All-of-government data-sharing plans - disclosed last week when a request for proposal for privacy consultancy went out -- will be aimed at collecting statistical information only.
"All shared and matched data will be anonymised and will not be able to be used to identify individuals," says a State Services Commission spokesperson. "It will not be able to be used to make operational decisions about any individuals. It will be used for research and policy analysis."
A multi-agency policy team known as the State Sector Performance Hub envisages an "improved data sharing arrangement" among agencies. This would centralise pertinent data in "a hub located in a lead responsible agency"
"The objective of such an improved data sharing arrangement would be to help ensure efforts to improve public services are focused in the right place and in the right way through the creation of a stronger base of evidence about the impact of different government interventions on New Zealanders," says the privacy impact assessment RFP.
However, under a scenario presented in the RFP personally identifiable information could still be in the centralised facility, albeit temporarily.
The document says: "It is anticipated that any solution will encompass:
Delivery of person-centred data from the owning agencies to [the hub];
Matching data from these different agency sources;
Anonymising the resulting matched data so that individuals cannot be identified;
Enabling access to the resulting anonymous person-centred data by authorised agencies for agreed purposes."
Asked whether matching before anonymising would pose a risk of creating a centralised pool of identifiable data vulnerable to attack, the SSC spokesperson emphasises that this scenario does not necessarily represent the way the final system will work and that the privacy impact assessment may well suggest refinements to reduce the risk.
There is no detailed specification of the system yet "because the work under way over the next 3-4 months is to come up with a design," says SSC. "The privacy impact assessment that the RFP covers will be part of that work and is a key part of our privacy-by-design approach.
"The initial work we are doing in design will define the privacy and security requirements and we will be working with agencies, external experts and the Office of the Privacy Commissioner to ensure that privacy and security is robust. This will also include the ongoing requirement for privacy assessments and security audits, and ongoing governance and independent oversight.
"The privacy considerations remain crucial and if we can't do this in a way that adequately protects privacy, we won't do it."
Interviewed on Radio NZ, SSC deputy commissioner Ryan Orange was asked if "somebody will be able to put their hand on their heart and say this big system can't be cracked [or] compromised." "Absolutely," he replied.
Orange says he expects plans to firm up in a report issued in about August, but implementation of the hub could be as long as two years away.
Sign up for CIO Asia eNewsletters.