Taking privacy and security of information seriously
Our clients trust us to handle their information securely and responsibly. We have made a commitment to respect people’s privacy and to be clear about how we use their personal information, including who we share it with and why.
Ensuring our people understand the importance of keeping information safe
We have continued to build a staff culture where our people understand the value of client information and the importance of keeping it safe and secure. To support this we have aligned our information management teams under one group focused on building information maturity and delivering consistent guidance across MSD. The objective of the strategy is realising the value of the information we collect, use and manage to improve the social and economic wellbeing of New Zealanders.
We continue to support and enhance our security capability to meet the expectations of clients and the Government that we handle personal information securely. We have programmes in place to continue to improve our maturity in this area and to update our processes and controls in line with industry and government standards.
Making sure we use information responsibly
With information collection and use comes the responsibility to respect the rights of individuals whose information is collected, and to apply consistent moral and ethical standards. We have continued to develop and implement our Privacy, Human Rights and Ethics (PHRaE) framework [50], and to be more open and transparent with clients and the public about how we use information.
We have made a commitment to increasing transparency in how we use the personal information we hold about our clients. We published a new Privacy Notice that describes how we use personal information to deliver services. The notice was developed with clients and outlines what information we collect and why, who or where we collect it from, who we share it with and why, and what we do with it. We also published more accessible explanations for where we use algorithms to inform our client services.
Reviewing privacy protections in serious fraud investigations
In May 2019 the Privacy Commissioner published the results of an inquiry into our use of powers under Schedule 6 of the Social Security Act 2018 [51] in relation to serious fraud investigations. The Commissioner’s inquiry found we were taking a blanket approach to approaching third parties for information before requesting it from clients. We accepted the Commissioner’s recommendations and immediately changed our fraud practices to meet some of these. A programme of work is currently under way to continue delivering on the recommendations and to ensure we are respecting the rights of clients under investigation.
Footnotes
[50] The PHRaE framework enables projects to meet our legal and ethical responsibilities by ensuring the privacy, human rights and ethical risks associated with personal information use are appropriately identified and managed early within the development of new initiatives. It comprises an interactive tool and a team of specialists who work alongside development teams.
[51] Schedule 6 replaced section 11 of the Social Security Act 1964 when the earlier Act was repealed.
