Twelve years working as a telecommunications consumer advocate in New Zealand and globally during the ascendancy of social media gave Ernie Newman a significant exposure to the contentious and fraught issues around personal privacy.

 

As his specific focus on e-health emerged, and especially from 2010 when he chaired a key Consumer Panel for New Zealand's National Health IT Board, he became immersed in the crucial issues around the trade-off between safety and privacy in the uniquely sensitive field of personal health information.

 

Ernie dismisses the notion occasionally aired that personal privacy has become less important as a result of the Internet.

 

He dismisses also the glib assertion that if a person has done nothing wrong, they have nothing to hide. Privacy breaches can be hugely detrimental to all kinds of people - good or evil, wise or naive, young or old, he says.

 

Even the most virtuous of us would be immensely offended to have our banking or health records published, intimate photos shared inappropriately, or private conversations recorded and shared.

 

The aggregation of personal data is leading to major efficiency gains but is also exposing us to ever-greater risks. More and more people have access to our personal information, and can use it in ways that may embarrass or harm us. Sometimes we may never know that our data has been used to our disadvantage. In other scenarios misuse could lead to personal distress, financial disadvantage, relationship issues or even blackmail.

 

Governments have special responsibilities when collecting the private information of citizens, he asserts. The fact that they give themselves legal powers to collect private data, and the sheer scope of the data they collect, gives them a moral responsilility to make the maximum effort to protect it. This means designing into their systems proper role-based access rules, creating audit logs and processes, training everyone who has access about their privacy responsibilities, and ensuring there are legal sanctions against misuse of personal data that provide a serious deterrent.

 

Are governments doing this adequately? Resoundingly, no.

 

Information sharing across agencies is an excellent example of the risks that offset the obvious eficiency gains. There could so easily be an end point where citizens fear upsetting anyone who works for "the government" because of the power given to them by access to private data information encompassing every detail of a person's life.

 

The private sector has similar responsibilities. The difference is that if a commercial organisation commits a privacy breach its customers can, in theory at least, walk away. Reputational risk is a deterrent to businesses in a way that does not apply to government agencies.

 

Conversely, Ernie has great faith in the ability of people to frustrate the data collectors by providing misleading or inaccurate information if the crucially-important element of trust is absent. Legislators are behind the game. Merely complying with the letter of the law is seldom good enough.

 

A caveat on all this is that once data is gathered in a database, in many cases the individual has no ability to retireve it. And once privacy has been breached it cannot be put back in the bottle. The damage lasts forever.

 

All these risks can be managed. However, the speed at which the technology age is advancing means governments and privacy regulators globally are scrambling to keep up, and meanwhile citizens are exposed.

 

Ernie has presented to many groups about privacy issues - initially focused on personal health records but more recently across the wider field of privacy and information governance.