Use, disclosure, and related principles (data quality etc)
description
Transcript of Use, disclosure, and related principles (data quality etc)
Use, disclosure, and related principles (data quality etc)
Privacy & Surveillance
Graham Greenleaf & Nigel Waters
Last updated October 2008
Use, Disclosure and Quality 2
Sources
ALRC Report 108, Chapter 25 Greenleaf, Waters & Bygrave (Dec 2007) Strengthening
uniform privacy principles: an analysis of the ALRC's proposed Principles Submission to the ALRC Review of Australian Privacy Laws Discussion Paper 72, particularly ‘8. Use and Disclosure (UPP 5)’ , ‘9. Direct Marketing (UPP 6)’ & ‘10. Data Quality (UPP 7)’
Also Greenleaf, Waters & Bygrave (Jan 2007) Implementing privacy principles: After 20 years, its time to enforce the Privacy Act, Submission to the ALRC Review of Privacy Laws Issues Paper (2006)
NSWLRC Consultation Paper 3, 2008, pp 117-124
Use, Disclosure and Quality 3
Overview Finality - Use & disclosure limitation principles
Importance of ‘finality’ Meanings of use and disclosure Effect of purpose on subsequent recipients
General exceptions to finality principles Related purpose; consent; authorised by law
Other exceptions (numerous)
Use, Disclosure and Quality 4
Overview (2)
Related matters Public registers - Application of IPPs Data export limitation principles Data matching controls
Related principles Data integrity/quality principles 'Objection to processing' principles
Use, Disclosure and Quality 5
‘Finality’ - Use & disclosure limitation principles ‘Finality’ - the EU term for limiting subsequent use and
disclosure to the original purpose of collection The single most important concept in information privacy Applies irrespective of how data collected, or who from
Generally - Data can only be used / disclosed in 5 ways: (I) For the purpose for which it was collected (ii) For a related purpose (iii) With consent of the data subject (iv) As authorised by law (v) Other subject-specific exceptions
Some common public interest exceptions (eg safety of others; law enforcement)
Many very specific exemptions (often jurisdiction-specific)
Use, Disclosure and Quality 6
Meanings of ‘use’ and ‘disclose’ IPPs limit both disclosure and use - but wordings differ
Cth PA: IPPs and NPPs refer separately to ‘use’ and disclose;; definition of ‘use’ says it does not include ‘mere disclosure’, but does include inclusion in a publication
HK DPP 3 refers only to ‘use’ but s2 definition of ‘use’ says use ‘includes disclosure or transfer of the data’
Disclosure Can be verbal or by allowing inspection - All Australian and HK IPPs refer to
disclosure of ‘personal information’data, not disclosure of records Can ambiguity be ‘disclosure’? - see BG v DOCS ([2008] NSWADT71) -
Case Summary [2008] AUPrivCS 2: Tribunal held that a letter disclosing that a criminal record check might be a reason for rejection of carer status did not disclose the fact that BG had a criminal record (was so).
HK defn ‘disclosing’ specifically ‘includes disclosing information inferred from the data’ (s2) - implied elsewhere
Use, Disclosure and Quality 7
Meanings of ‘use’ and ‘disclose’ (2) Is there ‘disclosure’ if the information is already known?
see debate between Greenleaf and Gunning Example: if answer is ‘no’, any organisations could confirm the truth of
any information put to it by another organisation without disclosure (and ‘no comment’ is not a disclosure either).
Reasons for ‘yes’ answer Different sources have different authority (But careful - NSW ADT case
regarded news report as ‘publicly available publication’) Unfair to require P to prove what another party did not know Courts may reduces damages if discloser shows information already
known by recipient (less harm to P) HK use of ‘transfer’ as well as ‘disclose’ - may confirm that it does
include information already known
Use, Disclosure and Quality 8
Meanings of ‘use’ and ‘disclose’ (3) Use - Can mere inspection be ‘use’ by data user?
‘No’ answer for previous UK Act - R v Brown [1996] 1 AC 543; police officer viewed record in police database of interest to debt collector with whom he associated; HL held ‘using’ required that the information be subsequently deployed
Reasons for a ‘yes’ answer (better view) Abuse by ‘insiders’ is a major cause of privacy invasions; and it
is very difficult to prove subsequent use (as in Brown) Will encourage employers to adopt ‘need to know’ restrictions
on access - so breaches will also breach internal policies HK and Aust long titles of Acts indicates purpose of privacy
protection (contra UK Act at that time) - supports inspection being covered - see discussion in RG
Use, Disclosure and Quality 9
Meanings of ‘use’ and ‘disclose’ (4) Onus of proof problems
Obligation on complainant to prove use or disclosure; civil standard of balance of probabilities
QE v Macquarie University [2008] NSWADT 144 - Example of Tribunal unwilling to conclude that disclosure by Macq employee occurred despite strong circumstantial evidence; but also unwilling to find Macq in breach of security principle for lack of logging of mere accesses to files which did not involve amendments
Unauthorised access can be ‘computer crime’ Also relevant: ‘computer crime’ offences can cover mere
unauthorised access - in some jurisdictions, can cover access by authorised personnel for unauthorised purposes
Use, Disclosure and Quality 10
Finality - Effect on subsequent (3rd
party) recipients ‘Finality’ usually refers to subsequent uses/ disclosures by the
collector Issues: (I) Are 3rd P recipients tied to the same purpose as the
proper purposes of the discloser (the original collector)? (ii) Does this depend on whether the 3rd P is aware of the original purpose of collection?
It is rare for IPPs to explicitly address this Cth public sector IPP 11(3) - Recipient from agency can only use
the information for purpose for which it is disclosed to them Re NPPs, Note to s13B(1) (re related corporations) implies ‘yes’
answer
Use, Disclosure and Quality 11
Finality - Effect on subsequent (3rd party) recipients (2)
Other sets of IPPs (eg HK) do not address this Best answer is that collection must be by ‘fair’ means - fairness is
an objective test in relation to data subject This covers both legitimate disclosures (wider purposes of
collection unfair), and illegitimate disclosures (any collection unfair); Where 3rd P is unaware of original reasons for collection, a strong
approach still protects the data subject; weak approach allows recipients new purposes (may be approach of HK PCO)
Necessary answer to support the policy of the legislation Once unlawfulness of discloser is known, collector’s use may also
be a breach of confidence - additional ground for objection to either unlawful collection or unfair collection
Use, Disclosure and Quality 12
Finality - Effect on subsequent (3rd party) recipients (2)
Examples Use of personal data obtained from a public register -
[2003] HKPrivCmr 8 - purpose of bulk disclosure of public register data by agency precluded commercial use of data; attempt by purchaser to use with search engine breached DPP 3.
What implications for Tenants’ Union v TICA No 4 ?
Use, Disclosure and Quality 13
Allowed uses: Principal purpose of collection
IPPs require a purpose of collection NPP 1.3 refers to ‘purposes’: PC’s Guidelines still say there is
only one primary purpose Notice of purpose under IPPs is evidence of purpose
Notice broader than function/ activity - invalid notice, use still limited by (objective) function/activity
Notice narrower than all functions allow - users can limit by notice those of their purposes for which they collect - cannot use for any wider (though legitimate) function/ activity
Is Tenants Uniion v TICA #4 (2004) consistent with this? Data subjects may expressly limit the purpose of collection
Purpose need not be as wide as all allowable purposes HK [2003] HKPrivCmr 8 : ‘Use of personal data obtained from
public registry’ (Materials #5)
Use, Disclosure and Quality 14
Lack of notice - effect on purposes If no notice is given, purpose is inferred
Purposes may be implied by relationship between parties Reasonable expectations of data subject are relevant when
data is collected from data subject (B&W 127) Where collected from 3rd parties, their reasonable
expectations are relevant Where data is collected by observation/from documents, no
expectations, so function/activity becomes crucial (B&W 127)
Common complaint: Disclosure was within purpose of collection, but notice was not given as required
HK PCO Eg Disclosure of skating competitors OK as a purpose of collection, but no DPP 1(3) notice given - breach of DPP1 (collection) , not DPP3 (disclosure)
Use, Disclosure and Quality 15
Allowed uses (I): Secondary purpose exceptions Uses allowed for secondary purposes related to primary
purpose - but tests differ (in wording): HK DPP 3, Cth and NSW public sector IPPs - must be ‘directly
related’ NPP 2 for private sector and Vic/NT public sectors
(I) must only be ‘related’ (or ‘directly related’ if it is sensitive information - difference must be meaningful); AND
(II) ‘the individual would reasonably expect’ the secondary use ‘Reasonable expectations’ test
NPP test is of the expectations of the individual concerned Cth PC suggests test is expectations of a reasonable person with
no particular knowledge of the industry concerned Reasonable expectations of data subjects/3rd parties may also
affect the meaning of ‘directly related’ (B&W support)
Use, Disclosure and Quality 16
Secondary purposes: ‘Reasonable expectations’ (2)
[2003] HKPrivCmr 5 : ‘Posting of complaint letter on notice board’ - ‘it was unlikely that he would have given consent’
HKPCO complaint 4/05: ISP used complainant’s credit card details from a terminated account to recoup charges on a different account - breach of DPP 3, ‘not within a consumer’s reasonable expectations’
HK AAB appeal 66/2003: C complained to property mgt co. R about neighbour; R disclosed her details to neighbour (who later used them in a civil action against her). PCO held disclosure was for a directly related purpose, to help resolve a dispute; also was for s58(1) purpose of remedying ‘seriously improper conduct’ (both upheld by AAB)
Use, Disclosure and Quality 17
Secondary purposes: ‘Reasonable expectations’ (3)
HK AAB appeal 13/2004: disclosure of account information to
debt collector is for a directly related purpose HK PCO appeal 26/2004: employer disclosed to Dr that medical
examination was for purpose of confirming employee’s fitness to
attend disciplinary hearing; PCO held (and AAB upheld) that this was for a directly related purpose; and could also be justified under s58
Excessive disclosures must still be avoided: Prosecution witness' personal data [2004]
HKPrivCmr 5 - disclosure of whole statement to defendant was unjustified
Use, Disclosure and Quality 18
Secondary purposes: ‘Reasonable expectations’ (3) Tenants’ Union v TICA No 4 [2004] PrivCmrACD 4
TICA collected from its members, not from tenants TU complained TICA breached NPP 2.1(a) in disclosing
info to members from Enquiries database because tenants would not ‘reasonably expect’ information about unsuccessful applications to be disclosed to real estate agents.
Dismissed by PC - ‘reasonable expectations’ is only relevant to secondary purposes, and use for default listings was TICA’s primary purpose of collection from its members.
PC had already found that tenancy application information was ‘necessary’ for TICA’s provision of a ‘risk management service’ - PC used an objective assessment of TICA’s primary purposes
Use, Disclosure and Quality 19
Secondary purposes: ‘Reasonable expectations’ (4) Tenants’ Union v TICA No 4 - Questions:
(1) How do you determine what is a primary purpose? don’t you look at what TICA made consumers reasonably
aware of under NPP1.5? PC found that TICA breached NPP 1.5 - didn’t they imply
they only collected defaults? shouldn’t they be bound by that as their purpose? - it
would be nonsense to say you can have a primary purpose different from what you say it is, but secondary uses must be within ‘reasonable expectations’
(2) Can TICA use the information if its members are in breach of NPP 2 in supplying it?
PC questions [95] whether TICA members’ disclosures to TICA are for a secondary purpose and satisfy NPP 2
But he fails to consider the implications of this …
Use, Disclosure and Quality 20
Secondary purposes: Mistaken disclosures can still be for correct purposes
[2003] HKPrivCmrAAB 1 - Bank mistakenly disclosed complainant’s access request to his employer - mistake of fact that employer held the information sought - PC held, and AAB upheld, that this was for the original purpose of collection or at least directly related to it
Seem that disclosure for an intended correct purpose is OK if it is based on a mistake of fact (not a mistake as to allowed purpose)
S41 directions expand NSW ‘directly related’ test S17 limit on secondary use is expanded by Privacy Comm’s s41
Direction allowing uses where an agency is ‘reasonably satisfied’ that use is in pursuance of an agency’s lawful functions.
Eg AK v Gosford City Council ([2007] NSWADT 289) - Case Summary [2007] AUPrivCS 16: Council sent advertising material for a chance to win prizes if rates were paid on time. Although not ‘directly related’ to Council functions according to Local Govt. Act, remitted back to Council for internal review on this exemption!
Use, Disclosure and Quality 21
Allowed uses (II) Consent A lot of variation in requirements for disclosure:
HK DPP3 requires ‘prescribed consent’ (s2(3) defn) Australia usually ‘express consent or implied consent’ (Cth PA s6,
also Vic) (see GG & LB 2005, 1.8) - Contra NSW requires ‘express consent’ for disclosures (s26(2)), but
only consent for new uses (s17(a)). C.f. NZ requires ‘authorisation’
NZ Courts (L v J, L v L) have held this includes implied authorisations (see Roth article)
Consent must also be informed (meaning of ‘consent’) Data subject’s consent to change of use is needed even if data
was not collected from the data subject (B&W support). See ‘effect on subsequent recipients’
Use, Disclosure and Quality 22
Consent exception (2) Re NSW s26(2) ‘express consent’ for disclosures
Macquarie v FM [2003] NSWADTAP 43 See also Greenleaf casenotes on original decision and appeal NSW s18 requires express consent (s26(2)) UNSW had express consent to obtain FM’s academic transcript
from other Unis Held: This ≠ express consent to Macquarie to disclose it to
UNSW; ‘must be the subject of administrative action by the agency disclosing …’
So not even enough if the UNSW form had expressly mentioned Macquarie - very strict
Use, Disclosure and Quality 23
Consent (3) HK DPP3 requires ‘prescribed consent’ (s2(3) defn)
Inclusion of ‘voluntariness’ implies strictness beyond normal meaning of consent (PCO suggests)
Might imply there cannot be any adverse consequences for failure to consent, if consent is to be ‘prescribed consent’
Does not necessarily require writing Does not allow ‘opt out’ - In HK PCO complaint estate agent
attempted to require clients to opt out from being members of a club - ineffective
S2(3)(b) allows prescribed consent to be revoked, but only in writing
Use, Disclosure and Quality 24
Consent exception (4) - Can consent be implied from failure to opt out? HK - ‘No’ - see ‘prescribed consent’ in DPP 3 Australia - sometimes ‘yes’
Supported by Explanatory Memo to 2001 amendments re NPP2.1(b)
Aust PC’s NPP (draft?) Guidelines - ‘Yes’, but considers it depends on specific circumstances - Sets out 8 factors supporting finding of consent: (I) clearly stated / understandable ; (ii) likely to be read; (iii) likely to understand implications; (iv) free and not bundled; (v) no cost / little effort; (vi) consequences harmless; (vii) subsequent restoration possible; (viii) multiple means of opt-out
Example (PC): Rarely applicable to opt-outs from marketing info because (I) not likely read; (ii) belief of adverse effects of replying
Canadian PC has recognised opt-out can be consent: see case #207
Use, Disclosure and Quality 25
Consent (5)
When can consent be otherwise implied? Family members: can’t just be assumed HK ‘express consent given voluntarily’ (s2(3)) -
How different from implied consent allowed in Australia?
A broad interpretation of ‘directly related’ can have the same effect
PCO eg in RG - purpose of collection of client data by a social worker implicitly includes compliance with any legal obligation to the Courts - disclosure allowed
Use, Disclosure and Quality 26
Consent (cont) ‘Bundled’ consent
Unresolved, but reference to notice of ‘purposes’ in NPP 1.3(c) gives some support
Argument against is that it bundled consents may not be consents given freely (except for principal purpose) because refusal to consent will disadvantage
ALRC 108 (2008) proposes only that PCO issues guidance See Greenleaf, Waters & Bygrave ‘3.2. Meaning of Consent’ in
submission to ALRC, 2007, particularly Submission DP72-10 that separate consent should be required for each proposed purpose of use
Use, Disclosure and Quality 27
Prior awareness exception Prior awareness exception
Cth IPP 11(a) ‘individual …is reasonably likely to have been aware, or made aware under IPP2’ of disclosure practices
NSW s18(1)(b) – similar - nothing similar in NPPs or HK Example - Macquarie v FM [2003] NSWADTAP 43
No need to be directly related, with consent, or authorised by law; but argue that it must still be within purposes of agency
Does this allow post-collection notice/awareness of changes to disclosure practices? - inimical to finality
No evidence whether so abused since introduced in 1988 ALRC Report 108 (2008) – ALRC proposed UPP 5 does not
include any such exception
Use, Disclosure and Quality 28
Allowed uses (III): ‘Authorised by law’ Cth Privacy Act (IPPs and NPPs) - uses/disclosures ‘authorised
by or under law’ PA did not retrospective invalidate any legislation permitting or
requiring disclosures Includes common law duties/rights to disclose see GG&LB 2.1.3 - EU A29 Committee incorrect - still requires a
positive authorisation or requirement to disclose NSW more restrictive (s25):
non-compliance may be ‘lawfully authorised or permitted’ or ‘necessarily implied or reasonably contemplated’ ‘under an Act or any other law’
HK does not have a general exception ‘where authorised under law’ - see specific exceptions (later)
Use, Disclosure and Quality 29
‘Authorised by law’ exception (2) ACT Dept JACS [2004] PrivCmrACD 5
C, JACS employee, was whistleblower to ACT Omb.; JACS staff disclosed personal info about C’s internal grievances to Omb.
JACS claimed it did so to show Omb that complaint may be ‘frivolous or vexatious’
PC held no defence (I) that C would be ‘reas aware’ of such disclosures; or (ii) that it was ‘authorised by law’ - some disclosure was authorised, but only if it was relevant to the Omb. Investigation - this was not.
However, $0 compensation; apology ordered - who would be a whistleblower?
Use, Disclosure and Quality 30
'Authorised by law' exception (3)
ALRC Report 108, Chapter 16 Considered case for limiting exception to 'specifically
authorised’, but decided against (Greenleaf, Waters & Bygrave submission recommended this)
Same wording 'required or authorised by or under law' recommended for several principles
Recommends defining 'law', including to cover common law duties of confidentiality, and exceptions to them (R16-1)
May make no difference to existing law here Recommends OPC guidance (R16-2)
Use, Disclosure and Quality 31
Reminder: Limited role of exceptions
The limited role of exceptions They are usually not a requirement to disclose/use They are usually not authority to disclose/use if some other
law forbids this (eg BOC) They merely mean there is no breach of an IPP
This also applies to ‘authorised by law’ exceptions - ‘Authorised’ ≠ ‘required’ (trite but important) - not required to disclose just because an IPP exception exists - still their discretion to exercise
HK Pt VIII (Exemptions) s52 specifies that an exemption ‘neither confers any right nor imposes any requirement’
Use, Disclosure and Quality 32
Other exceptions Will only consider some important ones:
Direct marketing exceptions Protection of safety of self and others Law enforcement purposes Disclosure between related corporations (NPPs) See also 'Exemptions' slides
Sources Cth PC Info Sheet 11 - Exemptions from NPPs GG&LB 2005
Use, Disclosure and Quality 33
Direct marketing exception Many jurisdictions (including EU) have a Direct
Marketing (DM) exception allowing opt-out Hong Kong direct marketing ‘opt out’ exception (s34)
Notice of right to opt out must be given first time personal data is used for direct marketing.
Data user must comply with subject’s wish to opt out Need notice be given every time new data is held, or only if
it is actively used for direct marketing? See 4 examples in RG S34 applies even if the direct marketing is with consent
(PCO egs); this differs from Australia Promotion of government programs, and investment
newsletters, are both direct marketing (HK PCO egs)
Use, Disclosure and Quality 34
Direct marketing exception (2) HKPCO complaint AR 7/05: publisher
outsourced direct mailings to a lettershop, who failed to recognise different versions of name of complainant who had previously opted out; held publisher was in breach of s34, required to find a better lettershop, and to for its staff to do quality checks on de-duplication processes used
Use, Disclosure and Quality 35
Direct marketing exception (3) Australian NPP 2.1(c)
Only applies to use, not disclosure, for DM Better view - 2.1(c) is an alternative to (a) or (b)
Marketing use need not be within reasonable expectations Wishful thinking view - all direct marketing must comply with
2.1(c) (Many submissions to PC’s review support a change) NPP 2.1(c) can only be relied on to allow DM if
Impractical to obtain consent [under (b)] before this use PC (NPP GLs) says it is ‘normally not impractical’ with online
communications Individual has not previously opted out from marketing from this
organisation [will it cover central opt -out lists?] Each marketing communication must give an option to opt-out
from further communications (No equiv to HK annual notice)
Use, Disclosure and Quality 36
Direct marketing exception (4)
ALRC Report 108 recommends stronger right to opt-out of Direct Marketing (DM) – UPP 6, but:
Organisations only – not extended to agencies Right to opt out etc would apply to all uses of PI for DM Direct marketing left undefined To existing customers, (i) DM must be within existing
expectations and (ii) offer a ‘simple and functional’ means of opting out.
To non-customers, DM allowed provided (I) consent obtained unless not practicable; (ii) explicit notice that opt-out possible; and (ii) disclosure of source of PI provided on request.
Use, Disclosure and Quality 37
Direct marketing exception (cont) Alternatives to NPP 2.1(c) for direct marketers:
Rely on DM as express purpose of collection (implied consent) Rely on 2.1(a) ‘related purpose’ / reasonable expectations Obtain express consent to marketing, come within 2.1(b)
PC (NPP GLs) says express consent will be needed In all 3 cases, no need to give 2.1(c) opt-out notice BUT Where individuals do opt-out anyway, this would negate both
consent and reasonable expectations Current development
Government considering ‘Do Not Call’ register US one has US$15K fines if they do after opt-out (bounty better) How would this handle the 200M calls p/a outsourced O/S? Note also the requirements of the Spam Act 2003
Use, Disclosure and Quality 38
2 Protection of safety/health All Australian Acts have variants of 'necessary to
prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person’
HK s59 exempts ‘personal data relating to the physical or mental health of the data subject’ where access (DPP 6) or restricting use (DPP 3) ‘would be likely to cause serious harm to the physical or mental health’ of the data subject or another person
FM v Macquarie University [2003] NSWADT 78 Macq staff were concerned that FM might injure someone at
UNSW No exemption because not ‘serious’ or ‘imminent’
Use, Disclosure and Quality 39
3 Law enforcement exceptions Cth PA exempt purposes of disclosure
IPPs 10.1(e)/11.1(e) ‘reasonably necessary for the enforcement of the criminal law’ etc
NPPs 2.1(f)&(h) NSW Act has much broader set of exemptions, often blanket for
agencies All law enforcement exemptions (except NSW) require a ‘note’
to be kept of all disclosures The only example of logging of disclosures required by IPPs (NPP
2.2; Cth IPP 10.2) Is logging essential for adequate security? - see FH v NSW
Corrective Services ([2003] NSWADT 72) - Summary [2003] NSWPrivCmr 1
If there is no logging, rights of access (and notification of corrections are significantly crippled
Use, Disclosure and Quality 40
Exceptions - law enforcement etc HK PDPO s58(2) - use/disclosure for 'prevention or
detection of crime', 'serious improper conduct' etc does not breach DPP 3
See earlier examples from 2004/05 AR D must show that adherence to DPP 3 would
prejudice one of these interests, and he had reasonable grounds for believing this
Lily Tse Case [1998] HKCFI 811 - Personal injuries action concerning Albert House collapse
1994 - Held DPP 3 did not apply so as impede third party discovery (of witness statements held by Police) in a civil action
A tort was 'serious improper conduct’ for s58(2). This has broad implications for PC(P)O.
Use, Disclosure and Quality 41
4 Related corporations exception No HK direct equivalent Aust Cth s13B allows information to be disclosed by
corporation A to related corporation B primary purpose of collection of corporation A will normally
determine what secondary use corporation B can make (restricted by 'reasonable expectations' test) [see note to s13B(1)]
BUT not in relation to the direct marketing exception in NPP 2.1(c) (test does not apply)
B can send direct marketing to A's customers (with opt-out) irrespective of A’s purpose of collection
Use, Disclosure and Quality 42
Other rules and Principles related to use and disclosure Related principles (covered in following
slides) Data integrity/quality principles - see following 'Objection to processing' principles Proposed ‘automated decision-making’ principle
Separate slides / Reading Guides Data export limitation /cross-border principles Public registers - Application of IPPs
Limited separate NSW principles Data matching controls
Use, Disclosure and Quality 43
Data integrity/quality principles Quality principles - these variously require:
HK DPP 2(1) - ‘all practicable steps’ to ensure data are ‘accurate’ having regard to principal and directly related uses
Cth IPP 8 - reasonable steps to ensure ‘accurate, up-to-date and complete’ (AUC) before use (not disclosure, not at collection)
NPP 3 - reas steps to ensure AUC when collects, uses or discloses
Cth IPP 9 - may only use for relevant purposes NSW s11 (IPP 4) reas steps to ensure AUC when collecting
‘from an individual’ NSW s16 (IPP 9) reas steps before use to ensure relevant
and AUC
Use, Disclosure and Quality 44
Data integrity/quality principles: Hong Kong
DPP 2(a) requires that 'All practicable steps … to ensure … personal data are accurate having regard to the purpose‘ (of use).
'use' includes disclosure, so DPP2 obliges data users to ensure data accurate for the purpose for which it is being disclosed to a 3rd party
DPP2(c) also imposes obligation to inform 3rd party of inaccuracy and provide corrected data
"Inaccurate" …. means … incorrect, misleading, incomplete or obsolete' (s2) - same as elsewhere
HKPCO avoids adjudicating on correction of data - see discussion under Access & Correction
Use, Disclosure and Quality 45
Data integrity/quality principles: Hong Kong DPP2(b) requires that inaccurate data
(i) not be used or (ii) be erased. Discussed in next topic
s66 compensation claims possible subject to defences - DPP 2 is one of most likely sources
Use, Disclosure and Quality 46
Data integrity/quality principles Significance of quality principles:
Correction of errors may not be enough - prior failure to take reas steps may be breach
Legitimate uses/disclosures may still lack quality control
Legitimate collection may still lack quality control Examples
L v Commonwealth Agency [2003] PrivCmrA 10 - failure to take any steps to check a mailing address was a breach
Use, Disclosure and Quality 47
Data integrity/quality principles Tenants’ Union v TICA #2 [2004] PrivCmrACD 2 - PC found
breach of NPP 3 in relation to the ‘enquiries’ (ie not defaults) database
vital nature of housing impacts on what is reasonable TICA’s random checking to ensure accuracy
PCO carried out its own (since TICA did not keep records) and found many inaccuracies
Important elements in a system of quality control include (I) system of random checking; (ii) advising those who have received inaccurate records - TICA failed
TICA’s collection practices - for tenancy databases (given prejudicial effect) 3 pieces of identifying information is minimum necessary - TICA failed tho always had two.
Failure to advise tenants of listing impacts quality obligations Deleting notes that listings are disputed after 30 days 6 forms of breach identified in Determination
Use, Disclosure and Quality 48
Data integrity/quality principles Tenants’ Union v TICA #3 [2004] PrivCmrACD 3 - PC found
breaches of NPP 3 in relation to its defaults database because it was retained for an excessive time and therefore ‘out of date’.
Criteria applied (para 53) set out steps required for reasonableness if potentially prejudicial information is to be held for a long period (over 3 years in this case)
ALRC proposals Greenleaf, Waters & Bygrave (Dec 2007) ‘10. Data Quality
(UPP 7)’
Use, Disclosure and Quality 49
'Objection to processing' principles EU privacy Directive contains examples:
Art 14(a) right to object to data processing generally, Art 14(b) right to object to direct marketing Art 15(1) right to object to decisions based on fully
automated assessments of one's personal character Only Aust and HK examples is the right to opt-out of direct
marketing (Aust - NPP2.1(c))
ALRC Report 108 strengthens right to opt out of direct marketing – UPP 6
– see slide above
‘Automated decision-making’ proposed Principle ALRC 108 (2008) Rejects case for an
automated decision making rule In Greenleaf, Waters & Bygrave 2007 ‘15.6.
Automated decision-making principles’ we agree with the ALRC that a separate principle is unnecessary, but submit that it should be made an express requirement as part of UPP 7, with an appropriate ‘reasonable steps’ limitation.