Introduction
It’s important for Government agencies to adequately protect the information they hold, but it’s also important for them to be able to use or disclose that information where appropriate and lawful to do so.
This article illustrates why it can be difficult for agencies to know what they can and cannot do with particular pieces of information, and suggests some general principles applying to the protection and use of information.
It is aimed at anyone wanting a high level understanding of the balancing act that Government agencies face in this area.
The minefield of managing information
For the following reasons, it’s hard to apply a “one size fits all” approach to managing information in Government.
There’s a huge variety of information
Agencies hold information from many different sources in many different formats, from publicly available information, to information that is highly sensitive or confidential.
There’s a range of legal and other requirements
The collection, use, storage and disclosure of information is subject to a number of legal and other requirements, including:
- Requirements specified in statutes and other legislative instruments.
These requirements are a mixture of fairly general obligations (such as in the Privacy Act, Official Information and Public Records Act) and specific obligations relating to certain information or agencies (such as in the Income Tax Act, Biosecurity Act and Statistics Act). - Obligations specified in contracts and other arrangements.
Agencies enter into a variety of arrangements that include conditions on the use of information they hold. The conditions may include confidentiality provisions or license terms, across any of the agency’s agreements. - Other general legal obligations
Other legal requirements (e.g. that aren’t documented in a statute or contract) may be relevant to the use of information. For example general legal requirements in relation to confidential material and obligations in relation to material before a court. - Good practice and other requirements
There are also various good practice “requirements” which may apply (e.g. as detailed in Cabinet manuals, Standing Orders of the House, and internal policies of the agency, or general policies across Government). An agency’s credibility and reputation could be damaged and staff may breach employment agreements if these requirements are not met.
There’s a mix of expectations
The public generally expects Government agencies to keep their personal and commercially sensitive information safe, but they also expect agencies to make decisions based on up to date and relevant information, to consult to ensure Government initiatives are coherent and consistent, to share information where it is appropriate to do so, and to take appropriate action to enforce the law. Inappropriate disclosures result in stakeholders losing trust in the system, being less likely to provide information in future, and the system becoming inefficient.
General Principles
A few recent, high-profile data disclosure incidents have led to some uncertainty and nervousness across Government around the use of information. But it’s not all tricky. To help reduce some of the uncertainty about how agencies can use information, we believe a few very general principles can be applied:
- Unless there are legal or other restrictions, agencies can use information in any way they see fit.
- Agencies can usually use, for the intended purpose, any information they hold.
If an agency needs to use information for its intended purpose, then it can almost always use it for that purpose. There are very few exceptions to this, with the key exceptions being Government security classification restrictions (eg embargoed information) and copyrighted information provided to the agency under a licence which limits use further (e.g. to a specific number of users). - Agencies can usually use information to perform their functions too.
Generally, information held by an agency can also be used for purposes relevant to the agency’s functions. There are more exceptions to this though, particularly:- Personal information and confidential information which is held for one purpose can often only be used for that purpose.
- There are a number of statutory provisions which expressly prohibit certain pieces of information from being used for purposes not specified in the legislation.
- The agency may have agreed with the person who supplied the information that it would only use the information in a certain way.
- Government departments can often share information they hold with other departments.
If information can be shared within a department, then it can usually also be shared with another departments. The sharing department should consider whether to agree an Information Sharing MOU with the other department, to provide appropriate safeguards on use of the information. - Agencies can share information with other entities.
An agency can disclose information to others , where it is appropriate and lawful to do so. Often agencies are required to do so under the Official Information Act. Whether disclosure to any other person is appropriate and lawful will usually depend on matters such as:- any relevant statutory restrictions;
- the public benefit in the disclosure and whether that benefit outweighs any good reasons the agency has for not disclosing the information (e.g. privacy, confidentiality, etc);
- whether the recipient has requested the information; and
- whether the recipient will agree to conditions around use of the information (e.g. an appropriately robust confidentiality clause).
Closing thoughts
There is often uncertainty around how information can be used in Government, particularly as the rules governing information are extensive and the application of those rules depends heavily on the specific context. This makes it difficult to define a “one size fits all” approach to managing information.
Recent privacy breaches have highlighted the risk of wrongful disclosure. But keeping information too fragmented or tightly held within agencies is a risk to the achievement of key Government objectives such as achieving a better public service and growing the New Zealand economy. An appropriate balance needs to be maintained between the protection and use of information.
It’s good practice for Government staff to be familiar with any specific restrictions that apply to the types of information they commonly deal with in their roles. As specific rules around using particular information can be complex and tricky to apply, Government staff should check with others in their organisation, or get advice, if they’re in doubt about the ability or appropriateness of using information in a proposed manner.
More Help?
Clearly, general commentary, such as that provided in this guide, cannot be relied upon in specific circumstances. For advice or any further information on this topic, please contact:
Lucy Elwood
Principal
Direct | 04 831 1544
Mob | 021 252 5879
Email | lucy@elwoodlaw.co.nz
Lucy provides a broad range of advice across Government. Her practice has a strong public law focus, but she also advises on commercial, compliance and regulatory matters across various sectors.
If you’d like to download this Business Guide on Using Information in Government, you can find it right here.