Chapter 3 - Main proposal
3.1 The main proposal is to consolidate six of the existing agreements between Inland Revenue and the Ministry of Social Development into one.
3.2 This agreement would be authorised under the new Approved Information Sharing Agreement (AISA) rules contained in Part 9A of the Privacy Act 1993. AISAs are a mechanism in the Privacy Act that allow information sharing between and within agencies to deliver public services. These agreements clarify and improve the rules around how agencies share personal information, while ensuring safeguards are in place to protect an individual’s privacy.
3.3 This AISA has three purposes:
- to consolidate the existing information sharing agreements between the two agencies under the Tax Administration Act 1994, Child Support Act 1991, and Student Loan Scheme Act 2011, into one agreement;
- to extend the information sharing to enable the provision of targeted housing assistance to those in need; and
- to extend the information sharing to verify a student’s and their parents’ income for the assessment of student allowance entitlements.
3.4 The proposed amalgamation of agreements under one framework would provide more flexibility to the sharing of information between the agencies. The AISA framework allows amendments to be made in the future when there is a need for including other agencies, new information and new purposes for sharing. However, any changes would still go through a robust process to make sure the Privacy Act safeguards are maintained and consultation is undertaken within government and with the public.
3.5 Including additional information in the sharing agreement would mean the Ministry of Social Development could ensure people receive correct entitlements and benefits across a wider range of services than currently. For example, the extension to include income information for social housing purposes would help in calculating the correct rate of income-related rent a household may be required to pay for a property. The Ministry of Social Development would verify their client’s self-reported income data against their income data from Inland Revenue. This creates greater efficiencies and reduces the impact on employers, who currently are required to provide that information.
3.6 An example where the AISA framework would prove its value is when a new agency for vulnerable children, currently under the Ministry of Social Development, becomes operational.
3.7 The new Ministry for Vulnerable Children – Oranga Tamariki, will begin operating in April 2017. This agency will be separate from the Ministry of Social Development. Information currently provided to the Ministry of Social Development may also need to be provided to this new ministry to enable it to fulfil its functions. This change may involve the AISA being extended to incorporate a new party to the agreement and specify the information to be transferred. The requirements to enable that will be worked through with the new agency.
3.8 An AISA must include certain features required by the Privacy Act, including:
- the purpose of the agreement;
- privacy safeguards; and
- advising what information will be shared and how.
3.9 AISAs can modify or override the Privacy Act’s information privacy principles or codes of practice. The most common exemption or modification, and the two proposed to be modified in this AISA, are:
- Principle 2: Source of personal information – It is not a breach of information privacy principle 2 for the agencies to collect personal information from each other for the purposes of the AISA; and
- Principle 11: Limits on disclosure of personal information – It is not a breach of information privacy principle 11 for the agencies to disclose personal information to each other for the purposes of the AISA.
However, AISAs cannot modify or override information privacy principles 6 and 7, which allow a person to access and correct their personal information.
Personal information shared
3.10 Under the proposed AISA agreement, the information that is currently shared between the two agencies will continue to be shared.
INFORMATION CURRENTLY SHARED BETWEEN AGENCIES
3.11 The information currently shared under each agreement is outlined in more detail in the Appendix.
3.12 Information shared under the proposed AISA will also include information used to assess an applicant’s entitlement to student allowance and housing assistance, including:
- personal information – name(s) and contact details;
- income information – salary or wages, employer(s) names and contact details, interest, dividends and Māori authority income, as well as self-employed or partnership income of the person, or in relation to student allowance applicants under 24 years of age, the parents’ income details;
- family details – a partner’s name and contact details, salary or wages, employer(s) names and contact details, the partner’s interest, dividends and Māori authority income, as well as self-employed or partnership income.
Most of this information is already shared under the current agreements.
Do you think the information being shared will improve the services provided by the agencies? If not, why not?
Use of information
3.13 The existing information exchange agreements have purpose provisions that are very specific, which restricts what the information can be used for. This may affect the agency’s ability to correctly determine entitlement to benefits and subsidies, result in multiple requests being made to Inland Revenue for the same information, or delay payments due to the need for evidence to be provided. The following examples illustrate some of the situations where this can occur.
Currently, the Ministry of Social Development receives income information for the purposes of determining entitlement to main benefits. This income information, once verified with the customer, would also be useful in determining entitlement to social housing, but because of the prescriptive nature of the existing agreements, this income information cannot be used for other purposes.
A customer applies to the Ministry of Social Development for a benefit and must provide verification of their IRD number but some customers do not have this in their possession. Currently, the customer has to go to Inland Revenue to get verification of their IRD number. Under the Student Loan Scheme, Inland Revenue is able to verify IRD numbers in near real-time. If the purpose of the existing IRD number verification system were to be expanded in the future, the agencies would be able to verify IRD numbers for benefit applications, which would save time for customers.
3.14 To address the issues in these examples, the Government proposes to change the focus for information sharing, from agreements that share information for purposes of determining an entitlement to a product type (such as child support or Working for Families), to one with a more generic purpose.
3.15 The generic purpose would change the way information can currently be used, and the oversight and safeguards that apply to these exchanges. This will enable information to be shared for the purpose of determining an individual’s eligibility to benefits and subsidies provided by the two agencies, and for assessing tax obligations.
3.16 The Government could amend the AISA in the future to enable further information sharing between the two agencies or other agencies that join the AISA, provided the sharing meets the purpose provision.
- Do you agree with the proposal to expand use of personal information between the Ministry of Social Development and Inland Revenue? If not, why not?
- Would you be prepared to have more of your information shared if it meant faster, more accurate assessment of your entitlements and tax obligations? If not, why not?
Method of transfer
3.17 Currently, the agencies use various methods for transferring information between them. Different transfer mechanisms can lead to duplication of effort for each agency and increased costs associated with information sharing.
3.18 As agencies’ business transformation and information technology programmes progress, the two agencies propose to standardise the mechanism for exchanging information as much as possible, using up-to-date technologies and more secure information sharing mechanisms. This will reduce the administration costs associated with sharing information.
3.19 The Government takes the protection of personal information seriously. The proposed AISA would include controls and processes to minimise any risk of a privacy or secrecy breach occurring.
3.20 The sharing of information would only occur for the purposes set out in the AISA, namely for determining an individual’s entitlement to benefits and subsidies, and for assessing tax obligations.
3.21 Memorandums of understanding agreed by the two agencies would need to be in place before any information sharing could occur, and would provide:
- details on how the information exchanges would occur, such as what information can be exchanged and the safeguards to ensure the privacy of the information shared; and
- the designated senior personnel of each agency responsible for the information sharing.
3.22 Information would be available only to authorised staff in each agency, and customers would have rights and options available, to ensure their information is treated appropriately under the proposed AISA. These rights include:
- the right to seek access to, and to have corrected the information held about them by an agency, under the Privacy Act 1993; and
- the ability to use the internal complaint procedures of the agency concerned or seek assistance from the Office of the Privacy Commissioner if the individual has concerns about how their information has been treated.
Inland Revenue and Ministry of Social Development staff who knowingly disclosed information outside what has been legally permitted would face potential criminal liability for breaching taxpayer secrecy. On conviction they could be liable to a term of imprisonment up to six months and/or a fine not exceeding $15,000.
3.23 In the event that a privacy breach did occur, despite the protections in place, measures will be in place to ensure that any affected individuals are identified as quickly as possible. The necessary steps taken to minimise and mitigate any risk to those individuals are:
- designated senior personnel in the relevant agencies would meet immediately to assess the issue and manage the response;
- information-sharing would be immediately suspended if there was any risk of on-going breaches; and
- the Office of the Privacy Commissioner would be notified and involved where appropriate.
- Are there sufficient safeguards for the protection of your information? What else should be considered?
- Have all the likely issues relating to consolidating information sharing between the two agencies into one agreement been considered?
 Person would be breaching taxpayer secrecy under section 81 of the Tax Administration Act and on conviction could be liable to penalty and/or term of imprisonment under section 143E of the Tax Administration Act.