Submission to Dept of Health & Ageing on the National Health Privacy Code

Extract

When most people think about the collection of personal information, by default they generally imagine direct collection methods, like forms and face-to-face interviews. Yet electronic information handling leads to other indirect types of collection. Privacy legislation does not differentiate between methods of collection; all personal information is to be safeguarded regardless of how it is gathered.

Personal information can be collected in at least five different ways, and we believe it is important to anticipate and plan for different privacy problems under each category.

1. Overt (or Direct) collection via application forms, web forms, questionnaires, face-to-face interviews, call centre interactions, returned warranty cards etc.
2. Automatic collection especially via audit logs and transaction histories.
3. Information generation, includes opinions, evaluative data and inferences drawn from collected personal information, for the purposes of service customisation (such as direct marketing programmes fine tuned in response to established buying
   preferences), business risk management (such as calculating insurance premiums or no-claims bonuses according to risk scores calculated from claims histories) and so on.
4. Acquired information is that which has been transferred from a third party, with or without payment for the information, including cases where personal information is acquired as part of a corporate takeover.
5. Ephemeral information is a special category of automatically collected or generated data, produced as a side effect of other operations. Ephemeral information is reasonably presumed to be transient but can be inadvertently retained. For example, some operations prompt users for a pre-arranged secret , classically their mother’s maiden name , when dealing with a forgotten password. The secret information can be left behind in computer memory or logs, or scribbled on note paper by a help desk operator. Other sources of ephemeral personal information include printer spooler memory, browser cache memory, and network servers where temporary copies of information-in-transit can be retained.

The Draft Health Privacy Code deals expressly with overt collection, generated and acquired information, but does not seem to anticipate any type of automatically collected information.

The ubiquity and transparency of automatically collected information within e-business and e-health systems presents a host of serious challenges in respect of scope creep, information leakage, and the ability to locate and remove all of an individual’s records.