Category: Central North Island

Source:

A recent Human Rights Review Tribunal case has attracted some attention as a result of its colourful facts – bad feelings between previously friendly neighbours, allegations about vandalism, and a compensation bill of $7000. Read the NZ Herald article about this case.

It isn’t just a human interest story, though. This is the first Tribunal decision to consider CCTV, and the effect of privacy enhancing technologies, and it has set some clear legal boundaries.

Armfield v Naughton [2014] NZHRRT 48 contains some straight-shooting advice from the Tribunal about how businesses need to set up and manage CCTV systems.

Briefly, a bed and breakfast owner had been having problems with property damage and set up eight CCTV cameras around his house. Three cameras overlooked his neighbour’s property. One camera was angled over the front garden with a children’s swing, the second pointed towards the neighbour’s side door, and the third covered an area of the backyard.

The relationship between the two men had become confrontational and the installation of the CCTV made it worse. The neighbour objected to what he saw as a significant intrusion into his family’s personal space. The bed and breakfast owner refused to talk to the neighbour about the camera system, and failed to respond to lawyers’ letters asking him to change the camera angles.

The Tribunal found the first camera breached the Act. The second and third were saved by the use of masking technology. There was also a breach of principle 3 (failure to notify) and principle 6 (failure to respond to a request for information). The Tribunal awarded $7000 after noting the neighbour’s request that the award should be moderate – but commented it would usually have been $15,000 or more.

Collecting or not collecting, that is the question

First, the Tribunal decided the Privacy Act applies to CCTV. It’s certainly the line that we have always taken – read our CCTV guidance. But at least one expert commentator has queried whether information gathered by CCTV is “collected” in terms of the Privacy Act because the camera system automatically captures everything within its range and does not solicit information from each individual.

The reason for the confusion is that the Privacy Act slightly unhelpfully defines “collect” in the negative – it “does not include the receipt of unsolicited information”. But the Tribunal has confirmed this doesn’t mean an agency has to ask for, or actively “solicit” information. Instead, “collection” is the “gathering together, the seeking of or acquisition of personal information.” [44.3]

So CCTV is clearly covered. The whole purpose of setting up a CCTV system is to gather together information within the range of the cameras. The Tribunal has firmly laid the ambiguity in the Act to rest.

Failed attempts to collect may now be covered

The Tribunal goes on to say that collection refers to the “framework or process for collection which must be in place before information is received”. [47] In other words, the agency has obligations before the cameras are switched on: in particular, the obligation to have a legitimate reason for setting up the camera system, which is necessary for some business purpose; the obligation to tell people the cameras are there and why; and the obligation to be fair and not unreasonably intrusive with how information is collected. Collection encompasses the actions that precede actually getting the information in one’s hand.

The logical upshot of this is that failed attempts to collect personal information might also breach the Act. This is a new angle for the Tribunal, though it had indicated there should be liability for attempts in an earlier case. The Law Commission has recommended that attempted collections should be covered, and the government has supported that recommendation. The stars are therefore lining up. Agencies need to be careful to set up their systems correctly from the start and not trust to luck.

Adopting PETs

The Tribunal acknowledged that CCTV can be a legitimate and valuable way to protect people and property. But it also has the capacity to cause significant intrusions into personal life. Complying with the privacy principles provides the right balance between the two. As part of this analysis, the Tribunal has usefully said that “leveraging technology to enhance privacy is a valuable approach and is to be encouraged.” [53] This is the role of “privacy enhancing technologies”, affectionately known to the profession as “PETs”.

The camera system here had a facility for cropping the field of vision, which was used on two of the cameras. Despite the apparent camera angle, the neighbour’s backyard and side door were not in fact visible to anyone watching the footage live and nothing in those areas was recorded to disc. Use of the masking technology saved those cameras from being in breach of the Act.  

What we’ve got here is failure to communicate…

The problem for the neighbour, of course, was that it was not obvious whether the cameras were recording and, if so, what they were recording. All he could see was that they were pointed at his house. The Tribunal said this highlighted the importance of communication. Agencies need to give clear statements about what the cameras are there to do (and other matters listed in principle 3). This is a continuing obligation. If the field of vision, or other aspects of the system are changed, they need to notify affected people again. They also have to respond to reasonable requests by affected people to see the system and know what information it was recording, so that those people can be confident the system is working lawfully.

Human Rights Review Tribunal, CCTV

Back

Source:

As a general rule in New Zealand, if you go to Court and you lose, you’re going to have to foot the bill – and not just your own legal bill but a chunk of the other party’s costs too. 

But this week, the Human Rights Review Tribunal released a decision saying Shannon Richard Andrews, the unsuccessful plaintiff, should not have to pay the costs of the New Zealand Police.

The reason behind this decision is that people should not be deterred from bringing a case in the human rights jurisdiction just in case it costs them later.

Mr Andrews claimed the Police had improperly disclosed personal information about him, contrary to principle 11 of the Privacy Act 1993.

In March 2014, the Tribunal dismissed Mr Andrews’ complaint. Subsequently, the Police sought a contribution to the costs they had incurred in the course of defending this complaint. The Police said the case had cost them approximately $21,000 and were seeking an order that Mr Andrews pay them an amount between $7,500 and $10,000. 

Mr Andrews is currently serving a custodial sentence and does not presently have the means (nor is he likely to on his release) to pay such costs – but the Police said this should not be a consideration.

The Police said there were no features in Mr Andrews’ case that should disrupt the “presumption” of a costs award.

The Tribunal disagreed, saying the fair and reasonable outcome would be for each party bear their own costs. “The State must expect and tolerate individuals to challenge the exercise of state power. Such challenge should not be inhibited by the fear of potentially ruinous financial consequences,” it said in its decision.

Another feature of the case was that it involved an issue that the Tribunal hadn’t considered before – it was a test case. This too suggested Mr Andrews shouldn’t have to pay costs.

Basically if you think your rights have been breached, including your rights to privacy, it shouldn’t cost you an arm and a leg to have the Tribunal take a look at it. 

This is probably a bitter pill to swallow for the agencies that are being taken to the Tribunal.  But might it be better than telling individuals (who may only just have the means to fund their own case) they have to pay for the other side too – if the decision doesn’t go in their favour?

But while Mr Andrews seems to indicate costs awards of thousands of dollars will no longer be the norm, there are circumstances in which it will still make sense to order costs, as illustrated by Rafiq v Commissioner of Police. 

Razdan Rafiq complained about the Police refusing to disclose information in response to a principle 6 access request. The Tribunal dismissed his complaint. Following this decision, the Police sought costs and in the end were awarded $13,632.32.

The difference in this case and the reason for the Tribunal making a high cost order against Mr Rafiq was because the Court said this was not a “finely balanced” case. In other words, it did not have the potential to go one way or the other. In fact, the Tribunal said the decision the Police made to withhold information from Mr Rafiq was justified “by a wide margin”.

The Tribunal also said Mr Rafiq conducted the proceedings “without regard to his obligation to participate in them meaningfully and in good faith”. He refused to participate in telephone conferences, declined to file meaningful evidence or submissions and subsequently declined to attend the hearing itself, even though he was warned about the costs implications by the Police and the Tribunal.

Because of the way Mr Rafiq conducted himself and his case, this created significant extra work for the Police in defending the complaint. Following Mr Rafiq’s rejection of a reasonable and responsible settlement offer and what the Tribunal said was a “characteristically incoherent and abusive reply”, the Tribunal decided this was a clear case in which increased costs were justified.

The moral of the story of the story is if you act in good faith when seeking a determination on your privacy rights, things will be good for you. If you act in bad faith, you get bad things (like a bill for $13,632.23). 

Human Rights Review Tribunal, IPP6 – access, IPP11 – disclosure, law enforcement

Back

Source:

A man applied for a pawnbroker’s licence. On his application he gave his work address. The rejection letter from the Ministry of Justice referred to historical criminal convictions which he hadn’t disclosed to his employer.

Even though the letter was addressed to him, the letter was opened by a staff member and read by four company employees. The information contained in the letter then prompted his employer to sack him. The employer said the decision to sack the man was based on the information about his criminal history.

The man’s complaint to us raised issues under principle 11 of the Privacy Act which says an agency that holds personal information should not disclose the information. The purpose of principle 11 is to place limits on disclosure of personal information by one agency to another person or agency.

In this case, we were told that at no point was the letter disclosed to any person or agency outside a small number of relevant staff members.

We also found out that the man, when giving his employer’s PO Box as his address, had used a different first name. The man’s employer had hundreds of employees and it was company practice to open all mail unless it was specifically marked “addressee only” or “confidential”. Neither of these labels appeared on the envelope.

When the mail clerk did not recognise the name on the letter, it was given to a senior manager who opened the envelope. The letter was then passed to two other senior managers. The company said the decision to dismiss the man was based on the fact that he had completed his application dishonestly when he applied for the job. He had not been truthful about his criminal convictions.

We concluded the disclosure of the man’s personal information within the agency, and the use of that information to sack him, was not a breach of the Privacy Act. The information had been received unsolicited by the employer, and then used appropriately, and not disclosed more widely than necessary.

IPP11 – disclosure, complaints

Back

Source:

As a parent or guardian of a child under 16, you are entitled to request health information about your child as if it were your own information. For other personal information, the Privacy Act does not provide a right of access by a parent, but a parent or guardian can request information if the child is either too young to act on their own behalf, or where the child has consented.

This information will often be necessary to help parents raise and look after their children. But the parent or guardian’s right to access information is not absolute.

There will be some cases where information should be withheld from parents. Sometimes information is requested in situations of family breakdown and violence. Sometimes children will have suffered abuse and may be caught in the middle of bitter custody disputes.

An example is where a child undergoes counselling, and whether a parent should see the disclosures a child may make in those counselling sessions. In these situations, the child will be free discuss sensitive personal information, and needs to feel safe while doing this. This can be intensely sensitive and personal, and the improper release of such information could be detrimental to a child’s wellbeing.  Trust in the counsellor will be diminished, and the child will be less likely to share sensitive information in the future.

In some cases a child may disclose abuse by a parent or a close family member. Releasing this information would very often be dangerous and unsafe.

The Privacy Act gives some protections around this. Information can be withheld under sections 27-29 of the Act. In particular under section 29(1)(d), an agency may refuse to disclose any information requested, if this is contrary to the interests of a child under the age of 16. 

Sometimes it is not clear cut. When an agency is asked for information from a parent or guardian, there may be competing interests to consider and these can be hard to judge. Parents should be able to access information about their children, but ultimately the welfare of the child must come first. If you work in an agency, and you are asked for information and you have concerns or something raises alarm bells, you should ask for advice. If you are in doubt as to whether release is in the best interests of the child, do not release the information. If parents make a complaint to the Privacy Commissioner, we will look into it The outcome of that may be that further information is released. This is not a big deal if you’re acting with good intentions.  

Whether requesting, withholding or releasing information, the welfare of the child must always be paramount and be at the forefront of any decision.

complaints, children, health, Health Information Privacy Code

Back

Source:

The case for government agencies identifying opportunities to work together to provide public services is compelling. We expect government to be efficient, to deliver services based on sound reasoning and in ways that bring the most benefit to the people they are trying to help.

Public programmes can be designed in ways that allow sensible service delivery and a collaborative approach, without intruding on individuals’ rights, or exposing the agencies involved to legal risk.

The Privacy Act is, at its core, a flexible and enabling piece of legislation. However, sometimes it has been perceived as getting in the way of agencies working together. Sometimes those perceptions have been true, particularly when personal information gathered for a narrowly defined purpose is to be used in a new way, and by other agencies, as part of a proposed service delivery innovation.

The Approved Information Sharing Agreement (AISA) mechanism, proposed by the Law Commission and brought into law in February 2013, is designed to provide an answer to the “Because of the Privacy Act” objection to innovation in service delivery.

To support public sector understanding of how to design an AISA and make it work, we’ve published a guidance document that explains what an AISA can do and how to make it comply with the Privacy Act’s requirements.

Our AISA guidance includes checkpoints, scenarios and tips to help you.

Consider this hypothetical scenario. There is high youth unemployment in Northland and the government wants to improve outcomes for this group. An AISA could enable a wraparound service to be developed for school leavers. This might involve Work and Income, CYFS, Police, local schools, iwi organisations, the local employers’ association and other youth focused community groups. These parties could regularly meet to discuss individual cases. The AISA would describe the personal information that each party may share with each other.

If an agency can describe which parties are to be involved in delivering a public service, what information they need to do it, and what they are going to do with that information, they can begin to draft an AISA that will remove any questions about whether the Privacy Act will get in the way.

From our perspective as a watchdog, the AISA model means agencies can build in protections that allow the public to have confidence that the proposal is reasonable, proportionate and subject to adequate safeguards.

AISAs can enable efficient and responsive public services in ways that do not sacrifice important rights, and without adding unnecessary risk of privacy breaches. One additional safeguard is that I have the power to review an AISA 12 months after it becomes operational.

An A to Z of Approved Information Sharing Agreements is designed to be a practical user friendly guide. We depend on your feedback. If you have ideas on how to improve it, please get in touch.

information sharing

Back

Source:

Late last year, one of my senior investigating officers came to me with a file she’d been working on for quite a while. She was convinced the facts supported a finding of an “interference with privacy”, that is, a breach of the privacy principles, that had caused harm to the complainant. She’d tried to reach a settlement, but the parties were too far apart.

When we get to an end point like that, we have to decide whether or not to refer the matter to the Director of Human Rights Proceedings, an independent statutory officer who decides whether to litigate the matter in the Human Rights Review Tribunal. That can take a long time, and be quite stressful for the parties. It is also expensive.

What had happened was that a social worker out on her rounds had her car broken into. Her notebook was in the car. In the notebook were jotted details of some 90 clients she had seen in recent years. This is an important point – it was not just her current clients.

Her employer, a DHB, did the right thing, and got in touch with all the clients, to let them know what had happened. Some of them were understanding, some were a bit upset, but the one who complained to us was devastated. It had been some years since she had seen the social worker and she could not understand why she would still be carrying around her extremely sensitive personal information, which revealed details of mental ill health following the birth of a child.

Often, when a third party like a thief intervenes maliciously to release personal information, it would not be fair to hold the agency responsible. However in this case, we had to consider whether the agency had taken reasonable steps to ensure the information was protected from loss. While we acknowledged that there would be cases where it was necessary to take patient information ‘offsite’ when treating patients in the community, we were not satisfied it was reasonable to expose this type of historic information to the additional risks inherent in taking patient information out of the DHB.

As a last effort to resolve the complaint I arranged to meet with the chief executive of the DHB. We had a very productive conversation and were able to agree to terms on which the complaint would be settled without referral to the Director of Proceedings. It was helpful for me to learn that the DHB’s biggest concern was the perception that we were requiring a significant change of professional practice (namely that we were saying patient information should never be taken offsite). That would have had quite significant implications given the change in clinical service delivery to community care. This means that more health and support staff will be out and about, which means the ability of health care workers to access patient information when they are outside traditional facilities (think clinics and hospitals) will become increasingly important.

Part of the settlement was that my Office agreed to provide some guidance to help health workers and others who are increasingly mobile, to reduce the risks of things going wrong. We will be beginning that work soon, and will hope to canvas the views of a range of community workers to see how they practically manage their information securely without compromising their ability to deliver top quality care.

And here’s a final tip. One of the things that the complainant was very pleased about was that it had reached the highest level of the organisation. She felt that if it had come to the attention of the chief executive, she knew it had been taken seriously and that something would be done. Don’t underestimate the power of a personal approach from the top level in appropriate circumstances!

(Image courtesy of the National Library: Complaint to the editor in Clutha Leader 1907)

complaints, breach

Back

Source:

It began with a photo shared privately among friends and set in motion events that resulted in a precedent setting award for damages for a privacy breach.

This week, the Human Rights Review Tribunal awarded Karen Hammond over $168,000 dollars, largely in part for the severe humiliation she suffered through the actions of her former employer, NZCU Baywide.

The amount is ground breaking because it exceeds by a wide margin the previous highest award of $40,000 set in 2003 (Hamilton v The Deanery) and sets a new benchmark for compensating harm caused by a breach of the Privacy Act for unlawfully disclosing personal information.

The Tribunal said in its decision that NZCU Baywide was in breach of principle 11 of the Privacy Act, which states an agency that holds personal information shall not disclose the information to a person or body or agency.

The information related to a photo that Ms Hammond had shared among a circle of friends on Facebook. The photo featured a cake with written obscenities referring to NZCU Baywide, which was her employer at the time – although she was in the process of leaving the company for another employer. The privacy setting meant only those who had been accepted by Ms Hammond as friends had access to the photo, taken at a private dinner party.

The Tribunal said the company management received evidence of the photo and the human resources manager then coerced a junior employee to reveal the photo on her Facebook page. The manager made a screenshot of the photo and disclosed it to other senior managers. The screenshot was then distributed to several employment agencies in the Hawke’s Bay area by email, and was accompanied by phone calls from NZCU Baywide warning against employing Ms Hammond.

The Tribunal said the photo had become the basis for a “sustained campaign by the company to inflict as much harm and humiliation as possible by ensuring she (Ms Hammond) could not be employed in the Hawkes Bay area” and to get her dismissed by her subsequent employer.

The campaign against Ms Hammond made her new position untenable, forcing her to resign because of the threat by NZCU Baywide to boycott her new employer. She was unemployed for 10 months and was not been able to find employment in her preferred field of finance. Her close relationships were severely affected and the stress caused significant harm to her family. The Tribunal noted that she and her partner had struggled financially and emotionally.

The company did admit to breaching principle 11 and had apologised to Ms Hammond. However, the Tribunal said on the balance of evidence, it had established that loss, detriment, damage or injury, as set out in section 66 of the Privacy Act, had occurred to Ms Hammond. It was also satisfied that there had been significant humiliation, loss of dignity and injury to her feelings.

The Tribunal awarded damages of $98,000 for humiliation, loss of dignity and injury to feelings. Further damages were awarded, including $38,350 for loss of income, $15,543 for legal expenses and $16,177 for the loss of a salary benefit Ms Hammond might have expected to obtain, but for the interference to her privacy.

The decision sets a new benchmark for compensating harm caused by a breach of the Privacy Act for unlawfully disclosing personal information.

Human Rights Review Tribunal, Facebook

Back

Source:

Over the last few months we’ve talked about how our Office is trying to provide more effective and efficient responses when we investigate complaints by taking a practical approach to dispute resolution –  including trying to talk with people more and calling compulsory conferences where appropriate.

That said, the bulk of our complaint work – about 60 percent – relates to complaints where we have been asked to review an agency’s decision to withhold personal information. In case you don’t already know, under the Privacy Act, individuals are entitled to request a copy of any personal information an agency holds about them.

This is not an absolute right, as an agency can withhold personal information in limited circumstances, but if it withholds personal information, the individual is entitled to have us review that decision.

A key requirement to us reviewing a decision to withhold information is that we need to see a copy of the information in question (although there will obviously be the odd case where this just isn’t possible – for instance because the agency no longer holds the information that has been requested).

But all too frequently we have issues with agencies who are reluctant to hand the information over to us to review, for any number of reasons. They might believe the information is covered by some sort of privilege, or they don’t have time to collate the information, and other reasons.

While we understand that some agencies will have genuine concerns about providing us with information to review and are always happy to talk about this with them, the simple fact is that it’s necessary for us to be able to see this information to do our job and, as such, we have the power to order this information is provided to us.

Under section 91 of the Privacy Act, we can require any individual provide any information we consider is necessary for us to look at as part of a complaint investigation. This includes asking to be provided with personal information for review where it’s being withheld, regardless of whether that information is privileged or subject to any other confidentiality.

You don’t just have to take my word for it though – this is a matter which has been all the way to the Supreme Court (see William Patrick Jeffries v The Privacy Commissioner). In that case, a lawyer didn’t want to provide us with information because it was legally privileged. The Supreme Court said this information must be provided to our Office, if we request it under section 91.

If you or your agency receives a letter from us requesting information so we can review it and the letter refers to section 91, then providing this information is not optional. If we don’t receive the requested information, we can consider enforcement action – such as prosecution.

If you are dealing with us on a complaint and you’ve got any questions or concerns, you should always feel free to get in touch with us to discuss these further. But there is simply no good excuse for failing to comply when we request information as part of an investigation.

complaints, IPP6 – access

Back

Source:

People have a right to access information about themselves. When workplace policies reinforce this right, it is risky to deviate from them. This was recently underlined in a Human Rights Review Tribunal decision to award a former Capital Coast DHB (CCDHB) nurse $15,000 for being denied information about a harassment complaint she made against her manager.

The nurse made her harassment complaint during an investigation into complaints made against her by seven co-workers. The first investigation began in 2011 and took 15 months. During this time, the nurse was removed from her paediatric workplace and from May 2012, she was suspended without pay.

In August 2012, the nurse made her complaint against her manager who was responsible for the ward where she worked. She sought access to a written response made by her manager about the nurse’s complaint against the manager. The information sought had been given to the investigator by the manager and was in the form of two documents.

Initially, CCDHB refused to give the nurse the documents she requested, but later it provided the information to her in a heavily redacted form. This was despite CCDHB’s harassment prevention policy which stated “each involved party must be given the opportunity to be represented, and be given a reasonable opportunity to answer the allegations and rebut the defences”.

The Tribunal said the policy document was explicit about the procedure to be followed – while the person complained against must be given the signed written complaint and given an opportunity to answer the allegations, the complainant in turn must have the opportunity to rebut the defences.

The added difficulty in this case arose because the nurse’s manager specifically requested that her account be kept confidential to the investigation and not be provided to the complainant. However, the investigator gave no assurance of confidentiality to the manager.

The nurse said the first time she became aware of her manager’s response to her complaint was when she received the investigator’s report in March 2013, which included extracts of her manager’s account. The report found there was no substance to the nurse’s complaint that would warrant a fuller investigation. The CCDHB accepted the finding but the nurse did not.

The nurse told the Tribunal that being unable to access the documents of her manager’s account meant she was unable to tell which part or parts to challenge and to request that any corrections be made.

Under principle 6 of the Privacy Act, people can request access to personal information held about them by an agency. Under principle 7, people can request that a correction be made to that personal information.

To establish a breach of principle 6, a complainant must show they had made an information privacy request and that the agency refused to make the information available in response to that request or failed to respond to the request within the 20 working days.

When an agency relies on any of the withholding grounds in sections 27 to 29 of the Act, the agency has to prove the exceptions apply. CCDHB had relied on section 29(1)(a) which says an agency may refuse to disclose information if the disclosure of the information would involve the unwarranted disclosure of the affairs of another individual. CCDHB had argued that the information sought by the nurse was as much about her manager as it was about the complainant.

The Tribunal disagreed. It said the information provided by the manager was potentially of a highly prejudicial nature and could affect the nurse’s return to work in the ward. There were compelling reasons in favour of disclosing the withheld information to the complainant.

Secondly, the Tribunal noted that CCDHB’s harassment prevention policy explicitly stated that, as the complainant, the nurse would have an opportunity to rebut the defences raised by her manager. On the face of that policy, there could be no expectation that the manager’s response in the two documents would be withheld from the complainant.

The Tribunal said it was satisfied there had been an interference with the nurse’s privacy and subsequent humiliation, loss of dignity and injury to feelings followed. It awarded $10,000 and ordered access to the unredacted documents.

It also awarded the nurse $5,000 damages for the loss of a benefit she might have expected to obtain if she had been able to access the unredacted documents. The documents, it said, were of potential relevance to her separate employment dispute with CCDHB.

Dissenting view

One of the Tribunal members, Mr Shirley, took a different view. In his dissenting decision, he noted that in the investigation into complaints made by seven co-workers against the complainant, the nurse had received written copies of all the complaints and witness statements. But the complainants or witnesses in that investigation were not given the opportunity to rebut the nurse’s response to those complaints.

Mr Shirley was of the view that CCDHB had fair and balanced procedures around staff inter-relationships and there was good reason for refusing the nurse’s request for personal information because it would involve the unwarranted disclosure of the affairs of another person – her manager.

Image credit: Medical privacy – Electronic Frontier Foundation (EFF)

IPP6 – access, Human Rights Review Tribunal, health

Back

Source:

A Housing New Zealand tenant who found himself in a bureaucratic limbo when he complained to several agencies about a noisy neighbour has been awarded $400 damages.

Fed up with the noise from a neighbouring apartment in March 2012, the man complained to Housing NZ, Police and the Dunedin City Council. But he was told by Housing NZ and the Dunedin City Council that the matter was the responsibility of the other agency.

Housing NZ said noise complaints were the responsibility of the Dunedin City Council which in turn said it didn’t investigate noise complaints if the tenants had the same landlord – in this case, Housing NZ.

To further complicate matters, the man was also informed by Housing NZ that it would not take any action because it had not been able to establish that Mr Holmes had called the Dunedin City Council as he had claimed.

The man then began a quest to hold the right agency to account.

He wrote to the regional manager of Housing NZ requesting a recording of his calls to the agency’s 0800 number, together with all records of his calls, as well as the action taken by Housing NZ regarding those calls.

Mr Holmes believed these recordings would show he had made a complaint about noise to the Dunedin City Council and that the complaint had been to no avail.

But Housing NZ said it did not receive the letter asking for the recordings or transcripts of the recordings. This became the issue at the heart of this dispute before the Human Rights Review Tribunal. The Tribunal had to establish on the balance of probabilities whether Mr Holmes had sent the letter and whether Housing NZ had received it.

Information Privacy Principle 6 of the Privacy Act establishes an entitlement to personal information. Where an agency holds personal information in such a way it can be readily retrieved, an individual is entitled to obtain from the agency confirmation of whether or not the agency holds such personal information; and to have access to that information.

In making a decision on whether a request is to be granted, an agency must do so “as soon as reasonably practicable” and in any case not later than 20 working days after the day on which the request is received by that agency.

In its decision, the Tribunal said it was satisfied, based on Mr Holmes’ evidence, that he had sent the letter – dated 27 March 2012 – and that it had been received. It was not the responsibility of Mr Holmes if Housing NZ had lost or mislaid the letter.

“Mr Holmes’ account of his posting of the letter and subsequent call to the call centre is consistent with his almost obsessive preoccupation of ensuring all his dealings with officialdom are clearly documented, including the obtaining of a confirmation of receipt for all documents supplied by him,” the Tribunal said.

If no decision is made within the statutory 20 day working period of an access request, then there would be an interference with Mr Holmes’ privacy as defined in section 66 of the Privacy Act.

Mr Holmes sought damages of $20,000 for humiliation, loss of dignity or injury to feelings. In a statement to the Tribunal, he described the figure as “conservative”. The Tribunal did not accept that Mr Holmes had experienced consequences of the gravity necessary to justify such a high award. Instead it valued the extent of his damage at a more modest $400.

IPP6 – access, Human Rights Review Tribunal

Back