under principle 3 to make people aware of that right when you collect information from them. They are entitled to ask if you have any information about them and then to ask to have access to it. There is provision for you to charge for that access. But they also have the right to ask for the information to be corrected or at least if a correction is not possible then to have their version to be placed with your version so it would always be read when anyone looks at your version. About half the complaints received by the Commissioner relate to access and correction.
Principle 8 - accuracy etc., personal information to be checked before use. Before you use information you need to consider what steps if any, are reasonable in the circumstances to ensure that having regard to the purpose for which the information is to be used it is up to date, it is accurate, up to date, complete, relevant and not misleading.
Principle 9 - agency not to keep personal information for longer than it can lawfully be used. It is important here to bear in mind that if you have a contract with someone to collect information about their family tree, and you have made a proper arrangement with them and had their consent on appropriate disclosures have been made of your intended use of the information, you are under obligation to keep the information no longer than you can lawfully use it.
Principle 10 - limits on use of personal information. There are a number of exceptions to this principle but it again this and the next principle reflect the “purpose specification”. If you hold information that was obtained in connection with one purpose you should not use that information for any other purpose. A notable exception is for the information used in the form in which the individual concerned is not identified or used for statistical research purposes and if it will not be published in a form that could reasonably be expected to identify the individual concerned.
Principle 11 - limits on disclosure of personal information. Likewise you should not disclose the information unless you believe the disclosure is one of the purposes in connection for which you got it or is directly related to those purposes. An exception may be that the source is a “publicly available publication” which, remember, includes a public register. So, subject to public register privacy principle 2 about re-sorting and combining the personal information when you are making it available for valuable consideration, you can disclose information which has been sourced from a public register. Remember that the source is important. The fact that the information may be in some public register or other publicly available publication is not the test here. It is where you got it from.
This run down on the information privacy principles is not complete. You need to know the exact words of these principles. We have fact sheets which set them out. There is now a reasonably priced book on the market.
It is common when particular groups tackle the Privacy Act for there to an initial panic that the Act is going to make their activity impossible! We usually fmd that after careful analysis this does not prove to be the situation. We also emphasis that if people get the correct authorisation if they go about the collection in the proper way, if they comply with information privacy principle 3 about their purposes when they are collecting for individuals, then it is less likely that they will have any problem later in disclosing that information.