You know what?
The Privacy Act doesn't protect you as much as you thought it did.
For a whole bunch of reasons.
First, it is subservient to other laws.
Second, people who collect your personal information get to write their own rules; third, in some cases it offers less protection of personal information than what was the case before it came along.
Banking is one of those areas. Here's an interesting article reporting on the practice of banks routinely handing over personal information to the police without a warrant [it also involves Kim Dotcom and the allegation that "Kiwibank appeared to use a police request as a sign of impending trouble for the tycoon, rejecting a loan application".]
How do they do that?
Well, the part of the Privacy Act that says agencies are not allowed to disclose personal information says "unless they believe on reasonable grounds that the disclosure is necessary for the maintenance of the law".
But do not fear! All this means is that when you complain to the Privacy Commissioner about a bank disclosing your personal information to the police, the bank can put its hand on its heart (*choke*) and say "I believed on reasonable grounds that there was an exception to information privacy principle 11, and therefore we are not liable", and the Privacy Commissioner might go away.
The bank's problem, however, does not.
I had a case like this a few years ago, when a bank let one of its staff take transaction information of one of its customers into a judicial hearing about a dispute between the employee and the customer.
The bank took advice and maintained that its actions were not a breach of the Privacy Act because the disclosure was "necessary for the conduct of proceedings", which is yet another exception to the "do not disclose" rule.
I told the bank I didn't care about that, because we weren't going to take a Privacy Act complaint, we were going to sue them for breach of confidence.
The relationship between a banker and a customer has been known to the common law as being of a strictly confidential nature for centuries. Nothing in the Privacy Act affects that duty of confidence, or the right of a customer to sue where that duty is breached.
Of course, a customer couldn't sue for breach of confidence if the bank was complying with a court order, like, I dunno, a warrant, so banks that decide just to co-operate on the sayso of the police without some proper judicial oversight are taking a real chance.
I don't think banks should necessarily force the police to get a warrant where the police are desperately trying to locate a missing person and need to know whether the account has been active during the period of absence.
But banks really do need to be a little more cautious than the NZ Herald article and Privacy Commissioner imply they are being.
Oh, by the way, my client in the case I mentioned above got a very handsome settlement for the disclosure that was not a breach of the Privacy Act.
John Edwards is a Wellington barrister, information law specialist and former adviser to the Office of the Prime Minister and Cabinet. He blogs at www.johnedwards.co.nz
This article is tagged with the following keywords. Find out more about MyNBR Tags
- Joyce associates openly talking about leadership change
- Parent, widow of Pike River casualties fail to force review of decision to drop charges against Whittall
- iPredict decision the work of 'officious aliens' – Crampton
- Scentre Group to sell three Westfield malls to NZ firms for $549m
- Fonterra says farmer loan support package will cost $390 million
Most listened to
- Tim Hunter on why Veritas is doing it the hard way
- Matthew Hooton on whether Steven Joyce will be the next national leader
- Rodney Hide on why all city planners should be fired
- Nevil Gibson discusses his latest Editor's Insight on films
- The NBR crew throw around some of the week's top stories
- Rob Hosking breaks down the political and economic week that was
- "A tragedy" - David Farrar on his disappointment with Simon Bridges
- New F&P product pipeline exciting, says Macquarie senior investment adviser Brad Gordon
- Taupo Motorsport Park executive director Tony Walker on the park's rebranding
- NZIER senior economist Christina Leung on why she does not think the OCR will hit 2%
- NBR's Cameron Officer talks about the NBR Car of the Year 2015
- John Barnett on Brewer: ‘Boy, has he got a bit to learn’