6Information matching rules
1Notice to individuals affected
Agencies involved in an authorised information matching programme must take all reasonable steps (which may consist of or include public notification) to ensure that the individuals who will be affected by the programme are notified of the programme.
Nothing in subclause (1) requires an agency to notify any individual about an authorised information matching programme if to do so would be likely to frustrate the objective of the programme.
2Use of unique identifiers
Except as provided in any other enactment, unique identifiers may not be used as part of any authorised information matching programme unless their use is essential to the success of the programme.
3Technical standards
The agency primarily responsible for the operation of an authorised information matching programme must establish and maintain detailed technical standards to govern the operation of the programme.
The technical standards established by an agency in accordance with subclause (1) must deal with the following matters:
- the integrity of the information to be matched, with particular reference to—
- key terms and their definition; and
- relevance, timeliness, and completeness:
- key terms and their definition; and
- the matching techniques to be used in the programme, with particular reference to—
- the matching algorithm:
- any use of unique identifiers:
- the nature of the matters being sought to be identified by the matching process:
- the relevant information definitions:
- the procedure for recognising matches:
- the matching algorithm:
- the controls being used to ensure the continued integrity of the programme, including the procedures that have been established to confirm the validity of matching results:
- the security features included within the programme to minimise and audit access to personal information, including the means by which the information is to be transferred between agencies.
The technical standards established in accordance with subclause (1) must be incorporated in a written document (in this clause, a Technical Standards Report), and copies of the Technical Standards Report must be held by all agencies that are involved in the authorised information matching programme.
Variations may be made to a Technical Standards Report by way of a Variation Report appended to the original report.
The agency that prepares a Technical Standards Report must forward a copy of that report, and of every Variation Report appended to that report, to the Commissioner.
The Commissioner may at any time direct that a Technical Standards Report be varied, and that direction must be complied with by the agency that prepared the report.
Every agency involved in an authorised information matching programme must comply with the requirements of the associated Technical Standards Report (including any variations made to the report).
4Safeguards for individuals affected by results of programmes
The agencies involved in an authorised information matching programme must establish reasonable procedures for confirming the validity of discrepancies before an agency seeks to rely on them as a basis for action in respect of an individual.
Subclause (1) does not apply if the agencies concerned consider that there are reasonable grounds to believe that the results are not likely to be in error, and in forming that view the agencies must have regard to the consistency in content and context of the information being matched.
Where those confirmation procedures do not take the form of checking the results against the source information, but instead involve direct communication with the individual affected, the agency that seeks to rely on the discrepancy as a basis for action in respect of an individual must notify the individual affected that no check has been made against the information which formed the basis for the information supplied for the programme.
Every notification in accordance with subclause (3) must include an explanation of the procedures that are involved in the examination of a discrepancy revealed by the programme.
5Destruction of information
In this clause, information matching information means—
- information that is disclosed to an agency under an information matching provision for use in an authorised information matching programme; and
- information that is produced from an authorised information matching programme.
Information matching information held by an agency that does not reveal a discrepancy must be destroyed as soon as practicable by the agency.
An agency that holds information matching information that reveals a discrepancy must destroy that information within 60 working days after becoming aware of the discrepancy unless the agency decides to take adverse action against any individual on the basis of that discrepancy.
An agency that decides to take adverse action against any individual on the basis of a discrepancy must destroy the information as soon as practicable after the information is no longer required.
This clause does not apply in relation to the Inland Revenue Department.
6No new databank
Subject to subclauses (2) and (3), the agencies involved in an authorised information matching programme must not permit the information used in the programme to be linked or merged in such a way that a new separate permanent register or databank of information is created about all or any of the individuals whose information has been subject to the programme.
Subclause (1) does not prevent an agency from maintaining a register of individuals in respect of whom further inquiries are warranted following a discrepancy revealed by the programme, but information relating to an individual may be maintained on a register of that kind only for so long as is necessary to enable those inquiries to be carried out, and in no case longer than is necessary to enable any adverse action to be taken against an individual.
Subclause (1) does not prevent an agency from maintaining a register for the purpose of excluding individuals from being selected for investigation, but that register may contain only the minimum amount of information necessary for that purpose.