Schedule 4 Information matching rules

ss 97, 99, 107

1 Notice to individuals affected

(1)

Agencies involved in an authorised information matching programme shall take all reasonable steps (which may consist of or include public notification) to ensure that the individuals who will be affected by the programme are notified of the programme.

(2)

Nothing in subclause (1) requires an agency to notify any individual about an authorised information matching programme if to do so would be likely to frustrate the objective of the programme.

2 Use of unique identifiers

Except as provided in any other enactment, unique identifiers shall not be used as part of any authorised information matching programme unless their use is essential to the success of the programme.

3 On-line transfers

(1)

Except with the approval of the Commissioner, information transferred between agencies for the purposes of an authorised information matching programme shall not be transferred by means of on-line computer connections.

(2)

Any approval given under subclause (1) may be given either unconditionally or subject to such conditions as the Commissioner thinks fit.

(3)

Any approval given under subclause (1) may at any time be withdrawn by the Commissioner; and any condition subject to which any such approval is given may from time to time be revoked, varied, or added to by the Commissioner.

4 Technical standards

(1)

The agency primarily responsible for the operation of an authorised information matching programme shall establish and maintain detailed technical standards to govern the operation of the programme.

(2)

The technical standards established by an agency in accordance with subclause (1) shall deal with the following matters:

(a)

the integrity of the information to be matched, with particular reference to—

(i)

key terms and their definition; and

(ii)

relevance, timeliness, and completeness:

(b)

the matching techniques to be used in the programme, with particular reference to—

(i)

the matching algorithm:

(ii)

any use of unique identifiers:

(iii)

the nature of the matters being sought to be identified by the matching process:

(iv)

the relevant information definitions:

(v)

the procedure for recognising matches:

(c)

the controls being used to ensure the continued integrity of the programme, including the procedures that have been established to confirm the validity of matching results:

(d)

the security features included within the programme to minimise and audit access to personal information, including the means by which the information is to be transferred between agencies.

(3)

The technical standards established in accordance with subclause (1) shall be incorporated in a written document (in this clause called a Technical Standards Report), and copies of the Technical Standards Report shall be held by all agencies that are involved in the authorised information matching programme.

(4)

Variations may be made to a Technical Standards Report by way of a Variation Report appended to the original report.

(5)

The agency that prepares a Technical Standards Report shall forward a copy of that report, and of every Variation Report appended to that report, to the Commissioner.

(6)

The Commissioner may from time to time direct that a Technical Standards Report be varied, and every such direction shall be complied with by the agency that prepared the report.

(7)

Every agency involved in an authorised information matching programme shall comply with the requirements of the associated Technical Standards Report (including any variations made to the report).

5 Safeguards for individuals affected by results of programmes

(1)

The agencies involved in an authorised information matching programme shall establish reasonable procedures for confirming the validity of discrepancies before any agency seeks to rely on them as a basis for action in respect of an individual.

(2)

Subclause (1) shall not apply if the agencies concerned consider that there are reasonable grounds to believe that the results are not likely to be in error, and in forming such a view regard shall be had to the consistency in content and context of the information being matched.

(3)

Where such confirmation procedures do not take the form of checking the results against the source information, but instead involve direct communication with the individual affected, the agency that seeks to rely on the discrepancy as a basis for action in respect of an individual shall notify the individual affected that no check has been made against the information which formed the basis for the information supplied for the programme.

(4)

Every notification in accordance with subclause (3) shall include an explanation of the procedures that are involved in the examination of a discrepancy revealed by the programme.

6 Destruction of information

(1)

Personal information that is disclosed, pursuant to an information matching provision, to an agency for use in an authorised information matching programme and that does not reveal a discrepancy shall be destroyed as soon as practicable by that agency.

(2)

Where—

(a)

personal information is disclosed, pursuant to an information matching provision, to an agency for use in an authorised information matching programme; and

(b)

that information reveals a discrepancy,—

that information shall be destroyed by that agency as soon as practicable after that information is no longer needed by that agency for the purposes of taking any adverse action against any individual.

(3)

Nothing in this clause applies in relation to the Inland Revenue Department.

7 No new databank

(1)

Subject to subclauses (2) and (3), the agencies involved in an authorised information matching programme shall not permit the information used in the programme to be linked or merged in such a way that a new separate permanent register or databank of information is created about all or any of the individuals whose information has been subject to the programme.

(2)

Subclause (1) does not prevent an agency from maintaining a register of individuals in respect of whom further inquiries are warranted following a discrepancy revealed by the programme, but information relating to an individual may be maintained on such a register only for so long as is necessary to enable those inquiries to be carried out, and in no case longer than is necessary to enable any adverse action to be taken against an individual.

(3)

Subclause (1) does not prevent an agency from maintaining a register for the purpose of excluding individuals from being selected for investigation, but such register shall contain the minimum amount of information necessary for that purpose.

8 Time limits

(1)

Where an authorised information matching programme is to continue for any period longer than 1 year, or for an indefinite period, the agencies involved in the programme shall establish limits on the number of times that matching is carried out pursuant to the programme in each year of its operation.

(2)

The limits established in accordance with subclause (1) shall be stated in writing in an annex to the Technical Standards Report prepared in respect of the programme pursuant to clause 4.

(3)

The limits established in accordance with subclause (1) may be varied from time to time by the agencies involved in the programme.