Friday, May 17, 2019

Further on the Privacy Commissioner's inquiry into MSD practice

Further to yesterday's post I've done some more reading. The following (you will have to enlarge it to read or refer to p11 here) is the model that MSD uses to investigate reports of fraud.


The ministry investigates between 2300 and 5100 reports a year. When a report is categorised as 'high risk' (which is calculated from the amount of information the person alleging fraud can supply) it is referred to the investigation team.They assess whether informing the beneficiary of the investigation would prejudice the case eg parties start colluding. If the answer is 'yes' they issue  requests for information from third parties.

MSD began to do this more frequently in 2012. Historically in 95 percent of cases beneficiaries did not directly provide the information requested within a specified time-frame.

The Privacy Commissioner is unhappy with the frequency of the bypass of seeking information from the beneficiary first. He wants it stopped, or to be precise has recommended, "MSD immediately cease its blanket application of the ‘prejudice to the maintenance of the law’ exception when issuing section 11/schedule 6 notices."

I would question the use of the term 'blanket application'. His inquiry reads:

The Ministry categorises fraud allegations as low, medium or high risk using the DST. The Ministry has said that after the practice change in 2012, only high-risk cases were deemed to come within the prejudice to the maintenance of the law exception, even though policy documents from 2012 suggest that the exception could be applied to all fraud investigations. In either case, this meant that the Ministry authorised and encouraged investigators to go straight to third parties for information using their compulsion powers, rather than approach the beneficiary first.

In a nutshell the commissioner wants beneficiaries suspected of fraud accorded more privacy.

His note to editors reads:

The Privacy Act 1993 enables agencies to collect, use and disclose information that is necessary and proportionate to their lawful requirements. The Act provides that, in general, information should be collected from an individual directly.
Section 11 of the Social Security Act 1964 provides a mechanism by which the MSD can compel information from persons other than the individual. Before exercising this power, however, MSD is required in the first instance to seek the information required from the individual directly, unless there are reasonable grounds to believe that this would ‘prejudice the maintenance of the law’.
In my view discouraging  investigators from going directly to third parties (in high risk cases) will make benefit fraud easier. And that development will be consistent with the general approach this government wants to take. For example no longer requiring mothers to name the fathers of their children for the purposes of seeking child support (starting next year) and non-application of other sanctions (already happening).

This is a simplified reading and description of the situation. I stand to be corrected.

Thursday, May 16, 2019

Privacy Commissioner sides with fraudsters

RNZ reports:

"[Privacy]Commissioner John Edwards has concluded that the ministry has been unjustifiably intruding on the lives of beneficiaries.
Since 2012, the ministry has been bypassing beneficiaries and going to third parties for information.
Mr Edwards said that's allowed fraud investigators to collect large amounts of highly sensitive information about beneficiaries without their knowledge."


When 5% of sole parent beneficiaries freely admit they have private child support arrangements with partners and 70% of sole parent beneficiaries in our largest longitudinal study ever say that they have partners, is third party investigation really "unjustified"?

MSD responds via new Deputy CE Viv Rickard:

"We take a prevention-first approach, using conversations with clients and data matching agreements to detect and stop anomalies early. We don't investigate lightly," Mr Rickard said.
"We will need to continue to go directly to outside parties for information without going to the client first, where we believe there is a risk of collusion, evidence tampering, witness intimidation, or we can't locate the client."
Mr Rickard said the practice introduced in 2012, in response to the then National Government's approach of taking a harder line on benefit fraud and speeding up investigations.
"Ninety-five percent of the time people didn't provide the necessary information when we asked them directly, meaning we had to go to third parties anyway, delaying investigations," he said.
I am the last person to encourage the state to snoop BUT if people want to live off other people's money that practice needs to be justified.