Do you know what you’re holding?

Knowing what data you have, understanding its purpose and having strong privacy practices in place to manage and protect its use will go a long way to helping you ensure you can use data to its full potential, writes Privacy Commissioner, Michael Webster.

“Data is like garbage. You’d better know what you are going to do with it before you collect it.” Mark Twain’s analogy may have preceded our current times of mass collection and collation of data, but it does serve as a cautionary reminder that collecting data without a clear purpose, or not having a retrieval and deletion strategy, can lead to clutter and confusion and heightened risk of misuse or missed opportunities.

The Office of the Privacy Commissioner recently provided an update on Police’s progress on a Compliance Notice, requiring them to stop unlawfully collecting photographs and biometric prints from members of the public, particularly young people, and to delete unlawfully collected material stored on their systems, including mobile phones.

We noted that Police have completed all but one of the original requirements of the Compliance Notice and that they’ve made good progress around how they collect information. However, deleting unlawfully collected material is proving problematic.

Police face a very different operating environment to most organisations, but there are some widely applicable privacy principles involved.

“Many images have historically been stored on their systems without the labels that would allow them to be searched automatically…”

A key problem Police face is that many images have historically been stored on their systems without the labels that would allow them to be searched automatically.

In these cases, Police can’t tell what an image is of without opening each image file manually, and unless key information has been recorded with the photo it may be difficult know the purpose and rationale for collecting and retaining it.

It’s like going to the pantry and realising that all the labels and use-by dates have been taken off the cans of food. You can’t tell what something is until you open it and even then, you may not be able to tell if it is safe to use.

The development and implementation of a digital evidence management system was presented to us as a potential solution to these issues.

Had they had that, Police could have stored and identified photos and linked them to specific cases, which would have also meant staff would have documented the lawful purpose for taking the photo.

One of the first steps any organisation can take in preparing to plan and implement a privacy programme is to understand what personal information you collect, use, store and disclose.

Knowing your personal information, and assessing your organisation’s privacy risks, will help you work out how best to apply the guidance in our Poupou Matatapu framework of how to do privacy well, which is found on our website.

Key objectives of knowing your personal information include:

  • Your organisation having a data inventory and using this to assess its risk profile.
  • Staff understand what personal information is and how they can use it in their role.
  • There is a central log or record of current data/information sharing agreements.
  • Policies for data classification, including handling and retention, are documented and compliance with these policies is assessed.

Knowing what data you have, understanding its purpose and having strong privacy practices in place to manage and protect its use will go a long way to helping you ensure you can use data to its full potential.

Michael Webster is New Zealand’s Privacy Commissioner.

 

Visited 100 times, 14 visit(s) today

Forming partnerships with Māori business

Broadcaster and journalist Mike McRoberts (Ngāti Kahungunu) will be speaking to directors and the business community at an Institute of Directors’ event Te Ōhanga Māori: Connecting with the Māori economy.

Read More »

How to overcome remote onboarding challenges

First impressions matter and employees’ early experiences heavily influence staff retention, productivity, and overall success. Shannon Karaka outlines eight actions to help improve remote employee onboarding in your organisation. A

Read More »

New CEO at Phoenix Recycling Group   

Phoenix Recycling Group has appointed Phil Hand as its new chief executive officer. The company says Hand brings a wealth of knowledge from New Zealand and Australia’s manufacturing and primary

Read More »
Close Search Window