Household Charge Data Protection: Part 4 – The Circle of Trust

Phil Hogan has stated on RTE news that the problems with the Privacy Statement have been fixed.

They haven’t (and for record purposes I’ve taken a PDF copy of the current Privacy Statement to track future evolutions). The problem with not complying with Google’s Terms and Conditions has been fixed. The problems with:

  • Lack of clarity re: the Data Controller has not been addressed. While it is tempting to say that the Controller is Government, in practice there needs to be a single entity who is driving and directing the gathering and collation of the data. Who is the ‘controlling mind’? While this may be set out in legislation somewhere it is a requirement of the Data Protection Acts that it be brought into the light and made clear to people who they are providing their data to. Suggested wording might be:

The Data Controller for the Household Charge is the Department of the Environment. The Department makes use of a number of Data Processors to help administer the charge, provide IT facilities and services to support this website, and to securely process payments made. These Data Processors include: The Local Government Management Agency (LGMA), the various Local Authorities, and Realex Payments.

Under the legislation, the Department has delegated to Local Authorities the responsibility for the day-to-day administration and operation of the Household Charge such as issuing Certificates of Discharge etc and in that context Local Authorities will have access to your personal data for those administrative and customer service purposes.

The LGMA is a shared services organisation providing administrative and back-office support to Local Authorities. In that context they will have access to and will process your personal data in order to provide support for website issues, to assist the Department and Local Authorities in the administration of the Household Charge through the analysis of data, production of reports, and provision of on-line customer support for this website.

That took me all of 30 seconds to draft. It should be at the beginning of the Privacy Statement.

  • Lack of clarity around the purposes to which the data will be put. While the Privacy Statement as it stands is fairly specific (stating payment processing, issuing reminders of future liability, issuing receipts etc.) the media statements about potential future uses of the data and the data which is actually being obtained (see Elaine Edward’s article in the Irish Times today [scroll to bottom] which points out that the process asks for the type of water supply you have and type of property etc ) suggest either that there are other future purposes that have not been disclosed, or data is being captured which is not relevant or is excessive to the stated purposes.

The primary purpose for which we are processing your information is to enable you to pay the Household Charge and to enable us to administer the Household Charge, as required under the relevant legislation, through the issuing of receipts, waiver notices, certificates of discharge, and the issuing of reminders for payment and notifications of liability in the future.

We are also capturing data about you and your property in order to establish a higher quality database of Residential Properties in the State for the purposes of supporting the efficient, fair, and cost-effective roll out of future property or service related charges and to provide a key information resource to the Department and Local Authorities about the nature and make-up of the residential properties in the State to support the planning and delivery of services and facilities in the future in a more cost-effective manner.

  • Lack of clarity regarding the periods for which data will be retained still persists. While the purposes of the retention are required in the legislation, the retention of data indefinitely is not allowed under the Data Protection Acts. How long does data need to be retained to issue a Certificate of Discharge? Is the personal data being retained as a standing database of property owners? (again.. that would be a purpose that would have to be stated).

In order to support the administration of the Household Charge and to permit the discharge of obligations under the legislation by Local Authorities and/or the Department, your personal data will be retained for the period of time you are the owner of a Residential property in the State. This will enable us to locate your records and issue receipts, Certificates of Discharge, reminder notifications, settlement of arrears on sale of property etc without having to require you to re-register for the Household Charge every year.

Data relating to persons who cease to be the owners of Residential properties in the State who have no outstanding liability will be retained for two years from the date of sale to allow for the re-issuing of Certificates of Discharge etc. in that period.

Data relating to persons who cease to be owners of Residential properties with arrears will be retained for six years to allow us to pursue outstanding amounts and for two years from the date of final discharge or settlement of any outstanding arrears.

Again, this is just a brain dump of what might be in a more ‘fit-for-purpose’ Privacy Statement, but it highlights the need to have thought through the key purposes for which data will be used so you can figure out how long you need to hold it for. So long as there is a lawful purpose for the retention and that is flagged to the Data Subject the ‘deal’ between Controller and Subject is fair and balanced.

  • Disclosure to third parties. The Privacy Statement is silent on this. The media, and the Data Protection Commissioner, have rightly focussed on the proposals to suck data from Utility companies, but the disclosure of data is as important. The Privacy Statement needs to be clear about who data might be disclosed to by the Controller and the basis for that disclosure.

Data provided as part of the Household Charge registration process may be disclosed to the Department of Social Protection or the Revenue Commissioners in order to support the administration of the Social Welfare system and the fair collection of other tax revenues. Such disclosures will be on the basis of specific requests arising from an investigation or as a result of legislative requirements currently in existence of which emerge in the future. All such disclosures of data will be undertaken in compliance with the Data Protection Acts and the minimum data necessary to achieve the purpose of the request will be disclosed. Where we believe there to be evidence of criminal activity or fraud data may be disclosed to the investigating authorities to support the detection and prosecution of any offences.

Again, this is just a brain dump. But it again illustrates that by stopping and thinking BEFORE you rush to obtain data you can improve transparency and identify the controls and governance you would likely need to have in place before you start.

  • The Data Protection Acts suggest that a Fair Processing Notice/Privacy Statement include any other information that the Data Controller considers will make the processing more fair. The obtaining data from 3rd parties should, in my view, be bumped into the Privacy Statement as well in this context  to make it CLEAR to people that this is a potential power and the basis on which it would be used. At the risk of pre-empting the protocols that the Department and the Data Protection Commissioner are agreeing, one possible wording for such a section might be

In order to investigate cases of non-payment of the Household Charge the Department or a Local Authority may, on a case by case basis, make a request to a Utility Company or other provider of services as specified by the Minister in the legislation for information about services provided to an address. This information will be sought for the purposes of identifying if the property is inhabited. Information which may be sought in this context would include the name of the account holder with the Utility company/service provider.

I was disheartened yesterday to hear the Minister constantly fall back on the mantra that the information provided on the site would be secure. That is not the point I’ve been making, and that is not where the Data Protection Commissioner’s concerns lie.

Security of Information (no offence to my friends in the InfoSec world) is just one of 8 Principles that needs to be complied with under the Acts, the Directive, and under our Lisbon Treaty obligations (Personal Data Privacy is a fundamental right of EU citizens).

The other 7 require Data Controllers to stop and think about what they are doing, what information they need to do that, how long they will need to keep that information for, who might need to look at that information, and a whole host of other factors over and above whether the site uses SSL and whether the data is encrypted on the server and other technical and practical security concerns.

It is even more disheartening when I see evidence of good work to try and ensure good security was designed in being undermined by a lack of focus on ensuring the other aspects required to balance the right to Privacy against the legitimate interests of the State were equally planned for and designed in.

This approach of “Privacy by Design” is what builds and sustains a Circle of Trust between the Data Controller and the individual.

In the case of the Household Charge that circle has been broken and will be difficult to restore.

If I was Taoiseach Kenny I’d be commenting on Minister Hogan’s Report Card: “Must try harder”.