Skip to content.
|Networking government in New Zealand.
You are here: Home » Resources » Research » Trust and Privacy Research Paper » Findings

Findings

This section reports the data gathered through the three different collection projects (focus groups, survey of complainants, and interviews with community leaders).

4.1 Focus Groups - Questionnaire data

Each participant completed an initial questionnaire that collected information about their use of online services, privacy-related concerns and attitudes, as well as their levels of trust in different government organizations.

4.1.1 Background Data

Tables 1 and 2 present basic demographic information about the focus group participants.

Table 1. Focus group participants - Gender

Gender

Number

Percentage (%)

Female

33

56.9

Male

25

43.1

Table 2. Focus group participants - Age

Age

Number

Percentage (%)

15-19

2

3.4

20-29

14

24.1

30-39

15

25.8

40-49

9

15.5

50-59

6

10.3

60-69

8

13.7

70+

4

6.9

The questionnaire was used to collect information about participants' activities online, specifically whether they use online banking, Trade Me® (online auction website) [See www.trademe.co.nz] and/or make purchases from online stores. The resulting statistics are presented in Table 3.

Table 3. Focus group participants - Use of online services

Online Activity

Number (n = 58)

Percentage (%)

Use online banking

29

50.0

Use Trade Me®

21

36.2

Purchase from online stores

15

25.9

These collective statistics allow a rough comparison of the population of focus group participants against similar statistics reported for the national population. Half of all participants reported that they use online banking. Research from late 2003 suggests that 41% of New Zealanders had used online banking as of October 2003 (Taylor Nelson Sofres, 2003). Although more current figures would be helpful, it may be reasonable to presume that this percentage has increased somewhat in the past two years, which would seem to indicate this group's use of online banking is approximately consistent with national statistics. Statistics provided by Trade Me indicate that there are slightly more than one million active members using Trade Me. [From http://www.trademe.co.nz/structure/media_buyer/site_stats.asp on 8 Dec 2005.] Since this figure includes members who may reside outside of New Zealand (e.g., residents of Australia are permitted to be members), inferences from this number are unlikely to be very reliable.

4.1.2 Concerns, Attitudes and Behaviors (prior to discussion)

The initial questionnaire also asked participants to respond to a series of statements about their privacy-related concerns, attitudes and behaviors (using a Likert scale of options, i.e., 1:Strongly agree, 2:Agree, 3:Unsure, 4:Disagree, 5:Strongly disagree). Response data from these questions are shown in Table 4.

Table 4. Reported attitudes, concerns and behaviors

SA*

A

N

D

SD

Total Agree (%)

MEAN**

S6. "I am concerned about the privacy of my personal information when it is exchanged online via the Internet"

31

19

5

1

0

89.29

1.57

S7. "I feel confident that my personal information will be handled properly and be adequately protected by the private businesses (e.g., stores, banks, etc.) I deal with"

11

22

14

8

2

57.89

2.44

S8. "I feel confident that my personal information will be handled properly and adequately protected by the government organizations I deal with"

13

22

13

7

2

61.40

2.35

S9. "I trust government employees to treat my personal information with appropriate respect for my privacy"

15

19

11

11

1

59.65

2.37

S10. "I am generally concerned about the amount of information that various government organizations hold about me."

15

15

16

6

4

53.57

2.45

S11. "I usually seek or check statements about the way in which my personal information will be protected before I supply information to government organizations"

18

19

11

7

2

64.91

2.23

S12. "I usually seek or check statements about the way in which my personal information will be protected before I supply information to a business that I deal with"

20

25

8

5

0

77.59

1.97

S13. "I think the rules governing the way in which government organizations collect and exchange information about me are adequate"

3

25

19

7

3

49.12

2.68

S14. "I sometimes refuse to provide information to a government organization if I feel they do not have an adequate reason to ask for such information"

11

30

8

5

4

70.69

2.33

* Abbreviations: SA = "Strongly Agree" A = "Agree" N = "Neutral" D = "Disagree"

SD = "Strongly Disagree" Total Agree = (Strongly Agree + Agree)

** MEAN = Average Response (1 - 5, where 1 represents SA and 5 represents SD)

Thus, the lower the mean score, the more strongly participants tended to agree with the statement.

Many of the topics referred to by these statements were also addressed in the group discussions. For example, responses from S7 and S8 enable a comparison of whether participants have more confidence that their privacy will be protected by government organizations or private businesses, and this question was also raised later in the meetings, when participants were asked to explain their responses. Response data for S6 suggests that a strong majority of participants are concerned about the privacy of their personal information when it is communicated via the Internet. Responses to S7 and S8 indicate only a slight gap between participants' levels of confidence in government organizations and private organizations. In contrast, the gap between the percentages of individuals who agreed with S11 compared to S12 seems to imply that individuals are more likely to look for the privacy policies (or other statements about how their information will be used and handled) of private businesses before providing their personal information.

Statements receiving a high percentage of neutral responses, like S10 and S13, may imply that participants did not know enough about the topics involved. For instance, the fact that nearly a third of participants responded "Neutral" to S10 (see Table 4, above) may suggest that many individuals were unsure about how much information the government holds about them (this was also supported by comments made in group discussions). Further comment about the results shown in Table 4 (including how they relate to other data collected in this study) is incorporated into the Discussion section.

The final question (Q16) asked each participant about their level of trust in government organizations, and the majority of participants (58.9 percent) reported that they trust all government organizations the same amount, as shown in Table 5. These results are interesting, as they indicate that the majority of participants do not assess the trustworthiness of each government organization separately. Later, individuals' responses to this question during group discussions seemed to contradict this view, as most said that they trust some departments more than others (this will be compared to the findings of other parts of this study in the Discussion section).

Table 5. Levels of trust in different government organizations

Q16. Do you make distinctions between government departments - do you trust some more than others?

Response

#

%

Yes (I trust some more than others)

23

41.07

No (I trust them all the same amount)

33

58.93

Following on from Q16, the questionnaire asked participants to list the government organizations they trust the most, as well as those departments they trust the least. [Individuals were not prompted with the names of any organizations, so this response data shows only those entities that were nominated by participants.] While some participants chose not to list any organizations, many others did, and this data is presented in Table 6 and Table 7.

Table 6. Most trusted government organizations

Organization

Number of Occurrences

Inland Revenue Department (IRD)

6

Ministry of Health (MOH)

4

Work and Income New Zealand (WINZ, within MSD)

3

Department of Labour (DOL)

3

Ministry of Education (MOEd)

2

Immigration (within DOL)

2

Te Puni Kōkiri (TPK)

2

Māori Land Court

1

Teachers Registration Council

1

Human Rights Commission (HRC)

1

Department of Internal Affairs (DIA)

1

Electoral Department (within DIA)

1

Birth Deaths and Marriages (within DIA)

1

Studylink (within MSD)

1

Tenancy Services

1

Other responses to this question (most trusted) included: "not any of them," "they are all the same," and "none."

Table 7. Least trusted government organizations
Organization

Number of Occurrences

Inland Revenue Department (IRD)

13

Work and Income New Zealand (WINZ)

13

Ministry of Social Development (MSD)

2

Child, Youth and Family Services (CYFS)

2

Studylink

2

Ministry of Justice (MOJ)

2

Mental Health

2

Ministry of Pacific Island Affairs

1

Department of Building and Housing

1

Ministry of Agriculture and Forestry (MAF)

1

Security Intelligence Service (SIS)

1

Other responses to this question (least trusted) included: "not sure," "I just don't trust any of them," "n/a," and "they are all the same."

The data presented in Tables 6 and 7 was gathered prior to group discussions. Later, the same question was also posed in the discussions (asking which departments people trust and allowing participants to explain why they trust some organizations and not others, as described later in this section).

back to top

4.2 Focus Groups - Data from discussions

One problematic area of privacy research is the lack of detailed information provided by large-scale, quantitative surveys. Although the results of these surveys may indicate individuals' general level of concern about information privacy, they typically fail to provide reliable information about what influences individuals' concerns and attitudes.

The eight focus group interviews provided a large amount of in-depth data from the various perspectives of the participants involved. After the transcripts were analyzed using the coding framework, the research team was then able to identify the recurring themes and issues raised in the group discussions. Since the course of each group discussion was influenced by the comments made by its participants, a number of issues were discussed in some groups and not others. Summaries of the findings related to each of the most prevalent topics are presented throughout this section.

4.2.1 Defining Privacy and Gauging Awareness

4.2.1.1 Defining privacy

This study has not sought to develop a new definition of privacy, and this brief discussion of participants' various explanations of the concept is included only to reflect the diversity of their interpretations. To begin each meeting, and introduce the topic of the ensuing discussion, the researchers asked participants to share their view of what the term "privacy" meant to them. In presenting their explanations of what privacy means, many participants mentioned that they believe privacy is related to being able to control "who knows what" about things related with their private lives. Some individuals defined privacy in terms of types of information that they feel should be kept private and confidential (e.g., related to health, finances, etc.). Other individuals, predominately in the group of Pacific peoples, explained that their view of privacy is primarily concerned with keeping family information private and protecting the honor of their family's name and reputation. After listening to the various definitions put forth by individuals, the researchers explained what privacy meant in the context of this study, and presented Westin's definition of information privacy (as cited in the preceding literature review).

4.2.1.2 Awareness of protections

Individuals' privacy concerns may be related to their knowledge about what protections exist to guard their right to privacy.[There are many ways of considering this, for example: if a person does not know that any protections exist, they may be more (or less) concerned about what is likely to happen to the personal information they provide to organizations.] One of the first questions posed to groups was about whether individuals were aware of any laws or regulations that exist to help protect their privacy. Overall, two general patterns of response were observed in the groups. Most commonly, there was quiet uncertainty amongst group members, eventually followed by someone mentioning the Privacy Act. At that point, others would acknowledge that they had heard of the Privacy Act, and the majority of individuals reported that they knew little (if anything) about that Act. [Regardless of whether participants were aware of the Privacy Act, many individuals responded to the question by saying that their privacy is supposed to be protected based on which "boxes they tick" on the various forms they fill out.] The other response pattern occurred in groups where at least one participant was familiar with Privacy Act based on their occupation. In these cases, the individual with this familiarity explained how the Act applied to their job, and shared what they knew about the provisions of the Act. Despite those with a basic understanding of some provisions of the Privacy Act, the overwhelming majority of participants reported knowing little or nothing about what protections (laws, regulations, etc.) or organizations (the OPC, the Human Rights Commission, etc.) exist to help protect their right to privacy.

Participants expressed various views about their propensity to complain about situations where they believed their privacy had been breached. While some claimed that they would seek redress, many participants affirmed that they were unlikely to complain about minor breaches of their privacy. Individuals' comments suggested that some believed the existing complaints processes (via the specific organization and the OPC) were likely to take too long, were unlikely to be effective, and would not be able to remedy their dissatisfaction (i.e., contending that after privacy-related harm is done, most often any resulting damage cannot be undone or rectified).

4.2.2 The Trustworthiness of Government Organizations

4.2.2.1 Comparison of trust: Government Vs. non-government organizations

In an effort to learn more about how participants' assess the trustworthiness of government organizations (with specific focus on information privacy), group members were asked whether they have more confidence that their personal information will be handled properly and adequately protected by government organizations or organizations that are not part of the government. [This wording was used to focus on whether participants' trust government or private sector organizations more, within the specific context of their informational privacy (thus, not asking about trust in general).] Overall, the majority of individuals reported having more confidence in government organizations.[Although we did not ask specifically about the banking sector, individuals in most groups noted that they felt banks were the most trustworthy organizations with regard to privacy.] One response that was consistent with the attitudes of many participants was:

(From Group 5) "I think a private organization is more likely to sell my information, whereas government would be more likely to lose my information."

Many comments suggested that individuals believe the objectives and motivations of government organizations are more virtuous (and therefore, more trustworthy) than private sector entities. On the other hand, some participants voiced concerns about data sharing between and amongst government bodies, as will be discussed further in section 4.2.2.5.

When individuals were asked to explain why they had more confidence either way, different views were evident:

(from Group 1) "I think government. I would feel better with [government] than a private organization personally because I feel that [government organizations are] audited all the time and they're quite accountable..." in contrast to:

(from Group 4) "I would be more inclined to trust private organizations, ... Government seems to, more and more, want to pry into personal activities."

In addition to emphasizing their perceptions about the motivations of these different types of organizations, individuals' responses seemed to be influenced by their occupation and their general attitude toward public servants (e.g., expectations they expressed about public servants' competence, motivations and accountability). That is, some people working in the private sector were adamant about how serious their organizations were about protecting their customers' privacy, while others who work for (or with close relatives working for) government expressed similar views supporting government organizations.

4.2.2.2 How trustworthy are different government organizations?

The researchers also asked participants to discuss whether they consider some government organizations to be more trustworthy than others or they trust them all the same. The vast majority reported that they assess the trustworthiness of each organization separately, and therefore, they trust some more than others.[In these discussions, very few people said that they trust all (or even most) government entities equally (those who trusted all government organizations similar amounts were more likely to report low levels of trust).]

Participants were asked to name the departments that they trust the most and the least, and explain why. In particular, individuals were encouraged to try to articulate what influenced their assessment of an organization's trustworthiness.[The objective here is not to "name and shame" organizations, but to concentrate on the reasons people gave for trusting or distrusting organizations.]

Some individuals reported that they believe organizations whose objectives are not directly linked to money are more trustworthy than those that are, citing this as a cause for distrusting IRD and WINZ, among others. Similarly, various comments indicate that some organizations have developed more reliable or trustworthy systems for collecting and processing personal information.

Individuals provided explanations about why they trust some organizations more than others and these were almost always based on their familiarity with, and personal knowledge of, each organization. Most specified that the amount of influence any source of information (about an organization) would have on their attitude is directly related to the credibility of the source. Generally, knowledge gained through personal experiences was reported to have the most influence, followed by stories or information received from friends and family, and lastly, information received through different media channels (television, radio, newspaper, etc.). Participants reported that there were many government organizations that they knew little about (those that they had no experience with, and were unlikely to interact with in the future), and therefore, could only generalize about the trustworthiness of those organizations.

In cases where individuals expressed a high level of confidence in a particular organization, they commonly attributed this confidence to their personal experiences with that organization. One participant recounted a recent interaction he had with Statistics New Zealand, in which he was asked to provide a large amount of information that he considered to be quite personal (as part of a study being conducted). Although he said he had been skeptical at first, he explained that his confidence was sufficiently raised by two things: the collector's thorough explanation of the process (and patient responses to his questions), and the seemingly robust protocol being used to protect his privacy while collecting his information. [Given the role and responsibilities of Statistics New Zealand, this may not be surprising. Other large government departments likely have fundamentally different relationships with citizens and may face different challenges.]

4.2.2.3 Does mistrust propagate through the Government?

When participants were asked whether a breach of privacy in one government organization would affect the amount of trust they have in other government organizations, the overwhelming majority reported that only their level of trust in the specific organization would be decreased. Very few individuals indicated that it might affect their assessment of the trustworthiness of government organizations in general, while most comments were aligned with the assertion that:

"...it's not so much a government thing, these are government agencies, but I would view each agency as a complete separate entity, and a breach of ethical faith in IRD would make me question IRD and not worry about other institutions."

Although this response may seem rational (and was commonly articulated in various terms throughout different groups), other statements made during the focus group meetings seemed to contradict this assertion. That is, in discussions where the majority of individuals claimed that a breach of privacy by one government organization would affect only their level of trust in that single entity, some of the same individuals presented generalizations about the trustworthiness of government organizations based on their experiences with one or two specific organizations.

4.2.2.4 Channels: Confidence and concerns

In order to learn more about individuals' concerns and preferences within the context of this study, the research team asked questions about participants' attitudes towards various channels used to interact with government organizations. The researchers were not specifically interested in which channel people believe to be the most convenient or usable. Instead, the focus was on which channel people consider more trustworthy for providing personal information, and the initial question was presented as: "When you need to provide personal information to a government organization, which channel do you have the most confidence in - that your privacy will be protected?" The responses within and among the various groups reflected a diverse range of opinions and justifications for the views presented.

Face-to-Face

The overwhelming majority of people reported that they have the most confidence when they provide their personal information in a face-to-face environment (this was consistent across all groups). Individuals provided a variety of explanations for their consistent support of this channel, including:

  • the ability to interact with and have a relationship with the person receiving their information,
  • the ability to see how the recipient is receiving and treating their information,
  • the ability to judge the competence of the individual receiving the information,
  • the ability to check the accuracy of the information submitted, and
  • the belief that they can hold someone accountable if something goes wrong.

Post

The next most preferred channel for providing personal information was the post. Participants provided a number of reasons for having confidence in this method, including:

  • familiarity with filling in paper forms (comfort based on previous experience),
  • the ability to review the information upon completion,
  • the ability to make copies and retain a record of the information they submit, and
  • a high level of understanding around what happens with forms they post (in contrast to submitting information online).

A number of group members also voiced certain disadvantages to sending information via post, including:

  • inadequate knowledge of who is receiving the information (and how they are treating it);
  • the possibility that mail can be lost or intercepted;
  • and concern about how the information is processed once it arrives at its destination (including worries that information may be entered inaccurately into computer systems).

The Internet

Participants' confidence related to submitting information via the Internet resulted in the greatest diversity of views about the various channels available. In many groups, this channel was slightly preferred to the telephone, but people generally reported less confidence compared to face-to-face and the post. During the discussions, people often distinguished between "secure" websites [In explaining what they meant by secure sites, individuals often related this to the presence of a padlock displayed along the browser window, or a message notifying them that they were entering a secure website. Some participants (in different groups) reported that they have confidence in websites advertising that they have been "proven secure."] and websites in general, with significantly higher levels of confidence in secure websites. Individuals commonly said that one benefit of online interactions is that there is almost always a record of the event, and that they save a copy for future reference.

In most groups, people expressed fear about "hackers," and repeatedly cited examples of stories from the media about different threats and vulnerabilities online. [Comments related to concerns about the Internet and other technologies are shown in Tables 9 - 11.] The majority of participants maintained that they understand very little about what happens to information processed over the Internet, and those without much Internet experience tended to voice stronger fears about this channel compared to those with more experience.

Phone

Individuals consistently reported low levels of trust in providing personal information by phone. Reasons provided for these attitudes included:

  • no tangible record of the event,
  • difficulty authenticating the individual on the other end of the conversation;
  • inability to see how the information is being treated, and
  • foreign accents of some operators (it was suggested that this causes some uncertainty about where information is going)

While the phone was reported to be the least trusted channel for providing personal information, many individuals noted that the phone can help to preserve anonymity when seeking information from different organizations.

Does the channel matter?

Individuals in two different groups contended that the channel used to provide information is relatively insignificant, because the information is eventually stored on computers and subject to the same threats (most commonly noted in terms of "hackers getting into the databases"). As previously discussed, most individuals disagree with this contention, as they associate different risks and levels of confidence with each channel.

4.2.2.5 Data Sharing

Not surprisingly, most groups raised the issue of data sharing between government organizations during various parts of the discussions. Individuals' comments on this subject showed distinct contrast between the attitudes of participants. A number of individuals reported that they believe data sharing programs are fundamentally breaches of information privacy, [These fundamental objections were most commonly based on the logic of: 'if I provide my information to one organization and they share it with another organization, that is wrong and unacceptable.'] while others claimed that government data sharing programs contributed to a feeling of having little control over where their personal information is communicated (e.g., from Group 2 "I don't think you have too much control with the government, and different government departments, because they just share information").

On the other hand, many people expressed qualified support for certain sharing arrangements, including some who where quite positive about the potential for data sharing. These supporters noted that there are situations where data sharing is necessary and acceptable, provided that two general conditions are met: the sharing is done fairly or ethically, and the individual perceives some benefit as a result of the data sharing program. Many of these participants expressed frustration about having to submit information multiple times to different government organizations and said that they would rather have the information shared between certain entities. Comments suggested that this type of sharing would be acceptable in situations where, for instance, and individual has provided their information to IRD and then is also required to provide that information to 'Organization X,' some would rather just authorize Organization X to get their information from IRD. [This example is included to clarify that participants expressed greater support for having the ability to authorize data sharing on a case-by-case basis, rather than data sharing operations that do not require their informed consent.] The divergent views are illustrated in the comments below, from two members (A and B) of the same group.

(From Group 5)

A : "...the conspiracy theory I have that they, that [government organizations] all share information stops me, makes me think twice before I tell them the truth. It's not that I lie to them, but I'll give them my name and address and let them figure it out."

In response, another group member (B) expresses their contrasting view:

B: "Well, I prefer sometimes for them to share, I get sick of going through all the same information again... well can you not check it out with IRD, they've got it all there ... and I just find that quite annoying"

The most commonly cited benefit of data sharing was convenience (e.g., avoiding the hassle of re-submitting the same information to different organizations), and no participant mentioned 'saving tax dollars' as a perceived benefit.

4.2.3 Prevailing Themes and Recurring Topics

4.2.3.1 Power distribution in the state - citizen relationship

One recurring theme that was central to most of the group discussions related to the unique context of the relationship between the State and its citizens. In contrast to the environment of the private sector, people reported feeling as though they have little power in this relationship, and little control over what information the State has about them and how it is used. Furthermore, individuals reported that they believe they have little or no choice about whether to provide personal information when a government organization requests it from them. Based on the comments made by participants and the frequency with which this topic occurred in the various discussions, this feeling of an uneven distribution of power seems to significantly influence the attitudes of the majority of these individuals.

Comments: The power of government organizations

Group - Quotation

1 [talking about large, central government departments]

"... with those sorts of organizations, you don't feel very empowered, to say 'No I am not giving [my personal information] to you'"

2 [talking about government organizations in general]

"like you have more control over what [information] you give to the private business over like the government ... you can't really say to them I can't give you that, I can't tell you that because they sort of, ... I have the idea that the government can find it out if they want to."

5 [talking about government organizations in general]

"we've seen it right through the years they can fob it off...you can't really do anything against government"

8 [talking about personal experience with WINZ]

"No, they have this power thing over you, ... it's like, you know, (speaker slams fist on table) [they're] the boss."

Table 8 provides examples of related comments made in different groups. Since information privacy relates to an individual's ability to determine who their personal information is communicated to and what it is used for, this commonly asserted belief (that individuals have minimal power and control in this relationship), may be particularly influential in shaping citizens' attitudes in this context.

4.2.3.2 Technology: Concern and lack of understanding

As shown in the preceding literature review, many issues related to information privacy are inextricably linked to technology. Participants' comments commonly included concerns and observations about how different technologies seem to pose risks to their information privacy.

Due to the diversity of participants in the focus groups, comments reflected many different levels of knowledge about computers, the Internet, and technology in general (from inexperienced and uneducated / untrained, to experienced and educated / trained).

Throughout the groups, most of these issues and concerns were raised in relation to individuals' personal experiences and stories they had heard through various media channels. Comments about technology generally involved one or more of three themes: concerns about the security of computers and the Internet, worries related to increasing reliance on computers and information technology (including the perception of increased potential for privacy breaches), and a lack of understanding about what happens with personal information submitted to organizations.

The most frequently mentioned group of concerns was focused on security issues related to computers and the Internet. Participants consistently reported anxiety about the trustworthiness of the Internet as a medium for communicating personal information; often expressing fears about "hackers" and various stories they had heard (see Table 9).

Comments: General security and privacy concerns related to the Internet

Group - Quotation

1 [talking about sending personal information over the Internet]

"With the Internet, I'm always really worried about who else can, not the organization, but which hacker's going to get my information"

2 [explaining concerns about the Internet]

"I think just because it's so open, and it's, you know, it's really hard to determine what is secure and what isn't secure..."

8ii [explaining attitude towards the Internet]

"I don't trust [the Internet] at all, too many cyber people out there."

5 [explaining why he does not trust the Internet for communicating personal information]

"people say, 'yeah, the internet's quite safe,' but the hacker's job is to bypass any new information, you know, and it's a constant, as soon as they've pulled out one product, ...they've got something they can bypass it with, and within forty-eight hours they reckon, from the time something new comes out, you can get around it.

Yeah, so not much faith in the internet myself."

6 [responding to question about whether any stories in the media influence concerns]

"What one reads ... definitely one reads that emails are open to severe abuse"

In addition to worries about the security of information communicated via the Internet, individuals expressed concerns about the security of computers and databases that can be compromised via the Internet or otherwise (see Table 10). Some comments about this issue included assertions that people feel there is more potential for significant breaches of information privacy based on the increasing use of information technology.

Table 10. Comments: Concerns about the insecurity of personal information

Group - Quotation

1 [expressing concern about the insecurity of personal information on computers]

"It annoys me more that people can actually lift the information and it doesn't matter how... confidential it supposedly is, people still gain your name, they gain your address, they hack in, they get your email, they get whatever."

4 [expressing concern about the insecurity of personal information on computers]

"[Hackers] got into the Pentagon, I mean, do I think that they could get into my doctor's records or the IRD, if they can get into the Pentagon, (sarcastically) ... It's just possible that my GP doesn't have as many protections as the Pentagon."

7 [expressing concerns related to technology and personal information]

"This new technology has banished all notion of privacy. As people have easy access to private information that needs to be kept secured."

5 [expressing doubt about organizations' ability to secure personal information]

"If a hacker wants to get in, they'll get into the servers, I mean, all those big companies have remote server access for people working, people managing them, so [hackers] have a way of getting into them"

4 [about personal information being in digital form on computers]

"it's now computerized and much more likely to be seen. I think it's a very hazardous, very dangerous situation." ..."Well, once you've got things sitting on a database somewhere then, then any number of people who wanted to get in and have a look at it, can get in and have a look at it"

7 [expressing fear about the availability of information and potential for damage]

"Looking at modern technology, and how privacy has resulted in an increase of lawlessness, and people finding ways to access personal information... so there's always that fear, that one day they will have access to disclose it."

Although levels of fear were higher in those individuals who reported having less experience using the Internet, experienced Internet users [Including individuals educated in information technology and trained to work with computers.] also voiced concerns and distrust, including the comments shown in Table 11.

Comments: Concerns from experienced and educated users

Group - Quotation

2 [talking about sending personal information over the Internet]

"I studied [information technology] for a while so I don't have much confidence in the security [of the Internet]"

8ii [explaining why he does not trust the Internet for communicating personal information]

"For me, just because, for myself, because I work with computers ... people that are quite brainy these days, they can, ..., attach something to your email and it extracts your information and you wouldn't know, or they make a program for your bank account details through a café,... it's probably the worst [channel] for me"

Another type of technology-related concern was based on participants' feeling of having insufficient knowledge about the Internet and information technology in general. Individuals reported that, although government organizations gave them assurances about the protections in place to keep their information confidential, individuals had very little knowledge about how (or whether) this was achieved, and some doubted whether they would be informed if something went wrong. A number of comments comparing the Internet to other channels suggested that this lack of understanding caused individuals to be less confident in the Internet, for instance:

"I don't really understand the Internet, I don't understand it all, but I can understand, you write on a piece of paper, [or] you go and talk to someone, because that's something you know, you're well aware of."

Based on a number of the comments made in different groups, some individuals believe that it is common for hackers to intercept their communications, or intrude into computer systems to steal their information. For example, as individuals complained about unsolicited contact through postal mail and telephone calls, an individual implied that the postal address and phone number were likely gained by hacking when she asserted: "So they've hacked in somewhere to get that info on you." [Although this informationcouldhave been gained through hacking, it is seemingly more likely to have been gained through more traditional means of information brokering (e.g., the sale of customer lists).]

4.2.3.3 Organizational Situation Handling

Throughout discussions about the scenarios presented and the personal experiences participants shared with each group, the researchers posed questions about how (or whether) certain events would impact on individuals' level of trust in the organizations involved. As they explained the effect each scenario would have, two factors commonly raised by participants were: the way the organization disciplines the employee(s) responsible for causing the breach, and the way the organization handles the situation with the individual whose privacy was breached.

Punishment for wrongdoing related to personal information

In many groups, participants emphasized the importance of the actions an organization takes to punish employees who breach privacy. When the researchers asked questions about whether specific scenarios (each involving a different type of improper information flow) would have an effect on participants' trust in an organization, numerous individuals reported that the effect could be minimized as long as they knew the organization adequately punished the responsible individuals. This concept was raised in relation to a number of very different scenarios (minor breaches and major breaches), for example: after discussing a case where employees of a large government department were discovered violating citizens' privacy for personal financial gain, the researchers asked whether this would have any impact on participants' trust in that organization. While many reported that this would have an adverse effect on their trust in the organization, others reported that, as long as the individuals were punished appropriately, this would not have an impact on their trust (see Table 12).

Comments: The influence of punishment

Group - Quotation

5 [response to a question about whether a breach of privacy would affect one's level of trust in a government organization]

"Well that's the thing, you're trusting the government, because they are doing that, they're finding the people that are doing it, and they're found and punished.

... And they're pulling these people out and getting rid of them."

8i [response to instance where employee deliberately breaches a citizen's privacy]

"I trust them more if there was a heavy penalty, like I knew they'd be dumped for [that breach]"

1 [response to a case where government employees sold citizen's information]

"As long as there's penalties for anyone doing that sort of thing, that's severe enough to put most people [off]... that the government takes these things seriously"

This concept was also evidenced by participants' personal anecdotes. After one researcher asked about why individuals trust some departments more than others, one person shared the following:

"I have to say I really trust in IRD, because I know of an instance where somebody was working at Inland Revenue, checked up his daughter's [personal information] and was fired on the spot. So I know they... take their privacy literally" (this person heard this story from a friend)

Organizational honesty

In cases where privacy is breached, the importance of the way the offending organization treats the individual (victim), was expressed through discussions comparing different scenarios. Opinions presented in different groups emphasized the importance of an organization being honest, candid and sincere towards the individual. When organizations met these conditions, many individuals claimed that this would reduce (or even nullify) any negative impact on their trust in the organization.

For example, given a scenario where an organization notified a participant that her sensitive personal information was accidentally mailed to the wrong address, the researchers asked whether the incident would affect her level of trust in the organization:

"Not if they're honest, if they rung and said it was in [error], because I mean, everyone makes mistakes, but if they just owned up and said 'We made a mistake,' ..., then I wouldn't be bothered really"

For more significant breaches, this factor was reported as having less power to mitigate a decrease of trust.

4.2.3.4 Consequences of a breach

In each group, participants explained how various scenarios had affected, or would affect, the amount of trust they place in different organizations. [This included their reactions to previous personal experiences, as well as their responses to the hypothetical scenarios presented by the researchers.] The overwhelming majority of individuals reported that breaches of information privacy have an impact on their trust in organizations (i.e., breaches affect their assessment of the trustworthiness of the organization). These responses suggest that a number of variables seem to influence the magnitude of the impact on individuals' trust. These factors include:

What was the perceived cause of the breach? In increasing order of adverse consequences, people distinguished between general categories of: an honest mistake, staff incompetence, deliberate wrongdoing, and/or motivated by financial gain.

How sensitive was the information involved? Not surprisingly, the more sensitive the information, the greater the impact a breach would have. Individuals generally reported that health information and financial information are the most sensitive (in that order), while a few individuals claimed that their contact details were the most sensitive (these individuals explained that they did not want previous acquaintances to be able to find them).

What happened to the information? If the information was improperly disclosed, the magnitude of the impact was influenced by the entities it was disclosed to (i.e., Who received the information?).

How did the organization handle the situation? Individuals emphasized the importance of an organization's response to any privacy-related situations, as was addressed in the previous section (i.e., How did they treat the individual? Was the organization perceived to be up-front and honest? What is the organization doing to ensure this will not occur again?, etc.).

Has this type of event happened before / is this event consistent with, or contradictory to, the organization's reputation? When explaining how much an event would impact their level of trust, individuals commonly said this would depend on whether the problem was perceived to be a "once-off" or not. Individuals were more likely to "give the organization the benefit of the doubt" in cases where an event appeared to be a unique aberration from an otherwise trustworthy reputation.

Also, although some people reported being relatively unconcerned about their privacy, many others became quite emotional as they recounted personal experiences. In one group, an individual repeatedly slammed her fist on the table as she explained an instance where she believed WINZ had shown disregard for her privacy. She then apologized, "Sorry, I'm getting all hyped up." In another group, after listening to others sharing negative experiences with IRD, a man stated with frustration, "talking about all of this makes me really angry because I just had a bad experience with these people [employees of IRD]." This type of emotional response was most often shown by individuals who reported having an unfavorable first-hand experience with a government department.

4.2.3.5 Participants' reported attitude Vs. behavior

Another noteworthy issue relates to the fact that some individuals' reported attitudes seemed to be contradicted by their reported behaviors. This occurred in more than one group, and was most often related to technology issues. An illustration of this comes from a discussion where individuals were talking about their concerns about using the Internet as a channel for providing personal information. One particular individual in the group repeatedly insisted that he had no trust in the Internet and wouldn't ever send personal information over the Internet. This individual reported that he worked with computers in his job, claiming that he consistently observed "things going wrong" with computers and the Internet, and affirmed "I'd never trust [the Internet] for personal information." As a follow-up question to this comment, a researcher asked whether he used online banking or Trade Me for online transactions. After a long pause, the individual smiled and admitted that he used both services on a regular basis (online banking and Trade Me). This participant explained that, although he did not trust the Internet, the convenience of being able to do things online was sufficient motivation for using these services. While it may not be surprising that people's behaviors sometimes belie their reported attitudes and preferences, it is important to be aware of this when interpreting findings based on participants' reported attitudes.

back to top

4.3 Survey of complainants to the OPC

The purpose of the survey of individuals who had made a complaint to the OPC was to learn about the consequences of privacy breaches from individuals who believed that their privacy had been violated. More specifically, the survey was designed to collect information about how respondents' attitudes and behaviors changed after the incident related to the privacy complaint they filed. In addition to their level of trust in the specific organization (which they believe breached their privacy), if an individual reported having filed a complaint against a government organization, information was gathered on their level of trust in government organizations in general. Data was also collected about individuals' willingness to provide personal information to organizations before and after the alleged breach, along with information about changes in their behavior.

One hundred and ten complainants were notified of this study and were offered an opportunity to participate in this research. As outlined in the Methodology section, after being notified of this study, each complainant had to contact the research team in order to request a survey, and twenty-four individuals did this. Seventeen completed surveys were returned from participants geographically distributed throughout New Zealand. Although the total number of surveys completed was lower than anticipated, each survey provided detailed information about the respondent's attitude before and after the incident related to the complaint they filed.

4.3.1 Reported Level of Trust: Before and After

Table 13 presents response data for questions five and six (Q5 and Q6), which enable comparisons between participants' reported level of trust in the specific organization that they believe breached their privacy (before and after the event). 76.5 percent of respondents reported a decrease in trust towards the organization after the incident. [Where an individual's affirmed attitude after the event (Q6) was less trusting than before (Q5).] While 58.8 percent of all respondents reported having "very trusting" or "moderately trusting" attitudes towards the organization prior to the event (Q5), 82.4 percent reported that their attitude towards the organization after the event was "very untrusting" (Q6).

Table 13. Trust in organizations, before and after incident

Question (n = 17)

VT*

MT

U

MU

VU

MEAN**

Q5. "Before the incident related to the complaint I filed, my attitude towards the specific organization that I feel breached my privacy was:"

4

6

3

2

2

2.53

Q6. "After the incident related to the complaint I filed, my attitude towards the specific organization that I feel breached my privacy was:"

1

0

1

1

14

4.59

Q8. "Before the incident related to the complaint I filed, my attitude towards government organizations in general was:"

2

9

1

3

0

2.33

Q10. "After the incident related to the complaint I filed, my attitude towards government organizations in general was:"

0

0

0

4

11

4.73

* Abbreviations: VT = "Very trusting" MT = "Moderately trusting" U = "Unsure"

MU = "Moderately untrusting" VU = "Very untrusting"

** MEAN = Average Response (1 - 5, where 1 represents VT and 5 represents VU)

88.2 percent of respondents reported that the organization they believed breached their privacy was a government organization. One section of questions (Q8 - Q12) was answered exclusively by this group, [For Q8 through Q12, n = 15.] in order to collect data about how an individual's experience with one government organization affects their attitude, including their attitude towards government organizations in general. This group of participants completed Q8 and Q10, which asked about their level of trust in government organizations in general, before and after the incident (see Table 13). 86.7 percent of this group claimed that their level of trust in government organizations in general had decreased from before the incident to after it. [Where an individual's reported attitude after the event (Q10) was less trusting than before (Q8).]

All those participants who claimed a government organization had breached their privacy reported having either a "moderately untrusting" or "very untrusting" attitude toward all government organizations in general, after the event, including 73.3 percent reporting "very untrusting" attitudes for after the incident (see Q10). This result may contradict the responses given by many focus group participants, who reported that if one organization breached their privacy, this would only affect their level of trust in that organization and would not have an impact on their level of trust in all government organizations.

4.3.2 Willingness to Provide Personal Information

Questions 11, 12, 15 and 16 asked each respondent about their willingness to provide personal information to organizations (again, at both specific and general levels), and response data for these questions is provided in Table 14, below. All participants answered Q15 and Q16. 82.4 percent of respondents reported that they were less willing to provide personal information to the specific organization that had breached their privacy (answering either "Strongly agree" or "Agree" for Q15, including 64.7 percent who agreed strongly). 82.4 percent also reported that they were less willing to provide personal information to any organization after the event (see Q16 in Table 14). While the overall percentages of individuals agreeing with the statements in Q15 and Q16 were equal, the data shows that the magnitude of this agreement was distributed differently, with more participants reporting stronger prejudices against the specific organization involved.

Table 14. Willingness to provide information, attitudes and behavior

SA*

A

U

D

SD

MEAN**

Total Agree (%)

Q11. "After the incident related to the complaint I filed, I am less willing to provide my personal information to any government organization, regardless of whether they have mishandled my personal information."

5

7

2

1

0

1.93

80.0

Q12. "As a result of the incident related to the complaint I filed, I haverefused to provide personal information to a government organization (once or multiple times) because I don't trust them with my information."

1

7

1

3

0

2.50

53.3

Q15. "After the incident related to the complaint I filed, I am less willing to provide my personal information to the specific organization that I feel breached my privacy."

11

3

0

2

0

1.56

82.4

Q16. "After the incident related to the complaint I filed, I am less willing to provide my personal information to anyone (government organizations, private organizations, etc.)."

5

9

1

1

0

1.88

82.4
* Abbreviations: SA = "Strongly Agree" A = "Agree" U = "Unsure" D = "Disagree"

SD = "Strongly Disagree" Total Agree = (Strongly Agree + Agree)

** MEAN = Average Response (1 - 5, where 1 represents SA and 5 represents SD)

Thus, the lower the mean score, the more strongly participants tended to agree with the statement.

Q11 and Q12 were answered only by respondents who had filed privacy complaints against government organizations. 80 percent of this group affirmed that they were less willing to provide personal information to any government organization, regardless of whether the organization had mishandled their information (answering either "Strongly Agree" or "Agree" for Q11). Q12 asked participants about whether they had behaved in a distrusting way, and 53.3 percent reported that, as a result of the incident, they had refused to provide personal information to at least one government organization. Two other participants did not select an answer for this question, and instead commented that the opportunity to refuse to provide personal information to a government organization had not yet arisen.

back to top

4.4 Interviews with community leaders / representatives

The purpose of interviewing representatives and advocates was to collect information that would supplement the data gathered through the focus groups and the survey of complainants. Each participant received the interview questions (see Appendix E) prior to meeting with the researcher, and in order to help validate their responses, most reported that they had sought input from other members of the group they were representing. This section presents the main points raised in each interview.

4.4.1 Interview #1: Social welfare beneficiaries

Several beneficiary advocates (including some who had been beneficiaries themselves) were interviewed as a group.[This format was used because the group felt (collectively) more able to represent the attitudes and experiences of social welfare beneficiaries.] Most of this discussion was primarily focused on beneficiaries' interactions with Work and Income New Zealand (WINZ). Interviewees emphasized that the relationship between beneficiaries and WINZ is characterized by an imbalance of power and control, and that beneficiaries generally have had low levels of trust in government. Another factor said to influence this group's attitudes towards (and levels of trust in) the government involved the perception that some government publicity campaigns have been seen as characterizing beneficiaries as "fraudsters" and criminals. The participants also explained that, based on their experiences, many social welfare beneficiaries are not highly educated and know very little about what laws or protections existed to protect their rights.

Interviewees reported that beneficiaries tend to believe that they have very little control over what information they provided to WINZ and other government agencies, and suggested that the quantity and type of information this group provided to the government makes them particularly vulnerable to having their sensitive information mishandled. Also, the issue of government data sharing and matching programs was raised as a cause of considerable fear and anxiety amongst beneficiaries.

Interviewees provided several examples of situations where beneficiaries information had been mishandled by WINZ employees,[e.g., one interviewee reported that, because of an error made by WINZ, he had recently received sensitive personal information about hundreds of local beneficiaries (which he had no right to receive).] and mentioned multiple stories in the media that had influenced this group's concerns: "We generally get a flurry of comments from clients [beneficiaries]... after publicity about a privacy breach." In addition to providing anecdotes involving breaches of information privacy, interviewees expressed frustration that, most often, attempts at recourse were ineffective because "you can't really track it back through the system... to prove that the information was wrongly given out." In response to a question about whether stories involving privacy breaches have an adverse effect on individuals' confidence, an interviewee said, "I think it impacts greatly on concerns, one negative story is worth a lot," and another added "Because [as a result] you can't give assurances" that people's information will be handled properly.

4.4.2 Interview #2: Ethnic councils in New Zealand

A representative of various ethnic councils in New Zealand raised a number of issues from this group's perspective. The participant explained that, since a high percentage of members of ethnic groups (or their parents) have immigrated to New Zealand, their attitudes towards the government are often significantly influenced by their attitudes towards (and experiences dealing with) the government of the country they have come from. [e.g., if an individual comes from a country where the government is highly corrupt and abusive of its citizens, this likely influences their attitudes towards the New Zealand Government.] Along similar lines, the interviewee explained that historical events can have significant, long-lasting effects on people's attitudes towards government and, therefore, this group's level of trust in government varies greatly. This individual also noted that, although members of this group tended to be intelligent and skilled, they were likely to have less knowledge about laws and human rights in New Zealand.

The representative mentioned that people generally seemed to have more confidence in government organizations (compared to others), and this was partially due to the perception of transparency and accountability, because any governmental wrong-doing would likely be made public and result in negative publicity. However, the interviewee also said that the recent increase in data sharing among government organizations was a source of concern about the future, noting that people seemed especially concerned about the potential for linkages between types of information and anxiety about moving towards a 'Big Brother' government. Similar to other groups, the representative noted that individuals' concerns appear to be strongly influenced by media reports about stories involving breaches of privacy and confidentiality.

4.4.3 Interview #3: Pacific peoples

To complement the input collected from the focus group of Pacific peoples, an individual representative was also interviewed. This individual suggested that Pacific peoples have generally had low levels of trust in the government, largely based on historical events and stories communicated about personal experiences. The interviewee emphasized the effect that the "dawn raids" (controversial efforts to detain illegal immigrants, which occurred during the 1970s and involved multiple government organizations) have had on Pacific people's attitudes towards the New Zealand Government. Specifically related to the issue of information privacy, the individual stated that these events have resulted in "a lot of mistrust about what information is held, who accesses that information, and a lot of fear as well."[The interviewee also explained that high percentages of predominately Pacific communities (around Porirua) refused to complete the most recent census, suggesting that this may have been a manifestation of attitudes of mistrust about how the information would be used.] Later in the interview, the participant commented that most of this group's mistrust towards government is likely related to their attitudes towards large departments like Work and Income New Zealand, Inland Revenue, the Department of Child, Youth and Family Services, and the Immigration Service.

The representative also explained relevant aspects of cultural issues in Pacific communities, including the importance of keeping family matters private, and protecting the reputation of one's family name. The participant suggested that this group's "concerns about their personal information and how it's handled is often driven by what they know about how it should be handled or don't know about it, and more than not, they don't know much." Another issue thought to be unique to (or more pronounced in) Pacific communities is that individuals "very rarely complain" via any complaints process. Instead of complaining to the organization (or other relevant entities), they are much more likely to tell others in the community about their negative experiences, which does not help organizations to address their concerns or their dissatisfaction. The interviewee also affirmed that there is concern about what information is being shared between government agencies, and that this is related to people's confidence that their privacy would be respected. Moreover, she suggested that many Pacific people have a low level of understanding about what they are agreeing to when they complete forms for government organizations, and how the information is used:

"The issue is that they don't really understand what they're filling out, and because so many of them are dependant on government, I would say that... they do care how their information is managed, but I don't think they have that much trust with government because of their lack of understanding of how - who's sharing information."

In regard to this group's attitude towards technology, the interviewee stated that many Pacific people in New Zealand do not have access to computers and the Internet, which contributes to a lack of experience and familiarity with these technologies. The individual also noted that those people who were born in New Zealand (in comparison to recent immigrants) are more likely to be comfortable using computers and online services (based on having more experience with, and exposure to, these technologies).

4.4.4 Interview #4: Māori

To complement the information collected in the Maori focus groups, two representatives of Māori were interviewed (their occupations and experiences made these individuals particularly suited to participate in this study, and the age difference between them helped to provide input from two different generations).

The interviewees expressed the view that Māori have generally had low levels of trust in the New Zealand Government. In addition to the underlying mistrust resulting from controversy over issues related to the Treaty of Waitangi, other more recent issues were also mentioned as sources of mistrust (including the "Foreshore and Seabed" disputes that led to the 2004 Hikoi (march), and the way various politicians had recently supported proposals to eliminate government programs designed to help Māori). The two individuals suggested that Māori tend to have different attitudes towards various parts of the government, trusting some more than others. While many Māori may tend to have more trust in organizations that are believed to help Māori communities (e.g., the Ministry of Māori Development (TPK), the Māori Language Commission and the Māori Broadcasting Commission), they said that many Māori (often in lower socio-economic classes) tend to distrust the Police and other government organizations.

Presenting Māori perspectives and concerns about information privacy, interviewees discussed several aspects of Māori culture. The participants noted that, although sharing personal information is seen as an important part of Māori culture, this is typically done orally and there are sensitive issues related to recording Whakapapa (Māori genealogy) and other personal information. These issues include concerns about identity theft and losing control over personal information. [An interviewee explained that, since so much of one's identity and entitlements are based on one's ancestry and personal details, some Māori believe that sharing of recorded personal information has potential for negative consequences.] One interviewee also commented that some government organizations have been insufficiently sensitive to Māori cultural issues when collecting personal information.[e.g., In handling issues like 'Whangai' - or Māori adoption, where issues of legal parenthood are different from traditional Pakeha (European) adoption. While government guidelines may exist in relation to handling Māori adoption, it was suggested that some organizations do not consistently follow these guidelines.] Interviewees also suggested that there is not a high level of understanding amongst Māori about which organizations are parts of the government and which are not.

The representatives suggested that media stories have had a significant influence on Māori attitudes towards the government and concerns about the privacy of their personal information. For some Māori, they explained that events like the "dawn raids" of the 1970s still fuel a sense of mistrust towards the government, while more recent cases seem to have a greater impact on current levels of trust. For example, they cited widely publicized allegations in 2003-04 about a New Zealand Security Intelligence Service (SIS) operation (referred to as "Operation Leaf") allegedly designed to spy on Māori organizations and individuals. Regardless of whether the allegations surrounding Operation Leaf were accurate, the coverage of the story was said to have caused significant concern amongst Māori, and seems to influence their attitudes towards the government.

In response to questions about Māori attitudes towards using technology and the Internet to interact with government, interviewees discussed potential obstacles including insufficient access to resources and low levels of computer literacy. Although they indicated that Māori prefer to interact in a face-to-face environment, it was also suggested that younger Māori would be increasingly likely to interact using the Internet, as the younger participant (age 20 - 29) commented, "for my generation, we're more comfortable [using technology and the Internet] because it's the way we communicate with people."

4.4.5 Interview #5: Muslims

Two representatives of Muslims in New Zealand were interviewed. These individuals explained that a high percentage of this group have immigrated to New Zealand, often coming from third world countries. As a result, they suggested that individuals' attitudes towards the government are largely influenced by the cultural and emotional "baggage" they have brought with them. Based on the participants' experiences, many individuals in this group are generally less concerned about privacy issues and more focused on meeting "lower-level" needs. Furthermore, it was suggested that the concept of privacy carried different connotations for Muslims, explaining that the term is often more closely associated with private family information (which tend to be very sensitive), rather than other personal details.

One interviewee explained that he had recently noticed changes in the attitudes and behaviors of many Muslims, saying "as of late... many Muslims seem to be not forthcoming with information... when it comes to the public arena, they'd rather be non-descript and anonymous." The other individual corroborated this view of recent changes in attitudes and behaviors, and they both voiced significant concerns about the "new laws," in reference to new counter-terrorism and terrorist financing legislation. Although they were not very familiar with the particular details of the legislation, they believed it could allow the government to subjectively declare that an organization or individual had supported terrorists (e.g., based on donations made to organizations that may later be declared to be linked to terrorism). The interviewees suggested that uncertainty, and concern about what consequences these new laws might have, are a cause of worry amongst many Muslims in New Zealand.

4.4.6 Interview #6: People with disabilities

An individual representing the unique perspective of people with disabilities was interviewed. Speaking about this group's general level of trust in the government, the representative explained that most people with disabilities tend to trust some government organizations more than others. It was suggested that this is based on individuals' personal experiences and what people know (or have heard) about each organization. As an illustration, the interviewee noted that the Ministry of Health's Disability Services Directorate (DSD) is generally more trusted than many of the health screening programs that the Ministry of Health was responsible for. The representative explained that the DSD has earned the trust of disabled people, "gradually, through successive iterations of our concerns - there's a general belief that we'll be listened to." In contrast, she said that individuals' previous experiences with health screening programs have called into question the trustworthiness of the organizations responsible for ensuring that the information is handled properly, and has resulted in significant mistrust (specifically about how the information will be used, and who will have access to it). [The interviewee cited the Gisborne Cervical Cancer Screening Inquiry as an example of a case where individuals' personal information was mishandled, having an adverse affect on individuals' trust and confidence.]

The representative emphasized the importance of protecting the privacy of personal health information, as breaches in this area seem to make people less willing to share important information with medical practitioners, "We don't want some person going into our records to see [the information we provide], we can't trust them [to keep this confidential], so we won't say." The interviewee also suggested that organizations and workers tend to be less respectful about disabled individuals' right to privacy, "if you're disabled, it seems that all your details become anyone's property."

The interviewee said that another serious concern relates to the "information gap" between individuals with disabilities and those who collect and use their information,

"without knowing what happens to your information - you can't even begin to address the privacy concerns if you don't know what you need to know. Informed consent is important."

Another issue that was raised included concerns about the National Health Index (NHI). The participant suggested that there was uncertainty about what information will be associated with the NHI in the future, and what the information will be used for. Related to data sharing, the participant suggested that sharing of information among government organizations was a "serious worry" to this group, and this contributes to a feeling of vulnerability and having inadequate control over where one's information is communicated.

4.4.7 Interview #7: Women

Although 'women in New Zealand' is a very general classification, it was suggested that women have a sufficiently unique perspective, and the interviewee representing this group raised a number of relevant points. Similar to other interview participants, in addition to having extensive experience and relevant knowledge, the individual sought input on the interview questions from many other women before meeting with the researcher.

The participant explained that many women reported that their trust in the government was decreasing, largely because of the increasing reliance on information and communications technologies (ICT), "it's not necessarily that they don't trust the government - it's that they don't trust the technology" involved in the operation of government. [e.g., "Yes, they're concerned that if the government goes to entirely electronic collection, it will become more easy for 'hackers and spammers and scammers' whatever else you want to call them, to get into that information somehow."] The individual also reported that women claimed to have various levels of trust in different government organizations, and that most made distinctions between the trustworthiness of politicians and public servants. However, she said, "there's a lot of blurring of boundaries," explaining that there is some confusion about which organizations are part of the government and which are not.

The interviewee suggested that women tend to have more confidence that their privacy will be protected by government organizations compared to other organizations. This, she explained, is related to their worries about the increasing frequency of identity theft and the general belief that the private sector is more involved in activities that lead to identity theft. Also, although many women are aware of the Privacy Act and the Official Information Act, she said "they don't know the content of those acts," and "there's a lot of misinformation" about the provisions of the Privacy Act.

Specifically talking about women's views related to informational privacy, the interviewee provided examples of instances where women's personal information has been misused [The participant cited a number of health screening programs for women where privacy was allegedly breached.] and suggested that these occurrences are causes of serious concerns. The participant affirmed, "those issues are influencing people's trust in government systems," and clarified, "there is an issue of concern about how the information [collected by government organizations] might be used,... what might [the government] do with [the information]?" These concerns, she suggested, have been minimized by some organizations that clearly explain why certain information is being collected and how the information will be used (e.g., Statistics New Zealand). The interviewee also reported that a number of women she had talked with said they were unwilling to provide any personal information that did not seem specifically necessary for a given interaction. [e.g., "A lot of them say 'If a form says we want your date of birth,' they refuse to fill in the form, unless there's a very solid reason for the need of date of birth."]

On the topic of data sharing, the representative suggested that, while most women seem to be reasonably accepting of data sharing programs, they are concerned about how government organizations ensure that sharing and matching is done accurately and fairly.

4.4.8 Interview #8: Older New Zealanders

The perspective of older New Zealanders was provided through an interview with a representative of an organization that performs advocacy for this group. The participant suggested that older New Zealanders generally have a moderate level of trust in the government and, within 'the government,' most individuals tend to differentiate between the trustworthiness of politicians and public servants.

In relation to their concerns about privacy and providing personal information to government organizations, the representative suggested that older New Zealanders tend to be uncomfortable when organizations request seemingly irrelevant information from them. He advised that members of this group often become frustrated if government employees do not satisfactorily explain why the requested information is needed, and he said this contributes to a view that government employees are saying "'you've got to give [your information], so give it' rather than, 'we need this information because, for these reasons.'" The individual affirmed that, when government organizations fail to explain why requested information is needed, "that leads to a loss of trust and confidence that information is relevant and isn't simply being taken for the sake of being collected."

The interviewee also asserted that many older New Zealanders have concerns about the sharing of data among government organizations, and clarified that these concerns seem to be fueled by a lack of knowledge about data sharing programs (which organizations are sharing information, what information is being shared, what is the purpose, etc.). Furthermore, he explained, their concerns seem to be strongly influenced by stories in the media about government organizations mishandling citizens' personal information, suggesting: "that destroys the confidence that they have in [government organizations'] ability to handle material confidentially."

In relation to older New Zealanders' use of technology, the participant noted that many individuals in this group are not computer literate, and are generally uncomfortable using computers.[He also noted that computer literacy campaigns are helping some older New Zealanders gain experience using computers and the Internet, but many have little or no experience.] He commented that many individuals have concerns about "hackers" and the confidentiality of information communicated via the Internet, and these anxieties would likely be obstacles to their use of the Internet, "that's the same reason that older New Zealanders will just totally resist Internet banking and all those sorts of things, because of the perceived concerns that they have about privacy and access and hackers."


[ Previous | Next ]