The Department of Internal Affairs recently conducted public consultation on its proposed information sharing agreement (AISA) for Customer Nominated Services. The Foundation wasn’t able to comment before the formal deadline, but DIA offered us the opportunity to comment informally.
The Customer Nominated Services AISA is intended to replace multiple existing information matching agreements. It lays the groundwork to develop new information sharing mechanisms with government departments, rather than continuing to rely on bulk information matching programmes. One option is to develop an API that allows a department to check a specific record (such as a birth record) when someone applies for services.
In brief:
- The Foundation supports the use of new technology that enables departments to share only the information that they actually need, speed up service provision and reduce costs and administrative hassle for members of the public.
- However, that new technology will need to be rigorously tested to ensure that it does not expose people to risk.
- The details of the sharing that are set out in the AISA itself are relatively generic. The underlying operational details will need close scrutiny to ensure that the sharing operates safely and fairly.
- The AISA is a highly technical document – it is not consumer-focused. It will be important to provide additional plain language information for the public about what information is shared, how the sharing works, and how their information is used.
You can read the Foundation’s submission here: Customer Nominated Services AISA – Privacy Foundation comment
DIA has responded to our submission in this letter: Privacy foundation feedback response DIA. It acknowledges our comments and provides further detail about the process for approving new sharing, development of operational details and future plans for additional AISAs.