Use, disclosure, and related
principles (data quality etc)
Privacy & Surveillance
Graham Greenleaf & Nigel Waters
Last updated October 2008
Sources


ALRC Report 108, Chapter 25
Greenleaf, Waters & Bygrave (Dec 2007) Strengthening
uniform privacy principles: an analysis of the ALRC's
proposed Principles Submission to the ALRC Review of
Australian Privacy Laws Discussion Paper 72, particularly
‘8. Use and Disclosure (UPP 5)’ , ‘9. Direct Marketing (UPP 6)’ &
‘10. Data Quality (UPP 7)’
 Also Greenleaf, Waters & Bygrave (Jan 2007) Implementing
privacy principles: After 20 years, its time to enforce the
Privacy Act, Submission to the ALRC Review of Privacy Laws
Issues Paper (2006)

NSWLRC Consultation Paper 3, 2008, pp 117-124
Use, Disclosure and Quality
2
Overview

Finality - Use & disclosure limitation principles




General exceptions to finality principles


Importance of ‘finality’
Meanings of use and disclosure
Effect of purpose on subsequent recipients
Related purpose; consent; authorised by law
Other exceptions (numerous)
Use, Disclosure and Quality
3
Overview (2)

Related matters




Public registers - Application of IPPs
Data export limitation principles
Data matching controls
Related principles


Data integrity/quality principles
'Objection to processing' principles
Use, Disclosure and Quality
4
‘Finality’ - Use & disclosure
limitation principles

‘Finality’ - the EU term for limiting subsequent use and
disclosure to the original purpose of collection



The single most important concept in information privacy
Applies irrespective of how data collected, or who from
Generally - Data can only be used / disclosed in 5 ways:
 (I) For the purpose for which it was collected
 (ii) For a related purpose
 (iii) With consent of the data subject
 (iv) As authorised by law
 (v) Other subject-specific exceptions


Some common public interest exceptions (eg safety of others;
law enforcement)
Many very specific exemptions (often jurisdiction-specific)
Use, Disclosure and Quality
5
Meanings of ‘use’ and ‘disclose’

IPPs limit both disclosure and use - but wordings differ



Cth PA: IPPs and NPPs refer separately to ‘use’ and disclose;; definition of
‘use’ says it does not include ‘mere disclosure’, but does include inclusion in
a publication
HK DPP 3 refers only to ‘use’ but s2 definition of ‘use’ says use ‘includes
disclosure or transfer of the data’
Disclosure



Can be verbal or by allowing inspection - All Australian and HK IPPs refer to
disclosure of ‘personal information’data, not disclosure of records
Can ambiguity be ‘disclosure’? - see BG v DOCS ([2008] NSWADT71) Case Summary [2008] AUPrivCS 2: Tribunal held that a letter disclosing that
a criminal record check might be a reason for rejection of carer status did
not disclose the fact that BG had a criminal record (was so).
HK defn ‘disclosing’ specifically ‘includes disclosing information inferred
from the data’ (s2) - implied elsewhere
Use, Disclosure and Quality
6
Meanings of ‘use’ and ‘disclose’ (2)

Is there ‘disclosure’ if the information is already known?



see debate between Greenleaf and Gunning
Example: if answer is ‘no’, any organisations could confirm the truth of
any information put to it by another organisation without disclosure (and
‘no comment’ is not a disclosure either).
Reasons for ‘yes’ answer




Different sources have different authority (But careful - NSW ADT case
regarded news report as ‘publicly available publication’)
Unfair to require P to prove what another party did not know
Courts may reduces damages if discloser shows information already
known by recipient (less harm to P)
HK use of ‘transfer’ as well as ‘disclose’ - may confirm that it does
include information already known
Use, Disclosure and Quality
7
Meanings of ‘use’ and ‘disclose’ (3)

Use - Can mere inspection be ‘use’ by data user?


‘No’ answer for previous UK Act - R v Brown [1996] 1 AC
543; police officer viewed record in police database of
interest to debt collector with whom he associated; HL held
‘using’ required that the information be subsequently
deployed
Reasons for a ‘yes’ answer (better view)



Abuse by ‘insiders’ is a major cause of privacy invasions; and it
is very difficult to prove subsequent use (as in Brown)
Will encourage employers to adopt ‘need to know’ restrictions
on access - so breaches will also breach internal policies
HK and Aust long titles of Acts indicates purpose of privacy
protection (contra UK Act at that time) - supports inspection
being covered - see discussion in RG
Use, Disclosure and Quality
8
Meanings of ‘use’ and
‘disclose’ (4)

Onus of proof problems



Obligation on complainant to prove use or disclosure; civil
standard of balance of probabilities
QE v Macquarie University [2008] NSWADT 144 - Example
of Tribunal unwilling to conclude that disclosure by Macq
employee occurred despite strong circumstantial evidence;
but also unwilling to find Macq in breach of security principle
for lack of logging of mere accesses to files which did not
involve amendments
Unauthorised access can be ‘computer crime’

Also relevant: ‘computer crime’ offences can cover mere
unauthorised access - in some jurisdictions, can cover
access by authorised personnel for unauthorised purposes
Use, Disclosure and Quality
9
Finality - Effect on subsequent (3rd
party) recipients



‘Finality’ usually refers to subsequent uses/ disclosures by the
collector
Issues: (I) Are 3rd P recipients tied to the same purpose as the
proper purposes of the discloser (the original collector)? (ii)
Does this depend on whether the 3rd P is aware of the original
purpose of collection?
It is rare for IPPs to explicitly address this


Cth public sector IPP 11(3) - Recipient from agency can only use
the information for purpose for which it is disclosed to them
Re NPPs, Note to s13B(1) (re related corporations) implies ‘yes’
answer
Use, Disclosure and Quality
10
Finality - Effect on subsequent (3rd
party) recipients (2)

Other sets of IPPs (eg HK) do not address this





Best answer is that collection must be by ‘fair’ means - fairness is
an objective test in relation to data subject
This covers both legitimate disclosures (wider purposes of
collection unfair), and illegitimate disclosures (any collection unfair);
Where 3rd P is unaware of original reasons for collection, a strong
approach still protects the data subject; weak approach allows
recipients new purposes (may be approach of HK PCO)
Necessary answer to support the policy of the legislation
Once unlawfulness of discloser is known, collector’s use may also
be a breach of confidence - additional ground for objection to either
unlawful collection or unfair collection
Use, Disclosure and Quality
11
Finality - Effect on subsequent (3rd
party) recipients (2)

Examples

Use of personal data obtained from a public register - [2003]
HKPrivCmr 8 - purpose of bulk disclosure of public register data
by agency precluded commercial use of data; attempt by
purchaser to use with search engine breached DPP 3.

What implications for Tenants’ Union v TICA No 4 ?
Use, Disclosure and Quality
12
Allowed uses: Principal purpose
of collection

IPPs require a purpose of collection


NPP 1.3 refers to ‘purposes’: PC’s Guidelines still say there is
only one primary purpose
Notice of purpose under IPPs is evidence of purpose


Notice broader than function/ activity - invalid notice, use still
limited by (objective) function/activity
Notice narrower than all functions allow - users can limit by
notice those of their purposes for which they collect - cannot
use for any wider (though legitimate) function/ activity


Is Tenants Uniion v TICA #4 (2004) consistent with this?
Data subjects may expressly limit the purpose of collection


Purpose need not be as wide as all allowable purposes
HK [2003] HKPrivCmr 8 : ‘Use of personal data obtained from
public registry’ (Materials #5)
Use, Disclosure and Quality
13
Lack of notice - effect on purposes

If no notice is given, purpose is inferred





Purposes may be implied by relationship between parties
Reasonable expectations of data subject are relevant when
data is collected from data subject (B&W 127)
Where collected from 3rd parties, their reasonable
expectations are relevant
Where data is collected by observation/from documents, no
expectations, so function/activity becomes crucial (B&W
127)
Common complaint: Disclosure was within purpose of
collection, but notice was not given as required

HK PCO Eg Disclosure of skating competitors OK as a
purpose of collection, but no DPP 1(3) notice given - breach
of DPP1 (collection) , not DPP3 (disclosure)
Use, Disclosure and Quality
14
Allowed uses (I): Secondary
purpose exceptions

Uses allowed for secondary purposes related to primary
purpose - but tests differ (in wording):


HK DPP 3, Cth and NSW public sector IPPs - must be ‘directly
related’
NPP 2 for private sector and Vic/NT public sectors



(I) must only be ‘related’ (or ‘directly related’ if it is sensitive
information - difference must be meaningful); AND
(II) ‘the individual would reasonably expect’ the secondary use
‘Reasonable expectations’ test



NPP test is of the expectations of the individual concerned
Cth PC suggests test is expectations of a reasonable person with
no particular knowledge of the industry concerned
Reasonable expectations of data subjects/3rd parties may also
affect the meaning of ‘directly related’ (B&W support)
Use, Disclosure and Quality
15
Secondary purposes:
‘Reasonable expectations’ (2)



[2003] HKPrivCmr 5 : ‘Posting of complaint letter on notice
board’ - ‘it was unlikely that he would have given consent’
HKPCO complaint 4/05: ISP used complainant’s credit card
details from a terminated account to recoup charges on a
different account - breach of DPP 3, ‘not within a consumer’s
reasonable expectations’
HK AAB appeal 66/2003: C complained to property mgt co. R
about neighbour; R disclosed her details to neighbour (who later
used them in a civil action against her). PCO held disclosure
was for a directly related purpose, to help resolve a dispute; also
was for s58(1) purpose of remedying ‘seriously improper
conduct’ (both upheld by AAB)
Use, Disclosure and Quality
16
Secondary purposes:
‘Reasonable expectations’ (3)

HK AAB appeal 13/2004: disclosure of account information to
debt collector is for a directly related purpose

HK PCO appeal 26/2004: employer disclosed to Dr that medical
examination was for purpose of confirming employee’s fitness to
attend disciplinary hearing; PCO held (and AAB upheld) that this
was for a directly related purpose; and could also be justified
under s58

Excessive disclosures must still be avoided:

Prosecution witness' personal data [2004] HKPrivCmr 5 disclosure of whole statement to defendant was
unjustified
Use, Disclosure and Quality
17
Secondary purposes:
‘Reasonable expectations’ (3)

Tenants’ Union v TICA No 4 [2004] PrivCmrACD 4




TICA collected from its members, not from tenants
TU complained TICA breached NPP 2.1(a) in disclosing info to
members from Enquiries database because tenants would not
‘reasonably expect’ information about unsuccessful applications
to be disclosed to real estate agents.
Dismissed by PC - ‘reasonable expectations’ is only relevant to
secondary purposes, and use for default listings was TICA’s
primary purpose of collection from its members.
PC had already found that tenancy application information was
‘necessary’ for TICA’s provision of a ‘risk management service’ PC used an objective assessment of TICA’s primary purposes
Use, Disclosure and Quality
18
Secondary purposes:
‘Reasonable expectations’ (4)

Tenants’ Union v TICA No 4 - Questions:

(1) How do you determine what is a primary purpose?




don’t you look at what TICA made consumers reasonably aware of
under NPP1.5?
PC found that TICA breached NPP 1.5 - didn’t they imply they only
collected defaults?
shouldn’t they be bound by that as their purpose? - it would be
nonsense to say you can have a primary purpose different from
what you say it is, but secondary uses must be within ‘reasonable
expectations’
(2) Can TICA use the information if its members are in breach
of NPP 2 in supplying it?


PC questions [95] whether TICA members’ disclosures to TICA are
for a secondary purpose and satisfy NPP 2
But he fails to consider the implications of this …
Use, Disclosure and Quality
19
Secondary purposes:

Mistaken disclosures can still be for correct purposes



[2003] HKPrivCmrAAB 1 - Bank mistakenly disclosed complainant’s
access request to his employer - mistake of fact that employer held
the information sought - PC held, and AAB upheld, that this was for
the original purpose of collection or at least directly related to it
Seem that disclosure for an intended correct purpose is OK if it is
based on a mistake of fact (not a mistake as to allowed purpose)
S41 directions expand NSW ‘directly related’ test


S17 limit on secondary use is expanded by Privacy Comm’s s41
Direction allowing uses where an agency is ‘reasonably satisfied’
that use is in pursuance of an agency’s lawful functions.
Eg AK v Gosford City Council ([2007] NSWADT 289) - Case
Summary [2007] AUPrivCS 16: Council sent advertising material for
a chance to win prizes if rates were paid on time. Although not
‘directly related’ to Council functions according to Local Govt. Act,
remitted back to Council for internal review on this exemption!
Use, Disclosure and Quality
20
Allowed uses (II) Consent

A lot of variation in requirements for disclosure:




C.f. NZ requires ‘authorisation’



HK DPP3 requires ‘prescribed consent’ (s2(3) defn)
Australia usually ‘express consent or implied consent’ (Cth PA s6,
also Vic) (see GG & LB 2005, 1.8) Contra NSW requires ‘express consent’ for disclosures (s26(2)), but
only consent for new uses (s17(a)).
NZ Courts (L v J, L v L) have held this includes implied
authorisations (see Roth article)
Consent must also be informed (meaning of ‘consent’)
Data subject’s consent to change of use is needed even if data
was not collected from the data subject (B&W support). See
‘effect on subsequent recipients’
Use, Disclosure and Quality
21
Consent exception (2)

Re NSW s26(2) ‘express consent’ for disclosures

Macquarie v FM [2003] NSWADTAP 43





See also Greenleaf casenotes on original decision and appeal
NSW s18 requires express consent (s26(2))
UNSW had express consent to obtain FM’s academic transcript
from other Unis
Held: This ≠ express consent to Macquarie to disclose it to
UNSW; ‘must be the subject of administrative action by the
agency disclosing …’
So not even enough if the UNSW form had expressly
mentioned Macquarie - very strict
Use, Disclosure and Quality
22
Consent (3)

HK DPP3 requires ‘prescribed consent’ (s2(3) defn)

Inclusion of ‘voluntariness’ implies strictness beyond normal
meaning of consent (PCO suggests)




Might imply there cannot be any adverse consequences for
failure to consent, if consent is to be ‘prescribed consent’
Does not necessarily require writing
Does not allow ‘opt out’ - In HK PCO complaint estate agent
attempted to require clients to opt out from being members
of a club - ineffective
S2(3)(b) allows prescribed consent to be revoked, but only in
writing
Use, Disclosure and Quality
23
Consent exception (4) - Can consent
be implied from failure to opt out?


HK - ‘No’ - see ‘prescribed consent’ in DPP 3
Australia - sometimes ‘yes’




Supported by Explanatory Memo to 2001 amendments re
NPP2.1(b)
Aust PC’s NPP (draft?) Guidelines - ‘Yes’, but considers it depends
on specific circumstances - Sets out 8 factors supporting finding of
consent: (I) clearly stated / understandable ; (ii) likely to be read;
(iii) likely to understand implications; (iv) free and not bundled; (v)
no cost / little effort; (vi) consequences harmless; (vii) subsequent
restoration possible; (viii) multiple means of opt-out
Example (PC): Rarely applicable to opt-outs from marketing info
because (I) not likely read; (ii) belief of adverse effects of replying
Canadian PC has recognised opt-out can be consent: see case
#207
Use, Disclosure and Quality
24
Consent (5)

When can consent be otherwise implied?


Family members: can’t just be assumed
HK ‘express consent given voluntarily’ (s2(3)) How different from implied consent allowed in
Australia?


A broad interpretation of ‘directly related’ can have the
same effect
PCO eg in RG - purpose of collection of client data by a
social worker implicitly includes compliance with any
legal obligation to the Courts - disclosure allowed
Use, Disclosure and Quality
25
Consent (cont)

‘Bundled’ consent

Unresolved, but reference to notice of ‘purposes’ in NPP
1.3(c) gives some support

Argument against is that it bundled consents may not be
consents given freely (except for principal purpose) because
refusal to consent will disadvantage

ALRC 108 (2008) proposes only that PCO issues guidance

See Greenleaf, Waters & Bygrave ‘3.2. Meaning of Consent’ in
submission to ALRC, 2007, particularly Submission DP72-10
that separate consent should be required for each proposed
purpose of use
Use, Disclosure and Quality
26
Prior awareness exception

Prior awareness exception


Cth IPP 11(a) ‘individual …is reasonably likely to have been
aware, or made aware under IPP2’ of disclosure practices
NSW s18(1)(b) – similar - nothing similar in NPPs or HK



No need to be directly related, with consent, or authorised by
law; but argue that it must still be within purposes of agency
Does this allow post-collection notice/awareness of changes
to disclosure practices? - inimical to finality


Example - Macquarie v FM [2003] NSWADTAP 43
No evidence whether so abused since introduced in 1988
ALRC Report 108 (2008) – ALRC proposed UPP 5 does not
include any such exception
Use, Disclosure and Quality
27
Allowed uses (III): ‘Authorised
by law’

Cth Privacy Act (IPPs and NPPs) - uses/disclosures ‘authorised
by or under law’




NSW more restrictive (s25):


PA did not retrospective invalidate any legislation permitting or
requiring disclosures
Includes common law duties/rights to disclose
see GG&LB 2.1.3 - EU A29 Committee incorrect - still requires a
positive authorisation or requirement to disclose
non-compliance may be ‘lawfully authorised or permitted’ or
‘necessarily implied or reasonably contemplated’ ‘under an Act or
any other law’
HK does not have a general exception ‘where authorised under
law’ - see specific exceptions (later)
Use, Disclosure and Quality
28
‘Authorised by law’ exception (2)

ACT Dept JACS [2004] PrivCmrACD 5




C, JACS employee, was whistleblower to ACT Omb.; JACS
staff disclosed personal info about C’s internal grievances to
Omb.
JACS claimed it did so to show Omb that complaint may be
‘frivolous or vexatious’
PC held no defence (I) that C would be ‘reas aware’ of such
disclosures; or (ii) that it was ‘authorised by law’ - some
disclosure was authorised, but only if it was relevant to the
Omb. Investigation - this was not.
However, $0 compensation; apology ordered - who would be
a whistleblower?
Use, Disclosure and Quality
29
'Authorised by law' exception (3)

ALRC Report 108, Chapter 16

Considered case for limiting exception to 'specifically
authorised’, but decided against (Greenleaf, Waters &
Bygrave submission recommended this)

Same wording 'required or authorised by or under law'
recommended for several principles

Recommends defining 'law', including to cover common law
duties of confidentiality, and exceptions to them (R16-1)


May make no difference to existing law here
Recommends OPC guidance (R16-2)
Use, Disclosure and Quality
30
Reminder: Limited role of
exceptions

The limited role of exceptions





They are usually not a requirement to disclose/use
They are usually not authority to disclose/use if some other
law forbids this (eg BOC)
They merely mean there is no breach of an IPP
This also applies to ‘authorised by law’ exceptions ‘Authorised’ ≠ ‘required’ (trite but important) - not
required to disclose just because an IPP exception
exists - still their discretion to exercise
HK Pt VIII (Exemptions) s52 specifies that an
exemption ‘neither confers any right nor imposes any
requirement’
Use, Disclosure and Quality
31
Other exceptions

Will only consider some important ones:






Direct marketing exceptions
Protection of safety of self and others
Law enforcement purposes
Disclosure between related corporations (NPPs)
See also 'Exemptions' slides
Sources


Cth PC Info Sheet 11 - Exemptions from NPPs
GG&LB 2005
Use, Disclosure and Quality
32
Direct marketing exception


Many jurisdictions (including EU) have a Direct
Marketing (DM) exception allowing opt-out
Hong Kong direct marketing ‘opt out’ exception (s34)






Notice of right to opt out must be given first time personal
data is used for direct marketing.
Data user must comply with subject’s wish to opt out
Need notice be given every time new data is held, or only if
it is actively used for direct marketing?
See 4 examples in RG
S34 applies even if the direct marketing is with consent
(PCO egs); this differs from Australia
Promotion of government programs, and investment
newsletters, are both direct marketing (HK PCO egs)
Use, Disclosure and Quality
33
Direct marketing exception (2)

HKPCO complaint AR 7/05: publisher
outsourced direct mailings to a lettershop,
who failed to recognise different versions of
name of complainant who had previously
opted out; held publisher was in breach of
s34, required to find a better lettershop, and
to for its staff to do quality checks on deduplication processes used
Use, Disclosure and Quality
34
Direct marketing exception (3)

Australian NPP 2.1(c)


Only applies to use, not disclosure, for DM
Better view - 2.1(c) is an alternative to (a) or (b)



Marketing use need not be within reasonable expectations
Wishful thinking view - all direct marketing must comply with
2.1(c) (Many submissions to PC’s review support a change)
NPP 2.1(c) can only be relied on to allow DM if

Impractical to obtain consent [under (b)] before this use



PC (NPP GLs) says it is ‘normally not impractical’ with online
communications
Individual has not previously opted out from marketing from this
organisation [will it cover central opt -out lists?]
Each marketing communication must give an option to opt-out
from further communications (No equiv to HK annual notice)
Use, Disclosure and Quality
35
Direct marketing exception (4)

ALRC Report 108 recommends stronger right to optout of Direct Marketing (DM) – UPP 6, but:

Organisations only – not extended to agencies

Right to opt out etc would apply to all uses of PI for DM

Direct marketing left undefined

To existing customers, (i) DM must be within existing
expectations and (ii) offer a ‘simple and functional’ means of
opting out.

To non-customers, DM allowed provided (I) consent obtained
unless not practicable; (ii) explicit notice that opt-out possible;
and (ii) disclosure of source of PI provided on request.
Use, Disclosure and Quality
36
Direct marketing exception (cont)

Alternatives to NPP 2.1(c) for direct marketers:



Rely on DM as express purpose of collection (implied consent)
Rely on 2.1(a) ‘related purpose’ / reasonable expectations
Obtain express consent to marketing, come within 2.1(b)




PC (NPP GLs) says express consent will be needed
In all 3 cases, no need to give 2.1(c) opt-out notice
BUT Where individuals do opt-out anyway, this would negate both
consent and reasonable expectations
Current development

Government considering ‘Do Not Call’ register
US one has US$15K fines if they do after opt-out (bounty better)
How would this handle the 200M calls p/a outsourced O/S?

Note also the requirements of the Spam Act 2003


Use, Disclosure and Quality
37
2 Protection of safety/health


All Australian Acts have variants of 'necessary to
prevent or lessen a serious and imminent threat to
the life or health of the individual concerned or of
another person’
HK s59 exempts ‘personal data relating to the physical or
mental health of the data subject’ where access (DPP 6) or
restricting use (DPP 3) ‘would be likely to cause serious harm to the
physical or mental health’ of the data subject or another person

FM v Macquarie University [2003] NSWADT 78


Macq staff were concerned that FM might injure someone at
UNSW
No exemption because not ‘serious’ or ‘imminent’
Use, Disclosure and Quality
38
3 Law enforcement exceptions

Cth PA exempt purposes of disclosure




IPPs 10.1(e)/11.1(e) ‘reasonably necessary for the enforcement of
the criminal law’ etc
NPPs 2.1(f)&(h)
NSW Act has much broader set of exemptions, often blanket for
agencies
All law enforcement exemptions (except NSW) require a ‘note’
to be kept of all disclosures


The only example of logging of disclosures required by IPPs (NPP
2.2; Cth IPP 10.2)
Is logging essential for adequate security? - see FH v NSW
Corrective Services ([2003] NSWADT 72) - Summary [2003]
NSWPrivCmr 1

If there is no logging, rights of access (and notification of
corrections are significantly crippled
Use, Disclosure and Quality
39
Exceptions - law enforcement etc

HK PDPO s58(2) - use/disclosure for 'prevention or
detection of crime', 'serious improper conduct' etc
does not breach DPP 3



See earlier examples from 2004/05 AR
D must show that adherence to DPP 3 would
prejudice one of these interests, and he had
reasonable grounds for believing this
Lily Tse Case [1998] HKCFI 811 

Personal injuries action concerning Albert House collapse
1994 - Held DPP 3 did not apply so as impede third party
discovery (of witness statements held by Police) in a civil
action
A tort was 'serious improper conduct’ for s58(2). This has
broad implications
for PC(P)O.
Use, Disclosure and Quality
40
4 Related corporations exception


No HK direct equivalent
Aust Cth s13B allows information to be disclosed by
corporation A to related corporation B


primary purpose of collection of corporation A will normally
determine what secondary use corporation B can make
(restricted by 'reasonable expectations' test) [see note to
s13B(1)]
BUT not in relation to the direct marketing exception in NPP
2.1(c) (test does not apply)

B can send direct marketing to A's customers (with opt-out)
irrespective of A’s purpose of collection
Use, Disclosure and Quality
41
Other rules and Principles
related to use and disclosure

Related principles (covered in following
slides)




Data integrity/quality principles - see following
'Objection to processing' principles
Proposed ‘automated decision-making’ principle
Separate slides / Reading Guides


Data export limitation /cross-border principles
Public registers - Application of IPPs


Limited separate NSW principles
Data matching controls
Use, Disclosure and Quality
42
Data integrity/quality principles

Quality principles - these variously require:






HK DPP 2(1) - ‘all practicable steps’ to ensure data are
‘accurate’ having regard to principal and directly related uses
Cth IPP 8 - reasonable steps to ensure ‘accurate, up-to-date
and complete’ (AUC) before use (not disclosure, not at
collection)
NPP 3 - reas steps to ensure AUC when collects, uses or
discloses
Cth IPP 9 - may only use for relevant purposes
NSW s11 (IPP 4) reas steps to ensure AUC when collecting
‘from an individual’
NSW s16 (IPP 9) reas steps before use to ensure relevant
and AUC
Use, Disclosure and Quality
43
Data integrity/quality
principles: Hong Kong

DPP 2(a) requires that 'All practicable steps … to
ensure … personal data are accurate having
regard to the purpose‘ (of use).




'use' includes disclosure, so DPP2 obliges data users to
ensure data accurate for the purpose for which it is being
disclosed to a 3rd party
DPP2(c) also imposes obligation to inform 3rd party of
inaccuracy and provide corrected data
"Inaccurate" …. means … incorrect, misleading,
incomplete or obsolete' (s2) - same as elsewhere
HKPCO avoids adjudicating on correction of data see discussion under Access & Correction
Use, Disclosure and Quality
44
Data integrity/quality
principles: Hong Kong

DPP2(b) requires that inaccurate data
(i) not be used or (ii) be erased.


Discussed in next topic
s66 compensation claims possible
subject to defences - DPP 2 is one of
most likely sources
Use, Disclosure and Quality
45
Data integrity/quality principles

Significance of quality principles:




Correction of errors may not be enough - prior
failure to take reas steps may be breach
Legitimate uses/disclosures may still lack quality
control
Legitimate collection may still lack quality control
Examples

L v Commonwealth Agency [2003] PrivCmrA 10 - failure to take
any steps to check a mailing address was a breach
Use, Disclosure and Quality
46
Data integrity/quality principles

Tenants’ Union v TICA #2 [2004] PrivCmrACD 2 - PC found breach of
NPP 3 in relation to the ‘enquiries’ (ie not defaults) database


vital nature of housing impacts on what is reasonable
TICA’s random checking to ensure accuracy






PCO carried out its own (since TICA did not keep records) and found many
inaccuracies
Important elements in a system of quality control include (I) system of
random checking; (ii) advising those who have received inaccurate
records - TICA failed
TICA’s collection practices - for tenancy databases (given prejudicial
effect) 3 pieces of identifying information is minimum necessary - TICA
failed tho always had two.
Failure to advise tenants of listing impacts quality obligations
Deleting notes that listings are disputed after 30 days
6 forms of breach identified in Determination
Use, Disclosure and Quality
47
Data integrity/quality principles

Tenants’ Union v TICA #3 [2004] PrivCmrACD 3 - PC found breaches
of NPP 3 in relation to its defaults database because it was retained
for an excessive time and therefore ‘out of date’.


Criteria applied (para 53) set out steps required for reasonableness if
potentially prejudicial information is to be held for a long period (over 3
years in this case)
ALRC proposals

Greenleaf, Waters & Bygrave (Dec 2007) ‘10. Data Quality
(UPP 7)’
Use, Disclosure and Quality
48
'Objection to processing'
principles

EU privacy Directive contains examples:



Art 14(a) right to object to data processing generally,
Art 14(b) right to object to direct marketing
Art 15(1) right to object to decisions based on fully
automated assessments of one's personal character

Only Aust and HK examples is the right to opt-out of direct
marketing (Aust - NPP2.1(c))

ALRC Report 108

strengthens right to opt out of direct marketing – UPP 6
– see slide above
Use, Disclosure and Quality
49
‘Automated decision-making’
proposed Principle


ALRC 108 (2008) Rejects case for an
automated decision making rule
In Greenleaf, Waters & Bygrave 2007 ‘15.6.
Automated decision-making principles’ we
agree with the ALRC that a separate principle
is unnecessary, but submit that it should be
made an express requirement as part of UPP
7, with an appropriate ‘reasonable steps’
limitation.