<i>Dialogue:</i> Privacy Act limits use of information

By BRUCE SLANE*

People often give their intimate financial details to an expert in return for financial advice.

The Privacy Act requires the adviser to be open about the purposes for which the information will be used.

And the client needs to be told if the information is to be shared with others.

Information collected from the client can be used for any of the purposes for which it was obtained and even for directly related purposes, but to go outside those purposes creates a problem for the adviser.

It is easy to understand how betrayed clients might feel if their trust proves to be misplaced.

One life assurance company prepared a financial plan for a couple and then used their details as a case study and gave them to other clients.

Unfortunately, the example wasn't sufficiently anonymous. People could recognise the couple from the details.

The couple felt betrayed and humiliated and complained to my office.

Everyone has the right to feel that their personal information is no one else's business.

Of course sometimes they have to trade off some of their privacy in return for goods and services.

They give details of their health condition to the doctor. They may give their financial details to the bank or to a firm from whom they seek credit.

According to a survey I recently commissioned, 91 per cent of New Zealanders would join the upset couple mentioned if they were placed in a similar situation.

Seventy-nine per cent of them would be very concerned if information they gave to a business for a specific purpose was used for another purpose and a further 12 per cent would be quite concerned.

Many businesses have for a long time realised how important privacy is to individuals.

Lawyers, doctors, counsellors and bankers have a long tradition of confidentiality. Others can be more cavalier in the way they treat information.

Ownership is not the issue for most people. It is what happens to the information: who sees it, who gets it, what they can use it for.

Some situations can occur which concern people greatly. One of them is credit reporting, which these days is very sophisticated.

Computers can draw information together and assemble it quickly so that someone who has not been paying their bills on time can show up in a credit report.

The privacy of personal details on credit reporting has 41 per cent of very concerned, a further 23 per cent quite concerned, and only 6 per cent not concerned at all.

What are the lessons for business out of these concerns about privacy?

Some have been inclined to believe that people would not be concerned about information privacy if it was not for the Privacy Act.

This is a bit like the myth about race relations being perfect in New Zealand before we got a Race Relations Act.

The fact is that privacy is a real value in a civilised society. Concern and respect for people and their personal information run high among all of us.

Maori expressed above average concern for their privacy in most of the issues that were raised in the poll.

Older people seem to be less concerned, but levels are still significant enough for businesses to sit up and take notice.

The concern here is mirrored by several polls in the US and Australia.

If there were no Privacy Act it would still be necessary for businesses to deal with privacy concerns.

The best thing to do is to remember openness and purpose. Be open about the purposes the information is obtained for and don't use it for other purposes.

Keep customers' information secure. And take reasonable steps to make sure the information is correct before you start acting on it. That is another privacy principle that coincides with good business practice.

And, above all, don't think people won't care about the way they are treated.

The couple with the financial plan did care.

The matter was serious enough for the company involved to pay $23,000 in compensation.

* Bruce Slane is the Privacy Commissioner.

Dialogue on business