By JO-MARIE BROWN
A Weekend Herald investigation mounted to test privacy laws has served as a wake-up call for some organisations holding personal details.
With Lisa Maree Barber's authority, Herald reporters set about uncovering information about the 27-year-old.
We found out about her family, employment history, academic qualifications, medical conditions, what gym she goes to - even what videos she likes.
The results have shocked private companies and public officials whose staff gave out information.
When phoned, the Health and Sports gym in Morningside had quoted the Privacy Act and said it could not confirm if Lisa was a member.
But the staff member then did just that - and also gave her central Auckland address.
Club manager Matt Adsett promised the gym would tighten procedures.
"We were made an example of, but it just highlights that private information is being made public."
Otago University's student administration manager, Bill Purdie, was shocked to hear that confidential information had been given out over the phone.
When asked about Lisa's academic performance, a staff member had said: "I'm stretching the line a little bit [in terms of privacy] but it looks like she suffered from ill-health in the first year."
Mr Purdie said staff would be reminded of their obligations.
Other organisations were also embarrassed.
A spokeswoman for the video store that faxed the Weekend Herald details of what Lisa had recently hired, along with membership details, said she was upset by what had happened - "I don't care if it's the Prime Minister, that's a big no-no."
The woman said staff knew they were not to give details out unless the person phoning could prove membership by quoting his or her password.
Mercury Energy general manager John Foote admitted that protocol was not followed by the staff member who said the power account for Lisa's property was under her former partner's name.
"In light of this incident, we will also be reinforcing our privacy policy with our call-centre representatives."
The Herald carried out a Baynet consumer credit search and uncovered Lisa's previous addresses, but general manager Adam Feeley said there were unusual circumstances.
Such a check was possible only because the newspaper subscribed to Baynet's system and had Lisa's authority. Otherwise, written and photographic identification would be required.
In response to an ACC customer service representative's divulging some of Lisa's medical claims over the phone, spokesman Richard Ninness said he could not confirm whether a privacy breach had occurred.
Specific information known to the customer was required to verify identification, but if the Herald had access to such details, then ACC was not at fault, he said.
St Lukes Family Planning clinic had confirmed that Lisa was a patient, but spokeswoman Rachael Le Mesurier said it was difficult to verify identification if the person phoning had the relevant details.
The clinic had refused to reveal information about Lisa, insisting on a signed consent form.
A former employer was angry about the Herald's inquiries.
Sheffield Consulting Group was sent a letter saying Lisa had applied for a job with the newspaper. Sheffield then confirmed that she had worked there from January 1997 to April 1999.
A spokeswoman said the letter led her to believe Lisa had given permission for Sheffield to give out such information. Either Lisa had agreed and Sheffield was therefore not at fault, or the Herald was wrong in sending the letter.
However, she said a separate call to Sheffield, where a staff member revealed that Lisa's ex-boyfriend had moved to Australia, was still being investigated.
Herald Online feature: Privacy
Data leakers promise action
AdvertisementAdvertise with NZME.
