International Symposium on National Databank Systems Auckland, May 2004

1
International Symposium on National Databank
SystemsAuckland, May 2004

• DNA DATABANKS SOME PRIVACY CONSIDERATIONS
• Blair Stewart
• Assistant Privacy Commissioner

2
Abstract

• Using internationally recognised data privacy
  principles as a frame of reference, the
  presentation will consider privacy and data
  protection issues associated with the
  establishment and operation of a forensic DNA
  databank. Reference will be made to two NZ
  statutes the Privacy Act 1993 and the Criminal
  Investigations (Bodily Samples) Act 1995.
  Domestic law will be used to illustrate
  protections for privacy, balances struck between
  privacy and other competing public interests, and
  remaining issues and dilemmas.

3
Many Issues Discussion of just a few

• The recent 1158 page Australian Law Reform
  Commission report Essentially Yours the
  protection of human genetic information in
  Australia devoted 168 pages to law enforcement
  and evidence issues. Much of the report
  concerned information privacy issues the
  collection, holding, use and disclosure of
  genetic information. This presentation touches
  upon just a few.

4
Abbreviations

• CI(BS)A Criminal Investigation (Bodily Samples)
  Act
• Ipps Information Privacy Principles (Privacy
  Act 1993, s.6)
• OECD Organisation of Economic Cooperation and
  Development

5
OECD Principles

• The OECD Guidelines on the Protection of Privacy
  and Transborder Flows of Personal Data (1980)
  represent a fairly universally accepted set of
  information privacy principles.
• The 8 principles of national application will be
  used as a basis for discussion.

6
OECD Principles (Summary)

• Collection limitation principle
• Data quality principle
• Purpose specification principle
• Use limitation principle
• Security safeguards principle
• Openness principle
• Individual participation principle
• Accountability principle

7
Collection Limitation Principle

• There should be limits to the collection of
  personal data and any such data should be
  obtained by lawful and fair means and, where
  appropriate, with the knowledge or consent of the
  data subject

8
Collection Limitation Principle (Comment)

• Need for clear limits in law as to what is to be
  collected and added to databank
• Collection must be by lawful means (e.g. consider
  governing legislation, civil and human rights, no
  unlawful coercion etc)
• Collection must be by fair means (e.g. no
  subterfuge)
• Usually with knowledge and consent of the data
  subject (issues may differ between investigation
  as against maintaining databank)

9
Collection Limitation Principle(NZ law and
practice)

• Criminal Investigations (Bodily Samples) Act
  1995
• s.26 limits information that may be kept on
  profile databank
• Part 3 detailed processes for collection of
  bodily samples and associated information
  whether voluntarily or pursuant to court order
  or compulsion notice
• ss.36 and 37 rights to withdraw consent
• Samples may not be added to the databank except
  pursuant to the statutory processes
• Special care to ensure individuals are made aware
  of their statutory rights, additional protections
  for young people

10
OECD Data Quality Principle

• Personal data should be relevant to the purposes
  for which they are to be used, and, to the extent
  necessary for those purposes, should be accurate,
  complete and kept up-to-date

11
Data Quality Principle (Comment 1)

• Relevance to the purposes
• Why is a particular persons profile on the
  databank? Is there a direct nexus to a
  legitimate law enforcement function in a free
  society?
• Does all of personal data held meet the relevance
  test? (details appropriately on an investigation
  file may be inappropriate on the databank)

12
Data Quality Principle (Comment 2)

• Accuracy
• Stringent standards for collection processes,
  chain of custody of sample, avoiding
  contamination, security of database, laboratory
  performance, alternative explanations for a match
• Personal data associated with the profile e.g
  identification details are critical
• Completeness will information held mislead if
  not coupled with further details? (e.g. if a
  criminal is known to have engaged in identity
  theft or identity takeover, how to avoid
  taking action against the wrong individual in
  case of a match?)

13
Data Quality Principle (Comment 3)

• Kept up to date
• Policies needed on questions such as the death of
  an individual, withdrawal of consent, records of
  juveniles, acquittal of suspects or overturning
  of convictions, clean slate legislation
• Police records in relation to personal
  information associated with the profile may be
  updated should they also be updated in the
  databank?

14
Data Quality Principle (NZ law and practice)

• Privacy Act ipp 8 accuracy etc of personal
  information to be checked before use
• CI(BS)A, s.71 information stored on DNA profile
  databank not admissible in criminal proceedings
  (i.e the databank an investigative tool but best
  evidence to be obtained for presentation in
  court)
• See Eichelbaum and Scott, Report on DNA Anomalies
  (1999), Auckland concerning laboratory
  contamination

15
Purpose Specification Principle

• The purposes for which personal data are
  collected should be specified not later that at
  the time of data collection and the subsequent
  use limited to the fulfilment of those purposes
  or such others as are not incompatible with those
  purposes and as are specified on each occasion of
  change of purpose

16
Purpose Specification Principle (Comment)

• A States reason for establishing, maintaining
  and using a DNA databank should be transparent.
  The purpose for placing samples on the databank
  should be given before people are asked or
  compelled to add their samples
• New purposes should not be introduced arbitrarily
  
• When stored samples or information no longer
  serve a purpose they should be destroyed or
  rendered anonymous

17
Purpose Specification Principle(NZ law and
practice)

• IPP1 Purpose of collection of personal
  information (see also ipps 9, 10 and 11)
• CI(BS)A s.27 the DNA profile databank may
  generally only be accessed, and information
  disclosed, for one purpose the purpose of
  forensic comparison in the course of a criminal
  investigation by the Police
• CI(BS)A s.28 access to, and use of, blood
  samples limited to the purpose of deriving a DNA
  profile for storage on the DNA profile databank
• CI(BS)A s.60 Blood samples required to be
  destroyed after 12 months

18
Use Limitation Principle

• Personal data should not be disclosed, made
  available or otherwise used for purposes other
  than those specified in accordance with the
  purpose specification principle except
• with the consent of the data subject or
• by the authority of law

19
Use Limitation Principle(Comment)

• Samples and databank information should only be
  made available or used for the purposes specified
  
• Some change of purpose may be justified by law
  (the legislature is supreme but has a process
  that involves democratic accountability,
  transparency and adherence to rule of law)

20
Use Limitation Principle(NZ law and practice)

• In addition to the primary purpose of forensic
  comparison, the NZ law anticipates the use of DNA
  databank information in 2 limited circumstances
• for the purpose of making the information
  available to the individual concerned in
  accordance with a subject access request under
  the Privacy Act
• for the purpose of administering DNA profile
  databank
• CI(BS)A s.27(2) permissible to use information
  that does not identify a person (e.g. for
  research purposes) if this otherwise complies
  with law and has the agreement of the databank
  custodian

21
Security Safeguards Principle

• Personal data should be protected by reasonable
  security safeguards against such risks as loss or
  unauthorised access, destruction, use,
  modification or disclosure of data

22
Security Safeguards Principle(Comment)

• Security and privacy issues are not identical.
  However, limitations on data use and disclosure
  should be reinforced by security safeguards.
  Such safeguards may include physical measures
  (e.g. locked doors), organisational measures
  (such as authority levels, staff training) and
  informational measures (such as encryption,
  threat monitoring)
• Security safeguards contribute not only to
  privacy protection but also the forensic
  rationale of the databank (such as the avoidance
  of tampering, the loss of data etc)

23
Security Safeguards Principle(NZ law and
practice)

• IPP5 Storage and security of personal
  information
• CI(BS)A s.77 Offence to knowingly falsify a DNA
  profile stored on a databank, unauthorised
  addition to or deletion from a databank of any
  information, to attempt to gain access to or
  disclose information from a DNA databank or
  similarly to gain access to or use a blood sample

24
Openness Principle

• There should be a general policy of openness
  about developments, practices and policies with
  respect to personal data. Means should be
  readily available of establishing the existence
  and nature of personal data, and the main
  purposes of their use, as well as the identity
  and usual residence of the data controller.

25
Openness Principle(Comment)

• No secret databases while the content of the
  database must necessarily be very secure and not
  accessible to unauthorised persons, there should
  be a transparency about the fact that a database
  is maintained, the rules that control it and the
  practices that are followed

26
Openness Principle(NZ law and practice)

• IPP3 Collection of information from individual
• CI(BS)A s.76 Databank reports are required to be
  included in the NZ Police annual report
• Under the Crown Research Institutes Act 1992, ESR
  is required to publish annual report, other
  details on its website

27
Individual Participation Principle

• An individual should have the right
• (a) To obtain from a data controller
  confirmation of whether or not the data
  controller has data relating to him
• (b) To have communicated to him, data relating to
  him
• Within a reasonable time
• At a charge, if any, that is not excessive
• In a reasonable manner and
• In a form that is readily intelligible to him
• (c) To be given reasons if a request under (a)
  and (b) is denied, and to be able to challenge
  such denial and
• (d) To challenge data relating to him and, if the
  challenge is successful to have the data erased,
  rectified, completed or amended.

28
Individual Participation Principle(Comment)

• The right of individuals to access and challenge
  personal data held about them is a fundamental
  privacy protection

29
Individual Participation Principle(NZ law and
practice)

• IPP6 Access to personal information
• IPP7 Correction of personal information
• CI(BS)A s.27(1)(b) access may be given to the
  databank for the purpose of making the
  information available, in accordance with the
  Privacy Act, to the person to whom the
  information relates

30
Accountability Principle

• A data controller should be accountable for
  complying with measures which give effect to the
  principles stated above

31
Accountability Principle(Comment)

• There is more to privacy protection than setting
  rules must be measures to ensure such rules are
  met, primary responsibility lies with the data
  controller
• The OECD notes that the data controller should
  not be relieved of its obligations merely because
  the processing of data is carried out on its
  behalf by another party, such as a service bureau
  (on the other hand, the OECD Guidelines do not
  prevent service bureau and others being held
  accountable) sanctions against breaches may be
  directed against all parties entrusted with the
  handling of personal information (e.g. both a law
  enforcement authority and a body maintaining a
  DNA databank)

32
Accountability Principle(NZ law and practice)

• Privacy Act 1993 can be enforced by complaint,
  and if need be civil proceedings, against both
  the Police and the agency maintaining the DNA
  databank (ESR)
• CI(BS)A s.27(3) nothing in this section limits
  the jurisdiction of the Privacy Commissioner to
  investigate any complaint
• CI(BS)A s.77 offences
• Privacy Commissioner is an independent statutory
  body with powers to investigate complaints. In
  addition, NZ has various accountability
  mechanisms such as the Auditor General, Ombudsmen
  and Human Rights Commission. In particular
  cases, the government might set up special
  inquiries (e.g. Eichelbaum and Scott)

33
Some Additional Issues Not Yet Addressed in NZ

• New South Wales has an innocence panel whereby
  prisoners may call upon State resources for DNA
  testing
• Cross-border matching of samples with DNA
  databanks the CI(BS)A does not provide for that
  nor address the many issues that might arise, yet
  one knows that criminals may cross borders after
  committing offences
• Were international databanks to be created, there
  would need to be careful attention to rule
  setting, oversight and accountability mechanisms
• Clean slate arrangements

34
Internet Resources

• Australian Law Reform Commissions Essentially
  Yours report www.austlii.edu.au/au/other/alrc/publ
  ications/reports/96
• NZ Privacy Commissioner www.privacy.org.nz
• ESR www.esr.cri.nz/features/esr_and_dna
• NZ Police annual reports www.police.govt.nz/resour
  ces/annualreport