Contents

Chapter 14
Requests for information

Dealing with personal information

14.10As we noted in the Issues Paper, the role of the Privacy Act needs to be clear in relation to requests for information. In the Issues Paper, we raised three options for guarding privacy interests in relation to MACMA requests:

(a) the information-holder agency ought to bear responsibility for considering privacy risks;

(b) the Central Authority ought to bear responsibility for considering privacy risks; or

(c) the public benefit in providing assistance in criminal matters outweighs privacy interests.449
14.11Ultimately, we have decided that the Central Authority should play the primary role in guarding privacy interests. As we wrote in the Issues Paper, the advantage of making privacy considerations primarily the responsibility of the Central Authority is that:450

… the Central Authority already has to consider a number of factors in deciding whether to accede to a MACMA request. It seems both inappropriate and inefficient to separate out consideration of the privacy of personal information.

14.12Under our scheme, the Privacy Act 1993 would still apply to information-holder agencies. However, our Bill explicitly provides that the “maintenance of the law” exception in Privacy Principle 11 applies to requests made by the Central Authority on behalf of a foreign country.451 Privacy Principle 11 provides:

An agency that holds personal information shall not disclose the information to a person or body or agency unless the agency believes, on reasonable grounds,—

(a) that non-compliance is necessary—

(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; …

14.13Although this leaves the information-holder agency with some discretion to refuse to disclose, practically we expect responsibility will fall on the Central Authority to consider whether personal information released to it under this exception should be disclosed to the foreign country.

14.14In view of this, we have included a new ground on which assistance may be refused in clause 23, if “providing the assistance would unreasonably interfere with the privacy of an individual”.452 We have also provided a requirement that the Central Authority must develop and maintain guidelines, in consultation with the Privacy Commissioner, in relation to exercising the privacy ground for refusal.453 We think this provides an efficient way to deal with privacy issues, while still providing the degree of protection of personal information New Zealanders would expect.

Recommendation

449See discussion in Issues Paper, above n 437, at [18.21]–18.31].
450Issues Paper, above n 437, at [18.25].
451Mutual Assistance Bill, cl 13(3)–(4).
452Mutual Assistance Bill, cl 19(2)(j).
453Mutual Assistance Bill, cl 16.