Are you signing away your privacy?

Know your rights

Are you signing away your privacy? Know your rights

Privacy is important, especially when it comes to your money. There are certain personal financial details Kiwis don’t want falling into the hands of hackers, or for that matter their partners, children, employers and others. Some things are just personal.

Most reputable Kiwi organisations do their best to stay within laws such as the Privacy Act, Human Rights Act, and others. However there are a whole heap of ways they can breach your privacy.

But first, you need to understand the concept of “authorised disclosure”. When you agree to the terms and conditions of all sorts of credit, which can include utility and mobile phone accounts not just loans, you usually agree to “authorised disclosure”, which means you allow your data to be shared in specific ways.

For example, when you take out insurance, the terms and conditions say that details of your claims can be lodged on an Insurance Claims Register, that other insurers can access and view. Another way you might authorise that disclosure is in the fine print of an employment contract.

Signing away your privacy

Some of the areas where you might want to consider your privacy include:

  • Credit reports. Whenever you apply for credit you agree for certain aspects of your data to be shared with credit reporting agencies illion, Equifax, and Centrix. That date can be viewed by other lenders, employers and landlords. You have the right to view the private information held about you by these agencies and ask for it to be corrected. But you can’t get it deleted.  There is a Credit Reporting Privacy Code and if you think the credit reporter has been naughty you can complain to the Privacy Commissioner. Credit Simple isn’t a credit reporter but we’re owned by one – illion – and we’re careful to make sure we do all the right things.
  • Insurance Claims Register. This register is run by the Insurance Council of New Zealand  and is designed to detect and prevents fraud, such as purposeful non-disclosure and double dipping. This is a little scary because if your name is flagged for fraud on the ICR it can be extremely difficult to get insurance of any kind, and as a result, take out a mortgage.
  • Banks and finance companies. Banks know an awful lot about you and me. They know where you shop, how much money you earn, where you invest and sometimes even your net worth (how much you own or owe). Some of the most common issues (albeit rare) faced by bank customers often relate to ex-partners being given access to statements.

Real life privacy breaches

The Privacy Commission, Insurance & Financial Services Ombudsman (IFSO), and Banking Ombudsman, and other agencies hear cases related to breaches of individuals’ privacy. Some examples include:

  • Put in harm’s way. A bank customer changed her name by deed poll to escape a violent relationship. The bank started sending her statements with her new name to the ex-partner. The Banking Ombudsman recommended the bank pay for the costs of the installation, maintenance and monitoring of a security alarm at her new address for three years, the costs of installation of security lighting and a fence for the woman’s property, which cost approximately $11,000.  The bank paid her an additional $4,000 for “inconvenience”.
  • Sent to debt collectors. Financial organisations can disclose your information to a debt collector about a debt you owe. But where it’s disputed they need to tread carefully. The Privacy Commission cites the example of the Taylor v Orcon case. In this case telecommunications company Orcon failed to take reasonable steps to check the information and simply sent Mr Taylor’s bill to a debt collector despite the fact he had disputed it.  In that case the commission found Orcon was in breach of Principle 8 of the Privacy Act information.   Orcon’s actions resulted in Mr Taylor being declined credit and refused a tenancy.
  • Blamed for her husband’s fraud. Mrs G complained to the IFSO because her name had been included in an alert on the Insurance Claims Register as a result of her husband’s fraud. She said it was unfair to have her name associated with the alert on the ICR, because she had nothing to do with the claim. Because it was a jointly held policy the alert could not be removed. “The policy stated that joint policyholders are deemed to act with the expressed authority of each other,” the Ombudsman noted.

It’s easy in the digital age to give too much information away voluntarily on social media as well. So guard your financial privacy well.

Credit Simple

This is where the author bios usually go, but Credit Simple is not an actual human being, so we can't write a bio for him/her. However, if Credit Simple were a human being, we'd like to think we'd be Dai Henwood. Dreams are free.

All stories by: Credit Simple