Consumer. Now you know.
Join Consumer Donate
News
10 September 2021

Covid-19 and record-keeping rules: who’s protecting your data?

Open letter calls for better privacy protections.

Nikki-Lee Birdsey
By Nikki-Lee Birdsey
Investigative Writer

When we moved to level 2, mandatory record-keeping rules kicked in. The rules require certain businesses – such as cafés and bars – to keep a record of everyone aged 12 and over who enters their premises. You have the option of scanning in with the Covid-19 Tracer App or making a manual record.

However, the move has sparked privacy concerns, with 121 academics and organisations signing an open letter to the government calling for better data protections.

Dr Andrew Chen, research fellow at the University of Auckland’s Koi Tū: The Centre for Informed Futures, penned the letter.

“We know that contact tracing is an important part of our response to Covid-19 but getting everyone to participate in it requires a lot of trust,” Dr Chen said.

“If people are worried that their data may be misused, they may be more likely to provide false details or refuse to provide details, which undermines our public health response.”

Rules require contact tracing records to be disposed of after 60 days. But Dr Chen and other signatories want tighter restrictions to prevent misuse of data.

The letter outlines possible misuses, including by:

  • police and government agencies for investigations or enforcement purposes

  • companies for marketing purposes

  • employers for purposes other than health and safety

  • individuals acting coercively against others.

Dr Chen points out there were several instances last year where personal information was taken from Covid-19 sign-in registers and misused, either for marketing purposes or stalking.

Higher penalties needed

The issues raised by Dr Chen highlight the problems with the lack of teeth in our privacy law. Maximum fines under the Privacy Act are $10,000.

Harsher penalties apply across the Tasman for privacy breaches. For example, the maximum penalty in Western Australia is three years’ imprisonment or a fine of $259, 214.

“We have been calling for the government to introduce legislation that has strong penalties for misuse of contact-tracing records,” Dr Chen said.

“This legislation doesn't need to be very complicated; it just needs to create a strong disincentive for misuse of data collected for contact-tracing purposes.”

Consumer NZ chief executive Jon Duffy agrees with Dr Chen’s concerns.

“There’s a fundamental problem with the act as it does not make it an offence to misuse a person’s personal information,” Duffy said.

Despite growing concerns, law reform isn’t the pipeline. Covid-19 Response Minister Chris Hipkins said no changes are planned to current legislation.

Member comments

Get access to comment
Get access Log in

Member comments

Terms & conditions of use
Jean M.
14 Sep 2021
As far as I can see the law says....

"An agency that holds personal information that was obtained in connection with one purpose may not use the information for any other purpose" with a few exceptions. So I read this as it being an offence to misuse a person's personal information.

Paul S.
13 Sep 2021
Government U-turn

I don't think it's a legal requirement for businesses to keep records anymore due to policing issues, and the government did a U-turn, so now it's only mandatory for businesses to provide a method of contact tracing.

Peter R.
12 Sep 2021
Reds under the bed

The McCarthy era in the USA was famous or more correctly infamous for its obsession with communism. Our era is similarly obsessed with privacy.
It wasn't always so and the sun still came up every morning.
Don't want people to know your dirty secrets? Don't have dirty secrets. Don't want to be stalked? Deal with it, as women always did.
Don't want people to fear signing in? Stop raising those fears. Patricia Bartlett was famous for peaking interest in publications with sexual content.
My smart phone, purchased new in 2018, though quite possibly a 2016 model, will not load the Government app, almost certainly because of security fears. How many scan-ins are we missing in order to preserve the privacy of a few dodgy citizens? Luckily I found the Nimbl app that, surprise, surprise, unfettered by PC considerations, works a treat.
The only problem I can see with giving up on the nation's and the media's obsession with privacy is mass unemployment in the privacy industry.

Peter C.
11 Sep 2021
Safety of personal details

I wouldn't trust Immigration, MBIE or the Ministry of Health with information received and held.
WHY?
These are the worst government departments due to hugely top-down bureaucracy. All have top heavy administration and management. Few staff have ever been 'at the coal face'.
Watch when things go wrong that become public. The departments refer everything 'to the Minister'. The government for its part refers everything to the department.
RESULT:
We know it as 'running for cover'.

James C.
11 Sep 2021
Agree

Laws are rushed through when it suits the politicians and beyond that there is massive bureaucracy and floundering. Yet they all take the high road with private enterprise ensuring accountability. The public is just over politics.

Colin R.
11 Sep 2021
What is the point!.

The covid 19 tracer app is not designed to be used with a phone that is older than 6-7years. My wife's phone is over 8 years old, we tried and tried to get the app to no avail. Recently she took it to a tech expert who also tried, then looked up online and proceeded to tell her that the phone was not able to download and install the app because of its age. When she asked how many people with older phones could be affected, he said thousands. I therefore pose this is a total waste of people's time!.

Greg C.
11 Sep 2021
Security not device age.

The security requirements of the app are beyond the level in the operating system (OS) of the phone if the OS has not been upgraded in the at least the last two to three years. If the OS is more than two to three years old I would recommend that you do not perform any banking or authentication against network services on the device. The tech expert consulted was negligent in not identifying and informing you of the reduced security the device is providing. Either get a new phone, upgrade the OS, or strip the OS off the phone and install an OS that can be upgraded.

Heather P.
11 Sep 2021
Tracing Needed!

15% to 20% of our population CANNOT be vaccinated as they are under 12 or immune compromised.

Yes I use the Covid App... and track my movements with Google Timeline plus bankcards.

For the safety of my grandchildren I want fast contact if I get exposed to the virus.

David W.
11 Sep 2021
Poor data privacy = no tracing from me

I know where/when I go places. I don't trust the govt app (and haven't downloaded it). I would, however, support everyone carrying a bluetooth card that records contact with others, but the data stays on the card. This govt seems unwilling to engage with private industry who have better, cheaper, non-data-sharing solutions.

Albert Loots
11 Sep 2021
Contact tracing app

Jacinda "should have gone to Specsavers", as she clearly suffers from shortsightedness by rejecting to implement this contact tracing app that does not affect our privacy, which is a l w a y s working and which could have saved the country many hundreds of millions of dollars that are now being wasted in many, many ways.....

Marion J
11 Sep 2021
Too many breaches overall

Wholeheartedly agree with David. As we don't have the Bluetooth option, I will continue to keep my own records - an option we were given during last year's lockdown. This latest legislation especially poses risks for anyone living alone, let alone anyone else,

Marion J.

See 10 more comments
© Copyright Consumer NZ. All rights reserved.

This site uses cookies to help us understand how visitors engage with our website. By using Consumer NZ, you accept our use of cookies.