Local Government Magazine
Open Data

Open information or privacy?

Councils are caught between demands to make their online databases and building records public and the need to safeguard the privacy of individuals. Octavia Palmer from the Office of the Privacy Commissioner explains some of the ground rules.

Online property and building records are a blessing to property developers, homeowners and potential buyers who no longer have to book appointments at council offices and hunt through stacks of paper to find the information they need.

Online property and building records also make responding to information requests more efficient for councils by reducing transaction costs and improving timeliness of responses.

Yet the potential social and economic value of online property and building records can only be fully realised if the systems that manage these records are designed and implemented in a way that protects individual privacy.

Some of the privacy risks of making records available online include:

  • confidential information, such as the name and contact details of informants or domestic violence victims, being made public;
  • bots extracting entire databases of information for marketing, scams or other purposes unrelated to property ownership; and
  • building plans and specifications of public figures becoming available to criminals.

This creates tension for local councils. On one hand, there are a number of statutory requirements to collect information and make it available. On the other hand, there are statutory mandates and community expectations that councils will protect individual privacy.

There is no one single way to manage this tension. Rather, councils need to consider and manage privacy risk in a way that is specific to their systems, processes and community values.

Legislative requirements

A number of statutes require councils to both collect information and provide information to the public (see chart “What covers what”).

Statutes that specify types of property and building information councils must collect include:

  • Local Government (Rating) Act 2002
  • Building Act 2004
  • Resource Management Act 1991
  • Fencing Act 1978
  • Fencing of Swimming Pools Act 1987
  • Health Act 1956.

Statutes that outline how information should be provided to the public include:

  • Local Government Official Information and Meetings Act (LGOIMA) 1987
  • Local Government (Rating) Act 2002
  • Building Act 2004
  • Resource Management Act 1991.

Statutes that set standards for how information should be used include:

  • Privacy Act 1993
  • Local Government Act 2002
  • Local Government Official Information and Meetings Act 1987.

On the front foot

Proactive release of certain types of property and building information, such as building consent records, is a requirement of statutes such as the Building Act and the Resource Management Act. The LGOIMA does not specify how councils should release other types of property and building information.

The Privacy Act sets high-level expectations about the need to treat personal information with care. 
This means that information releases should be assessed with the following in mind:

  • Does the information need to be made public under another Act (such as the Building Act or the LGOIMA)?
  • Can the council take reasonable steps to ensure people know that their information is being collected and disclosed?
  • Can the council take any steps to ensure that people can only use the information for its intended purpose?

While there are a number of ways to release information proactively, some are more conscious of privacy than others. For example, an online database of rateable values, searchable by address only, complies with the legislative mandate to make this information available without compromising personal privacy.

By contrast, a database that allows people to search names to see which properties they own and how much they’re worth would likely compromise these people’s personal privacy.

Privacy by design

In order to develop a privacy-centric approach, councils should adopt a “privacy by design” ethos. (See boxes “Privacy obligations” and “Privacy by design principles”.) This is a ground-up consideration of the “whole picture”: business processes, relevant legislation and the design of information systems.

Privacy by design principles provide a useful framework for thinking about projects with privacy impacts, such as making property and building records available online.

By approaching privacy in this integrated way, rather than viewing privacy as a discrete component, councils can do a better job of ensuring that property and building information is used for lawful purposes.

Privacy guidance

Councils can use the guidance outlined in the box story “On the record” as a starting point for the privacy aspect of any project. These aren’t hard and fast rules, but in the event of a complaint, the Office of the Privacy Commissioner would expect to see documentation showing the consideration process behind the features listed.

Councils play an important role in educating citizens about both the potential gains and risks of the open information movement. Open information is a vehicle for greater government efficiency, innovation, transparency and accountability.

At the same time, attention is needed to ensure citizens retain some control of their personal information, along with their trust in councils to treat and make available their personal information appropriately.

There are no black and white answers when it comes to this issue. A privacy-by-design approach, accompanied by public discussion, will help councils determine the degree of privacy that the residents in their region desire when it comes to their property and building information.

What covers what
What covers what


Privacy obligations

As a practical example, this is how the Office of the Privacy Commissioner would assess a privacy complaint about an 
online property and building record system.

  1. Was the information collected or disclosed for a lawful purpose?

Some legislation requires councils to collect and disclose certain information, such as section 216 of the Building Act.

  1. Has the council taken reasonable steps to ensure residents are aware that this information could be made publicly available?

Councils could use privacy statements or terms and conditions to let individuals know how their information could be disclosed.

  1. Has the council taken steps to prevent information collected for one purpose from being used for another purpose?

Councils could limit the use of proactively released information by limiting search terms to address (rather than name) and not allowing bulk downloads.


On the record

A privacy-enhancing online property and building file record would:

  • Prevent bulk-downloads of information.
  • 
Include a privacy statement that describes how information is protected, used and stored.
  • 
Allow sensitive information (such as the address of a domestic violence victim) to be withheld.
  • 
Comply with section 2.4 of the New Zealand Government Web Usability Standard.
  • Prevent information from being re-used for another purpose.
  • Ensure that technological safeguards are appropriate.
  • 
Give people the option of opting-out of the online publication of their personal information, where appropriate.
  • 
Not include identifying information of informants and complainants.
  • Clearly flag historical information.
  • Allow councils to audit file use and block inappropriate use.

Find out more

The Office of the Privacy Commissioner has produced a discussion document about online property and building information which aims to:

  • address issues raised in enquiries and complaints to the Office; and
  • contribute a privacy perspective to the conversation by councils, central government and the public about how publicly accessible property and building information held by local government should be.

This discussion paper is available on the Office’s website: www.privacy.org.nz.


Privacy by design principles

  1. Proactive not reactive – preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric.

For more information about privacy by design visit 
www.ipc.on.ca/images/resources/7foundationalprinciples.pdf


This article was first published in the March 2016 issue of NZ Local Government Magazine.

Subscribe to Local Government Magazine >>


Related posts

Telling stories through numbers: The rise of the data democracy

Ruth LePla

See it: Share it – LINZ Data Service

Ruth LePla