Courts compound grief

I've had many interesting responses to my column about Courts and its computer system. They all say the same thing - Courts has a lousy system that causes no end of grief and anguish among those unfortunates who fall foul of it.

I've had many interesting responses to my column about Courts (Pay up, pay up) and its computer system. None of the emails are printable for one reason or another, be it bad language or requests for anonymity, but they all say the same thing - Courts has a lousy system that causes no end of grief and anguish among those unfortunates who fall foul of it.

I'm not the only one who found the system to be a problem; privacy commissioner Bruce Slane has also come to blows with the government agency, but for a different reason (albeit a related one). It seems Courts sent cards out to 4000 people telling them they had 48 hours to pay fines or face penalties.

Yet these people not only didn't have fines, it seems Courts had illegally matched personal information from its system with information from the Land Transport Safety Authority's system. Yes, that's right - Courts had taken a peek at the LTSA files without asking anyone or telling LTSA it was doing it. Slane describes it as a "major risk to privacy" and is less than impressed, to put it mildly.

"I am extremely concerned about departments seeking to undertake data matching which has not been authorised," writes Slane in a report on the incident (available at the commission's website). He has made a number of recommendations to the ministers responsible for Courts, Justice and Transport and I for one would hope they would be implemented as soon as possible.

The idea that a department like Courts would not be able to implement the provisions of the Privacy Act make me shudder.

The regulations are easy enough to understand even if some folk do like to use it as a way of getting out of telling you anything. Try asking what section of the act they're using next time someone tells you they can't say anything because of the Privacy Act and see what happens - most people are talking through a hole in their head.

The section in this particular instance is far from confusing.

"An agency that holds personal information shall ensure:

(a) That the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against

(i) Loss; and

(ii) Access, use, modification, or disclosure, except with the authority of the agency that holds the information; and

(iii) Other misuse; and

(b) That if it is necessary for the information to be given to a person in connection with the provision of service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or authorised disclosure of the information."

Clearly that is not what happened here. We should be worried about this. If LTSA doesn't safeguard our data there is scope for a world of trouble.

LTSA, you may recall, now has digital copies of our signatures and faces courtesy of the driver licence scheme and when I spoke to it seemed quite uncertain as to who had the right to access my file. I'm still waiting to hear what happens to my file when I die, although, to be fair, I haven't followed up on the question in the past six months.

The stories I've heard about Courts and its methods make my woeful tale seem positively uplifting. One fellow told me how his name became inextricably linked with another chap who had the same first and middle names but a completely different surname.

"There was a Seizure Notice Warrant thingy printed on red paper put in my letterbox saying they were going to break in or use force to take property and sell it to pay the debts of [the other guy]." The chap contacted Courts and managed to talk to someone who knew something about databases.

"After talking to him for a few minutes he said 'you are [his name]'. With a bit of cross referencing, and a bit of illegal opening and closing of other people's files (I bet) and probably some more illegal dipping into the LTSA database courtesy of EDS, he had figured it out."

This all leaves me with a foul taste in my mouth and a grave concern about the Department of Courts, LTSA and a bunch of questions about EDS, the company that runs the systems most of our personal data seems to be stored on.

Not only are the departments unwilling to treat our data with the respect, but one wonders what safeguards EDS has in place to stop data sharing between departments without the proper authorisation.

As the commissioner says, there is a sensible case for matching the vehicle register against the list of fine defaulters, but there is a process to be followed here and due care and attention to be taken.

Brislen is a Computerworld journalist. Send email to Paul Brislen. Letters for publication should be sent to cw_letters@idg.co.nz.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]