The Government proposes to modernise the information protection and disclosure framework in the TAA by moving to a regulatory model permitting information sharing (that meets certain legislated criteria) to be authorised by order in council. A regulatory model would provide greater flexibility and timeliness to the implementation and amendment of information-sharing arrangements.
The aim of more flexible information sharing is to improve the efficiency and effectiveness of government, while not compromising the ability of Inland Revenue to perform its functions. It also aims to ensure information sharing is safe, proportionate and impacts on the confidentiality of information no more than is considered necessary to achieve the purpose of the sharing. The proposed model would permit sharing of Inland Revenue information for the provision of public services when:
- providing the information would improve the ability of the government to efficiently and effectively deliver services or enforce laws
- the information cannot easily or efficiently be obtained or verified from other sources
- the amount and type of information provided is proportionate given the purpose for which it is being shared
- the information will be adequately protected by the receiving agency
- sharing the information will not unduly inhibit the provision of information to Inland Revenue in the future.
When these tests are met, the Minister of Revenue may recommend an order in council to authorise the sharing. The order in council would set out the agency receiving the information and the broad purpose of the sharing. An underlying memorandum of understanding would then set out the details of:
- the classes or types of information to be shared
- how the information will be used
- how the information will be provided or accessed
- requirements for security, storage and disposal
- whether and how information can be further disclosed
- any review requirements, including disclosure of any breaches.
In a similar way to the Privacy Act Approved Information Sharing Agreement (“AISA”) model, and as with the proposal for consent-based sharing, the new framework proposes sharing “for the provision of public services” as opposed to specifying particular classes of organisation that could access the information. The Privacy Act defines a public service as “a public function or duty that is conferred or imposed on a public sector agency by or under law, or by a policy of the Government”.
Example: areas where the new framework might be used
The proposed rules are targeted at the more efficient and effective operation of government. Broadly this would encompass information sharing to assist:
- more efficient delivery (or reduced cost) of a government-provided service or intervention
- reduced customer compliance burden for a government service or intervention
- increased accuracy of financial entitlements or obligations
- protection of the public revenue
- improved detection of serious illegal activities
- improved prevention of harm to citizens
- dealing with serious threat to public health or public safety.
A primary focus of the new rules would be areas where an AISA under the Privacy Act is not appropriate given the volume of non-personal (company or other entity) information that is to be shared.
Examples of current legislated information sharing that could in future be moved within the new framework include:
- sharing with ACC, in particular information that is used for levy setting for businesses
- sharing information with the Ministry of Business, Innovation and Employment to assist with their responsibilities under workplace legislation
- sharing information with the Department of Internal Affairs that relates to the administration of the Charities Act 2005.