Skip to main content
You are here: News

News

The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.

FTC Testifies before House Judiciary Committee’s Subcommittee on Regulatory Reform, Commercial and Antitrust Law about Antitrust Concerns and the FDA Approval Process

In testimony presented to the U.S. House of Representatives’ Judiciary Committee Subcommittee on Regulatory Reform, Commerical and Antitrust Law, the Federal Trade Commission described its efforts to stop anticompetitive conduct in the pharmaceutical industry.

Testifying on behalf of the FTC, Acting Director of the Bureau of Competition, Markus H. Meier noted that the 1984 Hatch-Waxman Act established a carefully balanced framework to facilitate introduction of lower-cost generic drugs in the marketplace while preserving incentives for innovation. However, some drug manufacturers have exploited certain features of the Act, with the result that their exclusive rights over branded drugs have extended well beyond the periods Congress provided to spur investments in innovation. At times, this has led to private windfalls at the public’s expense, according to the testimony.

“At the FTC, we’ve been fighting back against these efforts to keep prices artificially inflated,” the testimony stated. “In the years since the Hatch-Waxman Act was enacted, the Commission has pursued numerous antitrust enforcement actions involving both branded and generic firms.”

One area where the current regulatory system presents opportunities for branded firms to delay generic entry is in situations where the branded pharmaceutical is subject to a restricted distribution system, according to the testimony. The FDA is authorized to require Risk Evaluation and Mitigation Strategies, or REMS programs, which restrict distribution of certain pharmaceuticals in order to safeguard the public and prevent potential abuse or diversion. Even if the FDA does not require REMS for a particular drug, the manufacturer can voluntarily adopt a restricted distribution policy using exclusive contracts with distributors or specialty pharmacies to limit access to the product.

The testimony states that some branded manufacturers have used restricted distribution programs to delay generic entry in two ways: by refusing to provide samples to the generic firm, leaving it unable to perform the preclinical and clinical testing the FDA requires to establish that the generic version is biologically equivalent to the branded drug; or by preventing the generic from joining the existing REMS distribution system, so the FDA cannot approve the generic firm’s Abbreviated New Drug Application.

According to the testimony, one study estimates that Americans have lost $5.4 billion annually due to higher prices for prescription drugs because of REMS manipulation by branded drug companies.

The Commission’s concerns about REMS manipulation also extend to branded biologic drugs, which are regulated under the 2009 Biologics Price Competition and Innovation Act. According to the testimony, the FTC believes branded firms could frustrate the timely entry into the marketplace of biosimilar competitors by restricting access to product samples and throwing up roadblocks to the biosimilar firms’ efforts to meet the Act’s requirements.

According to the testimony, the Commission supports the goal of the Creating and Restoring Equal Access to Equivalent Samples Act of 2017, or CREATES Act, to protect the competitive process by eliminating incentives and opportunities for branded manufacturers to engage in manipulation of the REMS process to delay generic entry.

The Commission vote approving the testimony and its inclusion in the formal record was 2-0.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
27 Jul 2017, 10:00pm AEST

FTC, State, and Local Partners Announce Joint Conference on Protecting Military Consumers

Training for military attorneys, law enforcement personnel, and consumer protection officials to help them address consumer fraud and other issues that affect servicemembers and their families

The Federal Trade Commission, state, and local authorities will convene a conference in Los Angeles on Sept. 7, 2017 to help educate military consumers and train military attorneys, law enforcement personnel, and consumer protection officials to address consumer fraud and other issues that affect servicemembers and their families. This event follows the FTC’s recent successful Military Consumer Financial Workshop, held July 19 in San Antonio.

The Protecting Military Consumers: A Common Ground Conference will discuss current and emerging issues affecting servicemembers and their families such as student loans and for-profit colleges, identity theft, imposter scams, debt collections, mortgage disputes and real estate fraud. 

“We must protect those who protect our nation,” said FTC Acting Chairman Maureen Ohlhausen. “Servicemembers and their families who are victims of or targeted for scams can rely on advisors, advocates, and legal resources for help – especially in Southern California. That is why we continue to promote these resources to our military and veterans through events like this one.”

The conference will include an overview of federal, state, and local consumer protection laws such as the Servicemembers Civil Relief Act, the Military Lending Act, and the FTC’s and Consumer Financial Protection Bureau’s rules and regulations.

There also will be an opportunity for servicemembers and military attorneys to learn about resources that can help them prevent, detect and defend against consumer fraud, including counseling and information, one-on-one dispute resolution, fraud investigations for civil and criminal prosecution and legal representation.

The conference will take place at the Los Angeles Police Department Headquarters, 100 W 1st St, Los Angeles, CA 90012 from 9 am to 1 pm Pacific Time. The entire conference will also be streamed live online. An RSVP is suggested, as space is limited. To RSVP, please email only your name and affiliation (if any) to militaryla@ftc.gov. A detailed agenda will be published at a later date.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
27 Jul 2017, 10:00pm AEST

Address by Mr Tan Kiat How, Commissioner of PDPC, at the PDP Seminar 2017 on Thursday, 27 July 2017, at the Sands Expo and Convention Centre, Marina Bay Sands

Dr Yaacob Ibrahim, Minister for Communications and Information, 
Speakers,
Distinguished Guests,
Ladies and Gentlemen,
 
1. The Digital Economy provides exciting opportunities for businesses and workers.  We have seen the rise of platforms in domains such as e-commerce, social media and e-payments, and the growth of vibrant digital ecosystems around these platforms. In these ecosystems, data is the currency of exchange and the basis on which enterprises innovate business models, products and services. Trust is a key lubricant that enables the entire system to function.

2. A robust data protection regime is important to engender trust in our ecosystem and enable our companies to seize growth opportunities. That is why since the last seminar, we have been ramping up data protection capabilities among organisations.

Current Data Protection Landscape
3. We are making steady progress. From our recent industry survey, the number of organisations with some data protection policies and practices in place has increased to 96%. This is up from 70% the year before.  

4. Of these, half had appointed a Data Protection Officer, or DPO. While this is a marked improvement over the previous year’s 40%, we cannot stress enough that appointing a DPO is mandatory. More importantly, it is a decision that should not be taken lightly. As the champion within the organisation, the DPO plays an important role. He takes the lead on putting in place internal policies, designing processes and inculcating the right data protection culture. On our part, the PDPC will continue to develop programmes and schemes to support and elevate the DPO in his role. 
 
5. It has been three years since the data protection provisions have come into force We have investigated over 300 enforcement cases since then, with a majority of the cases receiving an advisory notice. For the more serious cases, we issued over 30 full-length decisions where many of the organisations in breach had to pay financial penalties and carry out other directions to strengthen their data protection policies and practices.

6. Our firm enforcement actions aim to drive home the message that personal data protection is important. As we strive towards a Digital Economy, data protection cannot be just about compliance; it must be about accountability. Accountability is an organisation’s promise to customers that their personal data will be handled carefully. It is about being able to demonstrate to customers that the organisation has put in place measures that pre-emptively identify and address risks to the personal data of their customers. 

7. In a recent survey that we conducted among some 1,500 consumers, 93% of respondents trusted that, with the PDPA in place, their personal data would be protected from misuse by organisations; four out of five respondents had noticed an improvement in organisations’ data protection practices; and 73% of the respondents was willing to provide their personal data to these organisations for products, services and other perks. It’s a significant change from last year, where only about half of them indicated a willingness to do so. This suggests greater trust in the organisations here.

8. This trust is an asset that all of us, as stakeholders in our local ecosystem, have a collective responsibility to preserve and protect. 

Building a Culture of Trust in the Data Protection Ecosystem
9. Let me elaborate how PDPC will help companies make this transition from compliance to accountability.
 
10. Later this year, PDPC will be producing two guides – the first on how to implement a Data Protection Management Programme, or DPMP; and the second on how to conduct Data Protection Impact Assessments, also known as DPIAs. These are accountability and data protection by design tools, which adopt sensible, risk-based approaches towards data protection.
 
11. A DPMP sets out the organisation’s management policies, application of processes and practices, and roles and responsibilities of staff in the handling of personal data. Developing a DPMP within an organisation takes careful planning and considerations of all aspects of data collection and use, and the DPMP guide will help organisations put in place a practical and robust personal data protection programme regime. 
 
12. To help DPOs make strategic decisions on where and what to focus their efforts on, PDPC will be introducing a PDPA Assessment Tool for Organisations. It is an interactive online tool that helps the DPO to review the organisation’s data protection policies and processes, identify gaps, provide actionable suggestions and recommend relevant resources – such as the PDPC’s advisory guidelines – to improve data protection measures. This tool will be free and made available on PDPC’s website.  
 
13. The second guide is on the conduct of DPIAs. It will be a useful resource for the DPO as he sets about reviewing systems or processes to identify where personal data may be at risk. This guide can also be used when designing new systems or processes. DPIAs should ideally be conducted once before the design of the system or process is finalised, and again to ensure that the solutions to address the risks are properly implemented before the system or process goes ‘live’. The integration of DPIAs within an organisation’s business processes is a crucial step towards adopting a Data Protection by Design approach.

Supporting our SMEs
14. We foresee that some companies may need a bit more guidance. This will be especially true for SMEs who may not have an experienced DPO on staff. To support them, we will be implementing a few measures.  

15. First, the Data Protection Starter Kit. This is expected to be introduced later this year. It will be a step-by-step guide that highlights nuggets of useful information and resources, such as sample clauses, forms and templates in an easy-to-understand manner. This will be available first as an online and hardcopy resource, and will be followed by a mobile app.
 
16. Second, PDPC will be appointing a panel of Data Protection Advisors to provide targeted help for SMEs. The advisors can guide SMEs on the implementation of data protection processes and systems that are tailored to the organisation’s operational needs. This advisory service will allow SMEs to have a better understanding of their obligations under the PDPA, identify data protection gaps within the organisation and point them to relevant resources. Advisors will also be able to identify available grants that SMEs may tap on, types of courses their employees can attend, and connect them to external data protection service providers.
 
17. I have spoken about the tools and guides that we will be introducing this year as the first stage of our journey from compliance to accountability. In the next stage, we plan to develop the DP Trustmark. We aim to do so by end 2018. The DP Trustmark is a clear recognition that an organisation has put in place accountability practices that go beyond a checklist approach to compliance. Over the coming year, we will be seeking views on key features of the Trustmark, for instance the certification criteria. We plan to start the industry consultation by end of the year. 

Learning from One Another 
18. The PDPC has been actively issuing enforcement decisions for about 15 months now. There are always lessons we can draw from each situation. 

19. Let me give you an example. We received a complaint against the Singapore Institute of Management (SIM) concerning the alleged disclosure of the complainant’s NRIC image to a third party over the institute’s online portal. While processing applications, a staff erroneously uploaded the complainant’s scanned NRIC image to another applicant’s online records. This human error resulted in the disclosure of the complainant’s personal data to the third party. Upon notification of the incident, SIM immediately removed the image from the portal. The staff who committed the error was also counselled.

20. The key issue is whether the organisation has made reasonable security arrangements to protect their applicants’ personal data. After investigation, we determined that the sample documentary checks that SIM had instituted were adequate in providing reasonable assurance of the correct tagging of applicants’ scanned documents. Hence, we were satisfied that SIM had adequately discharged its Protection Obligation and decided that there was no breach. 

21. This case is one of the many that we have compiled in a Personal Data Protection Digest. With a Digital Economy, the discourse on data protection laws and practices will only grow deeper. The Personal Data Protection Digest deals with practical issues faced by data protection practitioners in the course of their work, and cover a variety of topics.
I hope that it will provide helpful guidance to DPOs, as well as lawyers and in-house legal counsels who advise on data protection. Our aim is for this effort to contribute to the growing knowledge and experience in this area.

22. At this time, I would like to acknowledge the contributions of the Data Protection Advisory Committee. Their sound advice and industry insight have informed the Commission's decisions. This volume is very much their product as well.
 
Conclusion
23. We believe that data protection and data innovation goals are not mutually exclusive. In fact, a robust data protection regime is an important foundation for which data innovation can thrive. All of us have a shared responsibility to build up the trust quotient needed to enable the smooth functioning of this ecosystem, which enable businesses to seize opportunities and reap the rewards of data innovation. 

26. I hope many of you will benefit from today’s event. 

27. On that note, I would like to thank Minister Yaacob for gracing our event once again, and wish everyone an engaging and fruitful day. 

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
27 Jul 2017, 12:00pm AEST

Developing a trusted data ecosystem to support Singapore's Digital Economy

The PDPC has embarked on a new series of initiatives as part of its efforts to develop a trusted data ecosystem in Singapore.

These include the launch of a public consultation for the review of the PDPA, a new guide to help organisations adopt best practices when sharing data, plans to introduce a DP Trustmark, and more.

Please download the media document here:
 
  • Media Release

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
27 Jul 2017, 12:00pm AEST

Speech by Dr Yaacob Ibrahim, Minister for Communications and Information, at the Personal Data Protection Seminar 2017, at Sands Expo and Convention Centre on 27 July 2017 at 9.35am

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
27 Jul 2017, 11:45am AEST

Updated privacy policy

The OAIC has updated its privacy policy. The update includes the following changes:

Office of the Australian Information Commissioner
Source: News - OAIC
27 Jul 2017, 1:59am AEST

FTC to Hold First Roundtable on Economic Liberty

WHAT:The U.S. Federal Trade Commission will host a Roundtable, Streamlining Licensing Across State Lines: Initiatives to Enhance Occupational License Portability. The event will explore options for enhancing the portability of occupational licenses.
WHEN:Thursday, July 27, 2:00 p.m.–4:00 p.m. EDT
WHERE:Constitution Center
400 7th St., SW
Washington, DC 20024
WHO:FTC Acting Chairman Maureen K. Ohlhausen, as well as stakeholders, including experts on the law of interstate compacts; representatives of organizations that have developed or administer compacts or model laws for specific professions; government officials who have facilitated the adoption of state legislation aimed at improving the portability of licenses for military spouses, and others.
WEBCAST:The conference will be webcast.

Federal Trade Commission, United States
Source: Press Release Feed
26 Jul 2017, 10:00pm AEST

Williams v ACC: Getting the information right

A recent Human Rights Review Tribunal decision has highlighted the importance of agencies complying with privacy principle 8 (the accuracy principle) and ensuring they take reasonable steps to ensure the information is accurate and up-to-date before they use it.

Principle 8 is relevant if a decision affecting an individual has been made on the basis of incomplete, outdated or inaccurate personal information. Information privacy principle 8 says that:

An agency that holds personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.

In the case of Williams v ACC, ACC had relied on a medical report based on an eight-month-old assessment without checking if Mr Williams had further injury or deterioration when deciding to cancel his weekly earnings-related compensation payments. 

After Mr Williams made a privacy complaint to ACC about the failure to comply with principle 8, ACC promptly reinstated the payments and made an apology for their non-deliberate breach of principle 8. Mr Williams has now been awarded $7,500 damages by the Tribunal for the emotional harm he had suffered as a result of this interference with his privacy.

ACC’s due process error

Due to injury, Mr Williams was receiving weekly earnings-related compensation payments. On 24 December 2014, ACC advised the payments would cease from 21 January 2015. In reaching this decision, ACC relied on a supplementary medical report provided by an occupational medicine specialist that included a proviso:

Unless there has been a further injury or a significant deterioration since I saw [Mr Williams] this would continue to be my opinion i.e. in my opinion he is capable of working in his pre-injury work role as truck driver.

But ACC did not check with Mr Williams if he had suffered any further injury or deterioration before deciding to cancel the payments. 

Mr Williams initially took the step of requesting review of the ACC decision but then opted to bring judicial review proceedings in the High Court, to try to have the decision overturned as soon as possible. He then became aware of information privacy principle 8.

Mr Williams wrote to ACC on 13 April 2015, drawing attention to the proviso in the supplementary medical report, and pointing out that had ACC sought up-to-date, accurate, complete and relevant medical information relating to his injury, he would have provided relevant additional and new information.

This complaint to ACC about breach of principle 8 resulted in a prompt same day acknowledgement, and just over a week later, on 22 April 2015, ACC advised the decision to cease his payments had been overturned in light of the acknowledged due process had not been followed when it made the 24 December 2014 decision. Mr Williams was advised his weekly compensation payments would be reinstated and backdated to January 2015. By 24 April 2015, ACC had acknowledged the breach of privacy principle 8 and provided a written apology.

But the apology was not adequate to fully resolve the matter for Mr Williams who sought monetary compensation for the error. Mr Williams complained to us but as we were unable to settle the matter to his satisfaction, he filed proceedings in the Human Rights Review Tribunal seeking $10,000.

Tribunal’s decision on causation and damages

As ACC accepted that there had been an interference with Mr Williams’ privacy, the Tribunal’s decision was about Mr Williams' claim for $10,000 damages. The Tribunal accepted the credibility of the witnesses and observed that Mr Williams impressed as a reserved, quiet and private individual and, while he had a limited ability to speak freely about himself, the Tribunal did not doubt that he had experienced the emotional harm of which he spoke.

While ACC’s apology to Mr Williams was both genuine and immediate, the Tribunal noted that an appropriate and timely apology can be relevant and may lessen the harm suffered to an individual. But the apology could not erase the humiliation, loss of dignity or injury to feelings caused by the interference with privacy, nor is it a “get out of jail free” card.

Accepting the apology was not sufficient to adequately compensate for the consequences of the interference with his privacy, the Tribunal was satisfied the nature and degree of emotional harm experienced by Mr Williams required an award of damages:

The circumstances of the case are consistent with and reinforce the claim by Mr Williams he experienced humiliation, loss of dignity and injury to feelings. The announcement by ACC that his compensation payments would terminate was received on Christmas Eve. Over the holiday period he was left to contemplate a precarious future and the severe consequences which would inevitably flow from the termination of the payments on 21 January 2015. He could hardly have been anything other than worried, nervous and fearful about his financial insecurity, his inability to meet basic living costs and his uncertain and unknown future. It is not surprising his relationship with his partner came under strain. In the New Year, as a person who had been in continuous employment for 45 years and who took pride in supporting himself and his family, he found himself at Work and Income applying for social welfare assistance. He similarly had to face his bank with an admission that he was no longer able to meet his financial commitments. His mortgage had to be rearranged and his credit card debt addressed. His anger, frustration, humiliation and feeling of powerlessness is understandable.

 

On the facts found, there is a clear causal connection between the termination of his compensation payments and his feelings of humiliation, loss of dignity and injury to feelings.

While accepting that Mr Williams’ claim for $10,000 was not extravagant, the Tribunal rejected the claim that ACC’s error had been deliberate. In the circumstances, including recognition of the speed, with which the interference was recognised, acknowledged and remedied by ACC, Mr Williams was awarded $7,500.

The case was contrasted with the award of $15,000 in an earlier case - Taylor v Orcon - where principle 8 was breached, resulting in more serious humiliation, loss of dignity and injury to feelings.

Here are some other examples involving a breach of principle 8:

Image credit: American goldfinch via National Audobon Society.

 

Office of the Privacy Commissioner, New Zealand
Source: Blog
25 Jul 2017, 1:35pm AEST

Are you our next Team Manager (Policy and Technology)?

If you are looking for a new team leadership opportunity and you’re a shoo-in when it comes to interest in privacy issues, check us out! We’re looking for a Team Manager (Policy and Technology) to lead our policy team of five.

Privacy is hot

Privacy is a hot topic and you’ll be right at the forefront of it. The policy and technology team works with public and private sector agencies across a wide range of privacy issues. It deals with gritty and far-reaching issues to ensure the public can have confidence in the way government and businesses use their personal information.

Some examples we’re proud of include the Privacy Commissioner’s inquiry into the government’s proposal (now to be redesigned) to collect individual client-level data from non-governmental social sector agencies; the Customs and Excise Bill that would have given Customs the ability to require people to give up their device passwords at the border; the creation of a Privacy Tick trust mark; and the sharing of personal information across agencies in support of the government’s social investment initiatives.

And then, there’s the team’s involvement in studying the privacy impacts of the latest advances in information technology. Biometrics feels so yesterday! Today, it’s also about big data, artificial intelligence, robotics, Blockchain, the Internet of Things, the re-identification of data - to name a few hot privacy-related topics.

Make a difference

If you’re looking for a challenge, if you want to make an actual difference to people’s lives, if you want to work somewhere where your contribution can make a material difference, take a look at our role. It’s fully hands on. You’ll need the policy and intellectual smarts to provide the best possible advice; you’ll coach, mentor and lead an outstanding team; and you’ll build and develop networks and key stakeholder relationships with government agencies and businesses.

You’ll be working with a Privacy Commissioner who’s always keen to find new ways to do things better, to make the best use of technology, and make our office work smarter while making privacy easy for organisations. That’s the vision. We value innovation, excellence, independence, integrity and respect. Does any of this sound like you? Check us out or tell someone you know who might be the perfect fit.

Applications close on 7 August 2017. Please send enquiries to our external recruiter, Kirsty Brown. You can contact Kirsty on 04 499 9471 or kirsty.brown@h2r.co.nz.

Office of the Privacy Commissioner, New Zealand
Source: Blog
24 Jul 2017, 2:07pm AEST

Ethical data use & future privacy challenges — Data + Privacy Asia Pacific Conference wrap up

Ethical data management and the implications of new technologies to privacy headlined the subjects discussed by international experts at Data + Privacy Asia Pacific this July.

Office of the Australian Information Commissioner
Source: News - OAIC
24 Jul 2017, 3:20am AEST

Why has my information been withheld?

The Privacy Act gives you the right to request access to information about you (see principle 6). That right to access your personal information is essential if you want to maintain some understanding and control over who knows what about you. Your right of access is strong, and does not require you to provide reasons for wanting information.

The Act includes reasons that an agency may rely on to refuse all or part of your request. You are also entitled to know that information is being withheld from you and why it is being withheld.

It can be confronting to have portions of documents ‘blacked out’ or withheld, and it is easy to fall into the trap of assuming that something highly sensitive or important is being hidden.

Fortunately, that’s where we can help. One of the roles of our Office is to review information that has been withheld. We can provide an independent assessment of whether the withholding grounds have been correctly applied.

Quick guide to the withholding grounds

Below is a quick guide to the most common withholding grounds and the sort of information which is typically withheld.

Unwarranted disclosure of affairs of another

This section (29(1)(a)) allows an agency to withhold information that is about someone else. This is commonly used to withhold:

  • information about someone else that happens to be stored with your information;
  • portions of ‘mixed’ information where another individual is identified;
  • the identities of people who may have complained or raised concerns about you.

Often it is possible to provide a summary of the information in a way that doesn’t identify other individuals. This is something you can ask for.

Maintenance of the law

This section (27(1)(c))allows an agency to withhold information if disclosing that information would be likely to prejudice the maintenance of the law. It is commonly used to withhold:

  • information held by Police that could affect an investigation or reveal investigative techniques, if disclosed;
  • the names of informants.

This withholding ground will usually only apply when there is an active or ongoing investigation or legal process. Once the investigation is complete, the risk to the maintenance of the law will generally no longer exist. You may be entitled to information withheld under this section if you ask again, after the investigation is over.

Information does not exist – or cannot be found

This section (29(2)(b)) allows an agency to refuse a request for information when the information does not exist or cannot be found. This is commonly used to withhold:

  • information that was never recorded or never existed;
  • information that has been destroyed (as a matter of process or by mistake); or
  • information that has been misfiled and cannot be located.

Relying on this withholding ground can indicate issues with record keeping and storage. There is no obligation under the Act to record information but once information is held, it needs to be kept secure.

Evaluative material

This section (29(1)(b))allows an agency to withhold information that is ‘evaluative material’ which was given to the agency under a promise of confidentiality.

This is commonly used to withhold references provided to prospective employers.

If information is withheld from you under this section, you might consider making a request for information directly to the person or agency who supplied the information.

Where another law applies

Section 7 of the Privacy Act says information may be withheld when another law restricts access to personal information. For example, section 11 of the Immigration Act 2009 restricts the application of principle 6 of the Privacy Act in relation to certain classes of information held by Immigration New Zealand.

Further points to note

  • The starting presumption is that you are entitled to access personal information an agency holds about you.
  • Your request does not need to be made in writing, but it is often helpful to have evidence of your request in the event of a complaint.
  • The agency you have requested information from should explain that information has been withheld and why. This includes reference to a withholding ground, as well as an explanation of why it applies.
  • There may be alternative ways to answer your concerns. A summary note or discussion with the agency may resolve the issues that prompted your request.
  • The Privacy Act allows you to request access to your personal information – it does not require an agency to generate new information in order to answer your questions.

Image credit: Wikimedia commons.

Office of the Privacy Commissioner, New Zealand
Source: Blog
19 Jul 2017, 12:21pm AEST

Acting Commissioner’s statement on the improper disposal of financial documents in Metchosin

Acting Information and Privacy Commissioner Drew McArthur issued a statement about the improper disposal of financial documents in the District of Metchosin.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
7 Jul 2017, 6:00am AEST

Find out how the GDPR will impact your business this July

On 12 July at the Data + Privacy Asia Pacific conference, attendees will have the unique opportunity to hear various international privacy regulators unpack the European Union’s General Data Protection Regulation (GDPR) requirements.

Office of the Australian Information Commissioner
Source: News - OAIC
28 Jun 2017, 11:45pm AEST

Trust and Transparency the focus of Privacy Awareness Week

The Office of the Information and Privacy Commissioner for BC, along with members of the Asia Pacific Privacy Authorities (APPA), will observe Privacy Awareness Week from May 15-21. This year’s theme, “Trust and Transparency,” will be highlighted in OIPC promotional materials, events, and activities throughout the week.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
13 May 2017, 6:00am AEST

Commissioner to audit ICBC information sharing agreements

Acting Information and Privacy Commissioner Drew McArthur has determined that the office will audit information sharing agreements of the Insurance Corporation of British Columbia (ICBC).

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
24 Feb 2017, 7:00am AEDT

PCPD Joins Hands with Members of the Asia Pacific Privacy Authorities to Promote Privacy Awareness

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
29 Apr 2016, 10:00am AEST

A Community Service Order was imposed on an Insurance Agent for Using Personal Data in Direct Marketing without Consent

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
25 Apr 2016, 10:00am AEST