New Zealand's biggest holder of personal information is a multinational founded 40 years ago by a right-wing Texan. JAMES GARDINER goes where the secrets are.
Nestled inconspicuously in a light industrial area of Wallaceville, Upper Hutt, is a building housing some of New Zealanders' most intimate secrets.
Details of your health records, income, where the money came from, welfare payments, loans, outstanding fines, right down to who cheques were written out to and for how much.
The information is gathered by Government departments and other state agencies whether we like it or not, often under the power of statute. Yet in most cases the departments themselves don't actually keep the details or even process the information. They use your money to pay someone else to do it.
The storage and processing is in the hands of a United States-based multinational called EDS, which most of us - certainly those unfashionable enough not to work in the IT field - have probably never heard of.
Don't get paranoid. Executives of the Electronic Data Systems Corporation insist your secrets are safe with them.
The building is not ringed by fences topped with razor wire. No attack dogs roam the grounds. And the security guard does not look armed. But no one gets in without clearance, and once you are inside every move is tracked and recorded.
Privacy, if not its middle name, is certainly the watchword of the EDS operation throughout the world.
New Zealand managing director Robert Gray: "Our business is all based around security and privacy because if we can't maintain that on behalf of our clients, we don't have clients."
Simple as that, really. And clients are not something EDS is short of.
The company has been around for nearly 40 years, and during the past seven has become New Zealand's largest holder and processor of computer-based data, courtesy largely of the taxpayer.
Its customers include the police, courts, prisons, labour, welfare and tax departments.
Founded in 1962 by the right-wing Texas billionaire Ross Perot, it was bought by General Motors in 1984. Mr Perot, whose private army rescued EDS staff caught in the 1991 Gulf War, went on to form the Reform Party in 1992, spending $US65 million of his own money to contest that year's presidential election. He won 19 per cent of the vote.
EDS had its stock split off from GM in 1996 and listed independently on the New York Stock Exchange. It is worth approximately $US19.2 billion, with 120,000 employees worldwide.
It came to New Zealand in 1994, buying Databank and GCS Ltd, the former Government Computing Service.
The purchase of Databank, for an undisclosed sum that May, was from the four main trading banks at that time - ANZ, BNZ, National and Westpac.
Those banks had five-year contracts with Databank, which had a staff of 950 in Wellington, Auckland, Tauranga, Palmerston North, Christchurch and Dunedin, committing them to agreed levels of processing.
GCS was bought in November for $47 million.
Although EDS will not name clients or discuss what it does for them, some are matters of public record. It supplies computer processing services to the Auckland District Health Board, the Department for Courts, the Department of Corrections, the Ministry of Social Policy, Department of Work and Income, Department of Child, Youth and Family Services, Inland Revenue, Land Information New Zealand, the Land Transport Safety Authority, Ministry of Justice, Police, NZ Qualifications Authority and the Serious Fraud Office.
Its computer bunkers and processing centres are in Auckland, Hamilton, Palmerston North, Wellington, Christchurch and Dunedin. It also owns what it calls a development site in Wanganui.
You may not have realised, but the police database, the Wanganui Computer, has been in Auckland for four years.
Because of public sensitivities over the privatisation of GCS, Privacy Commissioner Bruce Slane was asked by the Government of the day to issue a privacy code especially for GCS.
The purpose was to provide remedies for any breaches of the information privacy principles and to prohibit GCS from transferring information out of New Zealand without first notifying the Privacy Commissioner of the proposed destination and safeguards and gaining permission from the relevant agency.
That code was updated in 1997, despite opposition from EDS. Although it does not prevent EDS transferring information abroad for processing, it must notify the commissioner should it intend doing so and advise what data protection safeguards will be used.
So far, that has not happened, and EDS says it has no plans to send computer files abroad for storage or processing and, in any event, would try to so so only if the client owning the information agreed.
EDS legal counsel Paul Gillard said nothing untoward should be read into the opposition to the code's renewal. The company simply felt it should not be subject to something if its competitors were not.
Although the business had grown in the past seven years, some clients had been lost to competitors such as IBM, Datacom and Unisys, which also had contracts with Government entities but no special privacy restrictions.
Mr Slane conceded that was a "fair point," but not one that would make him consider dropping the EDS code, particularly when EDS dealt with such sensitive databases as criminal records and tax.
At this stage, he said, he had not contemplated new codes for similar companies with state contracts.
In the past couple of years, EDS internationally has embraced a policy of much greater public accountability and openness.
Communications consultant Helen Morgan-Banda, a former journalist who worked for the Government and major corporations before joining EDS nine months ago, said that policy followed the appointment of chief executive officer Dick Brown in early 1999.
Where once "no comment" was the standard response to most questions, the chiefs at the Wellington-based New Zealand head office agreed to an interview and a tour of the secure Upper Hutt data-processing and storage facility.
But much remains secret. Mr Gray said that to talk in detail about the company or its clients "may compromise some of our security and privacy arrangements."
Mr Gillard said all contracts had confidentiality clauses that even prevented revealing the contract's existence. To breach such a clause could be grounds for termination by the client.
Mr Gray, a onetime Wellington rugby and cricket representative and All Black trialist, has worked in the information technology since 1966 and joined EDS in 1995.
Tall, straight-backed and serious, he looks suitably Orwellian, but the father of two insists that neither he nor EDS are Big Brother. "That's a perception I think that's grown out of movies."
He says controls and processes put in place to prevent information "leaking out" have worked. There have been no leaks, and the company is unaware of any attempts by computer hackers to get into its system. Certainly none has succeeded.
"We have tools, firewalls and processes that are pretty hard to break. We are not saying they can't be broken.
"Anyone that joins this company, they must sign a confidentiality clause as part of their employment contract. Then they must sign a confidentiality contract in the area they're working in if it's with a particular client. On top of that, each staff member must also sign a code of ethics, which is a global document."
But the code itself is not something the company is willing to share. EDS regards it as intellectual property, something it does not want competitors to copy.
An EDS global statement on data protection, however, is available.
It recognises protection of personal data and maintenance of individual privacy as "fundamental considerations."
Mr Gray: "We do monitor access to data as well. We have reports that come off on a daily basis and are monitored very closely so if anyone has access to data we know about it."
Some of the information is simply stored on behalf of clients. Even the EDS staff with access to it could not make any sense out of it without the information held by the client.
"In most cases our staff have absolutely no idea what's in those disks and the way it's formatted, the applications. Only a handful of people would know that and, as I've said, they're monitored."
Mr Gillard says that even with world-class security systems - and security is something the customer specifies and pays for - "if you've got somebody who's fundamentally dishonest and in a very senior position in an organisation - you know, the sorts of things you get in the movies - then that person will get caught eventually."
Each customer has an account manager who would know if someone else in the company was trying to access information he or she should not need to see as part of the job.
"The first question he or she would be asked is 'Why?' There would almost have to be a conspiracy among some very, very senior people for that to happen."
Mr Gray himself, as head of the New Zealand arm of the company, is not being constantly monitored by his superiors overseas, but like all staff is subject to audits conducted in New Zealand and elsewhere by the company's international auditors, KPMG.
"I don't think anyone could ever say nothing will ever happen, but EDS has been around since 1995 and, touch wood, nothing has happened to date."
Mr Gillard says there is no "tangled web of interlocking computers" between clients, but it has not all been plain sailing.
In July 1998, EDS was asked by one of its clients, the Department for Courts, for access to the information held by another client, the Land Transport Safety Authority, to get current addresses based on vehicle ownership registration information.
As a result, the Courts Department wrote to 4000 people telling them they had 48 hours to pay overdue fines or face fresh penalties.
The trouble was, some of those were the wrong people.
The Privacy Commissioner investigated and criticised Courts Department officials for not seeking authorisation for the matching.
The LTSA wrote to EDS reminding it of its contractual obligations. It said it believed that those obligations had not been met.
What occurred was put down to technical problems, a misunderstanding about who was entitled to what and what consents were necessary.
Mr Slane remains concerned. EDS says measures are in place to ensure nothing like it happens again.
Herald Online feature: Privacy
New Big Brother is big business
AdvertisementAdvertise with NZME.
