Being a therapist, privacy’s kind of in the blood. Much the same for all health professionals, it’s part of our training and our professional ethics. Lawyers, doctors and priests all have legal privilege to keep even incriminating information private, with some very occasional exceptions. These exceptions don’t have black and white rules, they’re governed by clinical experience, professional ethics and balancing risks.
It’s notable that the Government’s recent “White Paper” on child abuse responses even shied away from mandatory reporting. Clinical privacy is a complex matter and breaching privacy for any professional is always a carefully thought through and serious matter.
However I’m fairly convinced the Minister for Social Development, Hon. Paula Bennett doesn’t really understand the ethics of privacy.
After breaching beneficiary Natasha Fuller’s privacy in 2009 by releasing details of her income from WINZ, the Minster said:
“I acknowledge that you consider that I was wrong to do so and that this resulted in a breach of Ms Fuller’s privacy. As you also know, I do not accept that view.”
You might recall the reason Mrs. Bennett breached privacy was because the client of WINZ publicly criticised the Minister for cutting back the training allowance, in other words exercising her right to free speech.
So it feels a little hard to swallow when the Minister now says of the unfolding privacy breach at WINZ (See here for Keith Ng’s original blog post):
“I’m deeply disappointed information which should have been secure has been accessed, the public has a right to expect more of a government agency,” says Mrs Bennett.”
And more of a Minister.
Accessing, hearing, holding and managing anyone’s personal information is a privilege. Health, pastoral and legal professions “get this.” Without confidentiality many helping professions cease to exist.
The common factor with the now public information about the internal computer systems at WINZ and the ACC (see: “When a secret is no longer a secret”) is the complete absence of internal checks and balances against inappropriate access of information by internal staff and it would seem even by the Minister. I doubt WINZ would see its information as “clinically privileged” but much of it is; and if the ACC don’t then they should by now.
In my opinion when information is handled “administratively” it can easily be handled without the privileged respect it deserves. Keith’s blog outlines the digital equivalent of leaving files laying around on desks in an open plan office, with the front door unlocked.
Curiosity is human nature and robust privacy systems recognise that people are naturally inclined to look if there are no consequences. In the public health system where I also work, I can’t directly access anyone’s file that I am not directly involved in treating. If I do open such a file I must justify my actions and it is auditable.
But I guess if WINZ were to implement such a process it would prohibit the Minister from accessing the information she needs to attack and publicly shame her critics in the future:
“When asked… …if she would do the same thing again [breach a WINZ client’s privacy], Ms Bennett would not rule it out… “It would depend on the circumstances but I’m not going to make a judgement on what may or may not happen. I’d make a call at the time.”
When our Political Leadership drive roughshod like a Sherman tank over peoples entrenched human rights without consequence nor remorse what message does this send to our Society and the way we are permitted to treat those around us, particularly those with limited power to respond or defend themselves. This behavior is becoming a common thread running through Government as illustrated by revelations surrounding but not limited to Dotcom, ACC and WINZ.
Hi Kyle,
I have a so called “secure” file with MSD. This is the highest level of security that they can provide.
Although anyone can request their file be secured in this manner most people who do make such
a request do so because they face serious consequences if the file is accessed and their privacy
breached. For example their life and that of their family could be endangered. Or they know the
type of information contained in their file if disclosed would mean their life was no longer worth
living.
You said, “In the public health system where I also work, I can’t directly access anyone’s file that I
am not directly involved in treating.”
In MSD anyone can access a secure file after a manager has unsecured it. Meaning that although
they will say it is “secure” anyone within the Ministry can have access, it isn’t held in a seperate
unit as happens with sensitive claims. Sure, they would tell you that there is an access log. They
assume that nothing will go wrong with this system and that is the problem.
The recent publicity shows it already has gone horribly wrong and they have no way of knowing
if a secure file has been compromised, the information to be used at a later date.
It’s ok they say….there haven’t been any reports of blackmail that they are aware of. This assumes
(again) that had a breach of privacy occurred THEY WOULD FIND OUT. Let’s assume this did
happen – how would the victim know where the information came from, especially since it would
have been widely assumed in the past that Work and Income held the information secure?
This also makes the assumption (yet again) that the only way stolen information would be
handled would be to use it straight away. Since we are in a digital age it could easily be stored
in a cloud, it’s ever present threat used to control or threaten at an unspecified time in the
future.
I’m sorry MSD but you aren’t ever going to pawn the responsibility off to Ira with me. Your
Ministry knew the risks well in advance but did nothing to prevent harm coming to your clients
and even now you sit pious and impotent in a game of public misdirection.