children’s action plan directorate · document control purposes of this document to identify and...
TRANSCRIPT
He Taonga Te Tamariki
Children’s Action Plan
Directorate
Privacy Impact Assessment
October 2015
Privacy Impact Assessment
Document Control
Purposes of this document To identify and discuss the privacy issues associated with
sharing information in the Vulnerable Kids Information System
(ViKI) which contributes to the Children’s Action Plan
improving outcomes for vulnerable children and their families.
Privacy Impact Assessment
Version V 1.0 – March 2014
V 2.0 – 26 May 2015
V 3.0 – October 2015
Description This document details the Privacy Impact Assessment of the
information sharing provisions for implementation of the
Vulnerable Kids Information System (ViKI) for the Children’s
Action Plan.
Issued by The National Children’s Director.
Contact details [email protected]
3
TABLE OF CONTENTS
Structure of the Privacy Impact Assessment 5
Glossary of terms used in this Privacy Impact Assessment 6
1 INTRODUCTION AND OVERVIEW 7
Purpose and scope 7
The Children’s Action Plan 7
The importance of cross agency information exchange 8
Preparation of the Privacy Impact Assessment 8
Privacy methodology 9
2 BACKGROUND AND CONTEXT 15
The Children’s Action Plan 15
Why agencies need to share information about vulnerable children 16
Children’s Teams 16
Current information sharing arrangements for Children’s Teams 17
The Legal Context for the CAP 17
Legislative principles relating to the welfare and interests of children 17
Legislative provisions for information sharing about vulnerable children 18
3 THE PROPOSED INFORMATION COLLECTION AND HANDLING ARRANGEMENTS FOR THE
VULNERABLE KIDS INFORMATION SYSTEM 23
Overview 23
Purposes of information sharing in ViKI 24
Proposed information sharing 25
The Hub 25
Sharing information to refer and assess the needs of children identified as at risk of abuse and
neglect 26
The Vulnerable Kids Information System (ViKI) 27
4 THE PROPOSAL 28
Overview 28
Options for information sharing and their effectiveness 28
Seeking an authorisation 29
Resolving information-sharing barriers 29
5 PRIVACY ANALYSIS AND RISK ASSESSMENT 30
Overview 30
Section 1 - Analysis of the proposals against the Information Privacy Principles 30
Section 2 - Risks and Mitigations 34
Governance risks 35
Handling practices 37
4
Security risks 40
General security recommendations 41
6 CONCLUSION 42
APPENDIX 1 43
APPENDIX 2 46
APPENDIX 3 48
APPENDIX 4 49
APPENDIX 5 52
5
Structure of the Privacy Impact Assessment
Part 1 of this Privacy Impact Assessment (PIA) describes the scope and purpose of the assessment.
In Table 1 it summarises the privacy issues associated with the known and expected arrangements
for collecting and handling information in the Vulnerable Kids Information System.
Part 2 describes the background and context for the proposed information sharing in the Vulnerable
Kids Information System. The proposed arrangements for the collection and handling of information
used by the Vulnerable Kids Information System; and the legal context for the operation of the
Vulnerable Kids Information System are also described.
Part 3 describes the proposed information collection and handling arrangements for the Vulnerable
Kids Information System which are the subject of this Privacy Impact Assessment.
Part 4 discusses the proposal to develop or re-use a set of guidelines to enable the provision of
vulnerable children under the Children’s Action Plan.
Part 5 comprises a high level analysis of the privacy issues associated with the information sharing
arrangements for the Vulnerable Kids Information System. It identifies the main privacy issues and
identified risks, making recommendations to address the issues identified and mitigations for these
risks.
Part 6 consists of the conclusions and recommends next steps from the Privacy Impact Assessment.
6
Glossary of terms used in this Privacy
Impact Assessment
CAP means the Children’s Action Plan.
CYF means the child protection agency - Child, Youth and Family.
The Hub means the central point of contact for receiving and processing enquiries or advice of
concerns relating to vulnerable children. The Hub will assess risk and urgency, assess child–
centric information, conduct an initial whole-of-child and family/whānau assessment of likely
needs and determine the most appropriate response pathway to address those needs
effectively.
Misuse Case Model is a method of describing a system’s behaviour when it responds to
requests from outside that business stakeholders consider undesirable
NGO means a non-governmental organisation.
NZISM is New Zealand Information Security Manual published by GCSB and is the New
Zealand Government’s manual on information assurance and information systems security.
PIA means a Privacy Impact Assessment.
Privacy by Design is an approach designed to address the ever-growing and systemic effects
of Information and Communication Technologies, and of large-scale networked data systems.
Privacy by Design advances the view that the future of privacy cannot be assured solely by
compliance with regulatory frameworks; rather, privacy assurance must ideally become an
organization’s default mode of operation.
ViKI is the Vulnerable Kids Information System, a set of proposed information technology
systems for collecting and handling information about vulnerable children for the purpose of
the Children’s Action Plan.
Vulnerable children refers to children who are at significant risk of harm to their wellbeing,
now and into the future, as a consequence of the environment in which they are being raised,
and in some cases, due to their own complex needs. Environmental factors that influence child
vulnerability include not having their basic emotional, physical, social, developmental and/or
cultural needs met at home or in their wider community. 1
1 This definition comes from the White Paper for Vulnerable Children, Volume II.
7
1 Introduction and Overview
1.1 This Privacy Impact Assessment (PIA) has been developed by the Children’s Action
Plan Directorate to examine the privacy issues associated with collecting, handling and
sharing information about vulnerable children in the Vulnerable Kids Information System
(called ViKI) for the purpose of the Children’s Action Plan (CAP).
1.2 It is the third amendment to the PIA associated with privacy impacts of CAP
information sharing arrangements. The first PIA dealt with the information sharing
arrangements for the CAP at a high level. The second PIA dealt with the privacy
impacts of the Hub.
1.3 As a result of the second PIA an Approved Information Sharing Agreement was
created: the Approved Information Sharing Agreement for Improving Public Services
for Vulnerable Children. This came into force on 3 August 2015.
Purpose and scope
1.4 The purpose of this PIA is to examine the privacy issues associated with collecting
and sharing information about vulnerable children in the information technology
system (known as ViKI, the Vulnerable Kids Information System) as part of the
Children’s Action Plan. The scope is limited to the initial implementation of ViKI to be
used for collection, storing and handling of information to support the Vulnerable
Children’s Hub and Children’s Teams.
The Children’s Action Plan
1.5 The Children’s Action Plan (the CAP) aims to reduce the incidence of child abuse and
neglect for children. To do this Children‘s Teams have been created to ensure more
efficient and better coordinated service delivery for children, their families/whānau
where complex and interrelated needs span a number of areas such as
unemployment, education, health, housing, and justice. Details of the Children’s
Action Plan can be found at: http://www.childrensactionplan.govt.nz/action-plan.
1.6 At the heart of the CAP is a new child-centred, interagency service response for
children at risk of maltreatment, who are just below the threshold for intervention by
Child, Youth and Family (CYF).
8
1.7 The key features of this new service response are:
Improving the identification of children at risk, through the proposed Hub contact
and referral process
The establishment of Children’s Teams made up of key community professionals
from across sectors. Children’s Teams are responsible for ensuring that children
at risk are identified early, have their needs assessed and receive appropriate
services
Common assessment and planning - the CAP requires whole of child
assessments (by employing a common assessment framework) of children’s
needs, which will be addressed by a single plan for the child co-ordinated by a
Lead Professional.
The importance of cross agency information exchange
1.8 A key building block of the CAP is the sharing of personal information about
vulnerable children and their families between multiple agencies (inside and outside of
government). Information sharing with and between agencies is a critical component
of the CAP because it is essential for risk identification and also for developing
comprehensive service responses to a child’s situation.
1.9 Information will be shared under the CAP for the following purposes:
To enable the identification of children at risk of abuse or neglect
To facilitate the care and protection of children who have been abused or
neglected
For assessment and referrals of vulnerable children to appropriate services; and
The on-going tracking and monitoring of outcomes for vulnerable children.
Preparation of the Privacy Impact Assessment
1.10 This PIA has been prepared to ensure that the government’s objective of reducing
harm and improving services for vulnerable children is considered in light of the
potential privacy impacts of the information sharing proposed.
1.11 This version of the Privacy Impact Assessment has been prepared by Doug Gorman,
Lead Strategic Advisor, Children’s Action Plan with assistance from Donovan
Anderson, Business Advisor, Children’s Action Plan and Craig Lowe, Senior Business
Analyst, Children’s Action Plan. The full Terms of Reference for version 1 of this PIA
is set out in Appendix 1.
9
Privacy methodology
1.12 The overall goals of the proposed privacy methodology are:
The identification of the project’s privacy impacts
Developing an appreciation of those impacts from the perspectives of all relevant
stakeholders
The identification and assessment of less privacy-invasive alternatives to the
proposed information sharing arrangements
The identification of ways in which negative impacts on privacy can be avoided
The identification of ways to lessen negative impacts on privacy
Where negative impacts on privacy are unavoidable, ensuring that justifications
are clear; and
To ensure the systematic documentation and publication of the outcomes of the
work on privacy issues associated with the CAP.
1.13 The implementation of the Children’s Action Plan is a complex project that is being
rolled out in stages. Accordingly, a cyclical approach will be taken to analysing and
addressing privacy issues, linked to the overall CAP project lifecycle.
1.14 This PIA will be updated as the CAP implementation progresses. The PIA will be used
as the basis for the preparation of any subsequent PIAs that may be required for
different aspects of the roll out.
1.15 The PIA will be published at: http://www.childrensactionplan.govt.nz/info-sharing/
1.16 The topics and issues dealt with in this PIA were sourced from:
The Privacy Impact Assessment Handbook (http://www.privacy.org.nz/news-and-
publications/guidance-notes/privacy-impact-assessment-handbook/);
The United Kingdom’s Information Commissioner’s Privacy Impact Assessment
Handbook (ico.org.uk/pia_handbookhtml_v2/files/PIAhandbookv2.pdf).
1.17 The Privacy Commissioner’s Office (OPC) was consulted on the Terms of Reference
for this PIA, and through on-going consultation on its structure and content.
1.18 The privacy issues discussed in this PIA are summarised in Table 1.
10
Table 1 – Privacy Principles, Risks, Mitigations
Principle
#
Privacy Principle Risk Mitigation
1 This principle provides that
personal information should not
be collected by an agency unless
it is collected for a lawful purpose
connected with a function or
activity of the agency and is
necessary for that purpose
Risk that information is
collected because it is
possible to do so rather
than because the
information is needed for
current business
processes
Ensure that all implementations of
ViKI are in line with the proposed
information collection and
handling purposes.
Limit collection of information to
what supports CAP functions.
Employ operational guidelines for
referral intake calls to ensure
regulation of data capture from
professionals and practitioners.
Employ operational guidelines for
Hub staff members and Children’s
Team staff to regulate data
capture into ViKI.
2 This principle requires that
personal information be collected
directly from the person
concerned unless a specified
exception applies
Risk that personal
information collected
behalf of an individual
breaches Principle 2 of
the Privacy Act
This is already an established
business model in MSD.
Ensure consent is obtained where
possible and thus rely on the
exception in Privacy Principle
2(b). However, where consent is
not possible collection relies on s
15 of the CYPF Act and/or Privacy
Principle 11(f) and for those
working in the Hub the Improving
Information Sharing Agreement
for Improving Public Services for
Vulnerable Children.
These provisions (when they
apply) allow for information to be
collected not directly from the
individual concerned.
Employ operational guidelines for
Hub staff members and Children’s
Team members about collecting
information and capturing that
information in ViKI.
11
Principle # Privacy Principle Risk Mitigation
3 This principle provides that, where
personal information is collected
from the person concerned, the
Agency must take all reasonable
steps to ensure that the person is
made aware of the
fact that information is being collected,
purposes for collection,
intended recipients, contact details of agency storing it,
the law under which it was collected,
whether supply is mandatory or voluntary,
consequences of not providing it, and
rights of access to correct it
Risk that information is
captured directly from
family/whānau members
without them being aware
of the fact the information
is being collected and the
purpose for that
collection.
Ensure that people are
appropriately notified in a relevant
manner whenever information is
collected from them personally
and stored in ViKI.
For Children’s Team members this
means developing a robust
process on capturing consent.
This will be done through the
development of documents to
help Lead Professionals when
gaining the consent of the
family/whānau. This will ensure
compliance with the obligations
imposed in Privacy Principle 3.
Privacy Principle 3 only applies
when information is collected
directly from the individual
concerned. Therefore, no
mitigations will be needed for The
Hub.
4 This principle states that personal
information shall not be collected
by unlawful, unfair unreasonably
intrusive means
If Hub staff and Children’s
Team members collecting
information are
inappropriate in their
interactions with people
when collecting
information, this creates a
risk of a complaint to the
Privacy Commissioner
about unfair treatment.
This would also be the
case if collection
processes are perceived
to be unnecessarily
intrusive.
When personal
information systems are
designed and built
without proper
consideration of statutory
obligations, responding to
legitimate requests for
access to personal
information may be
difficult, expensive or
Staff training and awareness
raising of appropriate respect for
and responses to cultural and
physical considerations when
collecting information.
ViKI is a child centred design and
meets all statutory obligations.
Requests for information will be
dealt with in line with obligations
of relevant legislation, including
the Privacy Act 1993 and Official
Information Act 1982.
12
impossible.
Principle
#
Privacy Principle Risk Mitigation
5 This principle provides that
reasonable security safeguards must
be in place to protect personal
information against loss,
unauthorised access, use,
modification or disclosure and other
misuse
Risk that ViKI is not
secure and that
personal information
will be misused
Legal advice has been provided to
the existing Children’s Teams
about the need to have secure
storage for all personal
information they hold and clear
responsibilities in relation to this
information.
Existing policies on information
security will be continually
updated.
A Code of Conduct has been
developed and is used when on-
boarding CT members. ViKI users
in Children’s Teams are also
required to sign and adhere to a
Children’s Team Confidentiality
Statement.
Security requirements in the form
of Misuse Cases have been
devised for ViKI to inform a robust
Security Design with the selected
Vendor.
6 This principle provides that, where
information is held in a way that can
be readily retrieved, the person who
is the subject of the information shall
be entitled to obtain confirmation
that the information is held, to have
access to it and to be informed that
they may request correction of it.
Since September 2010, this right
applies to all people worldwide who
have dealings with the CAP and not
merely to New Zealand citizens and
people in New Zealand
Risk that subject of the
information will not be
able to obtain
confirmation that the
information is held,
won’t be able to access
it or have it corrected
where it is
inaccurate/erroneous
Internal policies, procedures and
training on the right of access and
correction for affected parties
have been developed.
Existing practices that comply
with this principle will be updated
to accommodate the information
held in ViKI.
ViKI will have the ability to
respond to review agencies’
requests/investigations.
7 This principle provides that persons
are entitled to request correction of
personal information and to request
that a statement of correction be
attached to the information
considered erroneous. Since
September 2010, this right applies to
all people and not merely to New
Zealand citizens and people in New
Zealand
Risk that subject of the
information will not be
able to request
correction where
information is
inaccurate/erroneous
Internal policies and procedures
and training about the right of
access and correction for affected
parties.
Existing practices that comply
with this principle will need to
continue and be updated to
accommodate the ViKI roll out.
13
Principle
#
Privacy Principle Risk Mitigation
8 This principle states that personal
information shall not be used
without taking reasonable steps to
ensure that it is accurate, up to date,
complete, relevant and not
misleading
Risk that information
will not be checked and
validated prior to use
There are existing systems and
processes in place to ensure
compliance with this principle
associated with the operations of
the current Children’s Teams. In
Phase 1 of ViKI systems are in
place to ensure this principle is
adhered to for CAP data. These
will be updated after ViKI goes
live.
For ViKI, MSD systems and
processes are used for
compliance.
Processes/checks/guidelines to
ensure that information is not
associated with a person record
by mistake have been put in place
as part of the AISA.
This explicitly includes processes
for permitting comment on, and
checking, potentially prejudicial
information.
Specific processes for handling
false negatives and false positives
when matching information are
included.
9 This principle states that personal
information must not be kept for
longer than is required for the
purposes for which it may be
lawfully used
Risk that data is kept
beyond NZ Government
Archival policy rules
Systems and processes are in
place to ensure compliance with
this principle by the CAP. In ViKI
implementation, there will be
systems in place to ensure this
principle is adhered to for CAP
data. Systems and processes will
be updated to accommodate the
ViKI roll-out. ViKI will be
compliant with existing MSD
systems and processes.
MSD processes for assessing
information for disposal are used
in accordance with the Public
Records Act 2005.
14
Principle
#
Privacy Principle Risk Mitigation
10 This principle provides that
personal information collected
for one purpose may not be used
for any other purpose unless in
accordance with one of the
exemptions listed in Principle 10.
Risk that exceptions are
not understood:
2 Authorised by the
individual concerned;
or
3 Necessary to prevent
or lessen a serious
threat to public health
or safety, or the life or
health of the individual
concerned or another
individual; or
4 The disclosure is in
connection with, or
directly related to, one
of the purposes for
which it was obtained;
or 4) Necessary for a
public sector agency
to disclose the
information to uphold
or enforce the law,
protect the tax base, or
assist court or tribunal
proceedings will be
misinterpreted.
5 Risk that personal
information
collected by
professionals will
not be shared due
to uncertainty
about the use of
that information
Clear Guidelines have been
developed to guide interpretation
of the exceptions to rules 10 and
11 for Hub and Children’s Teams
staff.
Clear guidelines have been
developed to guide Hub and
Children’s Team staff on what can
be captured in ViKI.
Guidance and processes
developed by the CAP ensure
uncertainty is removed for
professionals about use of any
information they share with the
Hub.
Information shared by the Hub
with Children’s Teams or other
providers or entered in ViKI is
used for same purpose as the
disclosure to The Hub.
Access to legal advice from
Ministry of Social Development
Legal Services as mitigation.
11 This principle states that
personal information must not be
disclosed unless the disclosure
is authorised by one of the
exemptions specified.
12 This principle states that a
unique identifier must not be
assigned to a person unless it is
necessary for carrying out its
functions efficiently.
Risk unique identifiers
created for each child
referred to the Hub and
entered in ViKI will be used
for data matching by CAP
agencies.
Assignment of a unique identifier
for the purpose of the CAP will
only be undertaken because it is
necessary for the efficient
functioning of the CAP. Any
unique identifier will be used for
CAP purposes only. Data
matching, by use of unique
identifiers, will not be permitted.
Operational guidelines have been
developed to ensure compliance
with this Privacy Principle.
15
2 Background and Context
The Children’s Action Plan
2.1 A troubling number of children in New Zealand experience problems that may lead to
poor outcomes in later life (referred to in this PIA as “Vulnerable Children”).
Vulnerable children are children who are at significant risk of harm to their wellbeing,
now and into the future, as a consequence of the environment in which they are being
raised, and in some cases, due to their own complex needs. Environmental factors
that influence child vulnerability include not having their basic emotional, physical,
social, developmental and/or cultural needs met at home or in their wider community.2
2.1 A contributing factor to the poor outcomes facing vulnerable children relates to
problems with the delivery of public services to this group. Examples of problems
include:
Information not being shared between agencies, and concerns about children at
risk sometimes not being passed on. As a result children slip through the net of
protective services or receive services only when problems become severe
Children receiving multiple assessments from different agencies that duplicate
rather than complement each other
Multiple professionals having contact with a child over time but no single person
provided continuity or coordinated services for that child; and
Multiple agencies spending money on a child in an uncoordinated way rather than
the child receiving a coordinated package of support.
2.2 Responding to these problems and providing better services to these children is one
of the Government’s priorities as part of its Better Public Services initiative. In July
2011, the Government released a Green Paper for Vulnerable Children asking New
Zealanders how to better protect our children from abuse and neglect. The Green
Paper submissions formed the basis of a White Paper released in October 2012. A
major cross-government project drew from those submissions to produce the 10-year
Children’s Action Plan (CAP).
2.3 The overall purpose of the CAP is to improve social outcomes for children and their
families/whānau facing complex and interrelated problems and needs. These
problems and needs often span a number of sectors including: the social services
sector, education, employment, justice, housing, and health.
2 This definition is taken from White Paper for Vulnerable Children, Volume II, page 21.
16
Why agencies need to share information about vulnerable children
2.4 Improving information sharing is one of the critical aspects of the CAP. Information
sharing is critical for two key reasons:
It supports prevention of harm through early identification of risk; and
It offers opportunities to provide more timely and effective services.
2.5 The report of the Experts’ Forum on Child Abuse3, noted that practitioners often
have only partial information about a child’s circumstances, and this impedes
practitioners’ ability to make informed decisions about a child’s safety. Reviews of
child deaths also highlight how vulnerable children can fall though the gaps when
information about them is not shared. A 2011 inquiry into the serious abuse of a
child argued that: “the sharing of information and dialogue between the holders of
information is a critical, if not the most critical, component of multi-agency and
inter-professional liaison and cooperation”4.
Children’s Teams
2.6 Service delivery for vulnerable children under the CAP is the responsibility of
Children’s Teams. Children’s Teams are made up of local education, health,
justice and social sector professionals.
2.7 Children’s Teams ensure that:
Vulnerable children’s needs are assessed
All parties required to address those needs are consulted
A single multi-agency plan for each vulnerable child is developed,
implemented, and a lead professional is assigned to see the plan through
Local services are delivered according to the plan (through Child Action
Networks); and
Outcomes are achieved for each child.
2.8 Under CAP, Child, Youth and Family (CYF) and Police retain their current
statutory care and protection responsibilities for children and work closely with
Children’s Teams.
2.9 The Children’s Team ensure that each child under their jurisdiction has a Lead
Professional assigned to them who will be responsible for:
The assessment process and determining what services are needed for a child
Engaging children/family/whānau in the assessment and decision making
process
3 Experts’ Forum on Child Abuse, 9-10 November 2009. (2010). Retrieved from http://www.beehive.govt.nz/sites/all/files/ExpertsForumChildAbuse.pdf 4 Smith, M. (2011). Report to Hon Paula Bennett, Minister for Social Development and Employment.
Following an Inquiry into the Serious Abuse of a Nine-Year -Old Girl and Other Matters Relating to the Welfare, Safety and Protection of Children in New Zealand. Retrieved from http://www.beehive.govt.nz/sites/all/files/Smith_report.pdf
17
Ensuring the right cross agency professionals are involved in the decision-
making and planning for children
Managing and implementing the single multi-agency plan for addressing
children’s needs
Achieving good outcomes for the child and their family/whānau
On-going coordination of services to deliver on the plan; and
On-going monitoring and review of plans to ensure a good result for the child.
2.10 Drawn from local health, education, justice and social services agencies, a child’s
Lead Professional is selected based on the best fit with the child’s needs including
their cultural needs. They act as the key contact for the child and their
family/whānau and for all practitioners and services.
2.11 Under the CAP, services for vulnerable children are prioritised through joint
service design with coordinated funding and contracting approaches. The focus is
on services including mental health and addiction services for children and their
parents, intensive home visiting initiatives and other intensive parenting
programmes.
2.12 Five Children’s Teams have been established to date: Rotorua, Whangarei,
Horowhenua/Kapiti, Marlborough, Hamilton, Tairāwhiti, Eastern Bay of Plenty,
Whanganui and Canterbury. Counties Manukau will be rolled out in 2016.
Current information sharing arrangements for Children’s Teams
2.13 Interim arrangements are in place for the collection and handling of information for
Children’s Teams pending the roll out of ViKI after proof of concept is achieved
(discussed in Part 3 of this PIA.). For Hamilton and Canterbury, the only referral
pathway will be from professionals and practitioners to the Hub.
The Legal Context for the CAP
2.14 Various legislative provisions make up the current legal context for sharing
information about Vulnerable Children including provisions:
That prescribe principles relating to the welfare and interests of children; and
Provisions relevant to information sharing and privacy.
2.15 These legislative provisions and how they interact with the operation of ViKI are
laid out in Appendices 3 & 4.
Legislative principles relating to the welfare and interests of children
The Children, Young Persons and Their Families Act 1989
2.16 The Children, Young Persons and Their Families Act 1989 (CYP&F Act), and the
Care of Children’s Act 2004, include principles promoting the welfare and interests
of children. These Acts also contain principles to assist parents, families, whānau,
18
hapū, iwi and family groups in discharging their responsibilities to prevent their
children suffering harm, ill-treatment, abuse, neglect or deprivation.
2.17 The CYP&F Act 1989 requires any considerations undertaken as part of the Act to
place the welfare and interests of children as paramount (section 6). This
paramountcy principle is supported by other principles in the Act, including that:
Children and young people be protected from harm, their rights upheld and
their welfare promoted (section 13(a))
The primary role in caring for and protecting a child or young person lies with
the child’s or young person’s family, whānau, hapū, iwi and family group, and
that accordingly:
a child’s or young person’s family, whānau, hapū, iwi and family group
should be supported, assisted and protected as much as possible; and
intervention into family life should be the minimum necessary to ensure
a child’s or young person’s safety and protection (section 13(b)).
The Care of Children Act 2004
2.18 The purpose of the Care of Children Act 2004 includes promoting children’s
welfare and best interests, and facilitating their development, by helping ensure
appropriate arrangements are in place for their guardianship and care. The Care
of Children Act reflects the CYP&F Act and includes the principle that the welfare
and best interests of the child must be the first and paramount consideration.
Legislative provisions for information sharing about vulnerable children
2.19 Legal frameworks governing how practitioners and agencies can share
information about vulnerable children at risk of maltreatment are currently primarily
based on the Privacy Act 1993, the Health Information Privacy Code and the
CYP&F Act 1989.
The Privacy Act 1993
2.20 The Privacy Act 1993 protects information about individuals and applies to every
agency that deals with personal information. Twelve information privacy principles
provide the foundation that governs the protection of privacy in regard to the
collection, use, disclosure, storage and access to personal information.
2.21 Part 5 of this PIA includes an examination of the proposed information collection
and handling provisions of the CAP against these 12 principles. Three of these
principles specifically cover the sharing of information by professionals within and
across agencies:
Principle 10 states that personal information obtained in connection with one
purpose must not be used for another purpose.
Principle 11 states that personal information must not be disclosed.
19
2.22 The Privacy Act also contains exceptions to Principles 10 and 11, which allow
information use and sharing in some circumstances. The exceptions most relevant
to the CAP are those that allow sharing where it is:
Authorised by the individual concerned; or
Necessary to prevent or lessen a serious threat to public health or safety, or
the life or health of the individual concerned or another individual; or
The disclosure is in connection with, or directly related to, one of the
purposes for which it was obtained; or
Necessary for a public sector agency to disclose the information to uphold or
enforce the law, protect the tax base, or assist court or tribunal proceedings.
2.23 Currently the Children’s Teams are sharing information relying on exceptions to
Principles 10 and 11 discussed in paragraph 2.29.
The Children, Young Persons and Their Families Act 1989
2.24 The CYP&F Act also allows information sharing (note these provisions override
the Privacy Act’s requirements):
Where any person who believes that any child or young person has been, or is likely
to be, harmed (whether physically, emotionally, or sexually), ill-treated, abused,
neglected, or deprived he or she may report the matter to a social worker or a
constable (s15).
Where any person or organisation who discloses information relevant to whether a
child or young person has been, or is likely to be, harmed, ill-treated, abused,
neglected, or deprived is protected against civil, criminal, or disciplinary proceedings,
unless the disclosure is made in bad faith (s16).
Where an investigation takes place, government organisations (and other statutory
bodies) are obliged to supply information relating to any child or young person to
determine if that child or young person is in need of care or protection (or for the
purposes of any proceedings under the Care and Protection Part of the Act) (s66).5
The Health Act 1956
2.25 Sections 22C(2)(c) and (f) of the Health Act 1956 permit any person holding health
information to make it available to a social worker or care and protection co-
ordinator or a police officer if they require it for performing their powers, duties or
functions under the CYP&F Act.
The Health Information Privacy Code 1994
2.26 The Code applies specific rules for health information collected, used, held and
disclosed by health agencies. With respect to health information, the Code acts
as a substitute for the privacy principles set out in the Privacy Act. The key
provisions in the Code concerning information sharing are Rules 10 and 11.
5 This does not apply if the child is in need of care and protection on the grounds in section 14(1)(e) which concerns child offending.
20
2.27 Rule 10 has similar coverage to principle 10 of the Privacy Act, i.e. it prohibits
health information collected for one purpose to be used for any other purposes
(subject to a number of exceptions).
2.28 Rule 11 is similar in application to principle 11 of the Privacy Act and places limits
on the disclosure of information subject to certain exemptions. Relevant
exemptions for the information sharing proposals in the CAP are in the
circumstances where:
A person consents to disclosure (rule 11(1)(b));
Disclosure is necessary to avoid prejudice to the maintenance of the law by
any public sector agency, including the prevention, detection, investigation,
prosecution, and punishment of offences (rule 11(2)(i)(i)); or
Disclosure is necessary to prevent or lessen a serious threat to public health
or public safety or the life or health of an individual (11(2)(d)).
2.29 In addition to the provisions of the Health Information Privacy Code, decisions by
health agencies to release information are also affected by ethical codes that bind
particular health professional groups, and also by professional obligations relating
to confidentiality. These obligations may impose stricter limits on disclosure than
those in Rule 11.
Vulnerable Children Act 2014
2.30 The Vulnerable Children Act forms part of a series of measures to protect and
improve the wellbeing of vulnerable children. These reforms were proposed in the
White Paper for Vulnerable Children (the White Paper) and the Children’s Action
Plan released in October 2012. The changes also support the Government’s
Better Public Services programme in the key result area of reducing the number of
assaults on children.
2.31 The objectives of this Act are to:
Reinforce the need for shared responsibility, and co-ordinated and
collaborative action across the government social services sector to better
protect vulnerable children; and
Help ensure children are safe with those that work with them; and
Minimise the risk of future harm posed by those who have abused children in
the past, including ensuring the safety of children of adults who have
previously had a child or young person permanently removed from their care
due to abuse or neglect or where the adult has been convicted of the murder,
manslaughter, or infanticide of a child or young person in his or her care; and
Enhance the response to children who have already been abused or
neglected to increase their chances of better long-term outcomes.
21
2.32 Key changes in the Act relevant to the information sharing provision in CAP
include the following:
Requiring prescribed Chief Executives to work together to produce and report
progress on implementing a cross-sector agency plan (the vulnerable
children’s plan), which sets out how agencies will collectively achieve the
Government’s priorities for vulnerable children
Requiring prescribed State services to have policies in place containing
provisions on the identification and reporting of child abuse and neglect, and to
ensure that their funded and contracted services also have such policies in
place
New standard safety checks for employees in the government and
government-funded children’s workforce, and a restriction on the employment
of persons with disqualifying convictions; and
Placing an onus on a parent of a subsequent child to demonstrate he or she is
safe to parent, if a child or young person in the parent’s care was permanently
removed due to abuse or neglect or the parent has been convicted of the
murder, manslaughter, or infanticide of a child or young person in the parent’s
care.
Information Sharing Agreement for Improving Public Services for Vulnerable Children 2015
2.33 The following parties have agreed to and signed the AISA:
The Ministry of Social Development
The Ministry of Health
The Ministry of Justice
The New Zealand Police
The Ministry of Education
The Children’s Action Plan Directorate
2.34 The AISA authorizes the sharing of personal information to and from The Hub for the
following purposes:
Identifying vulnerable children and their families
Conducting an initial assessment of the likely needs of vulnerable children and
their families
Determining appropriate referrals to address the needs of vulnerable children and
their families
Monitoring outcomes for vulnerable children and their families, including the
sharing of information for the purpose of professional supervision of service
providers.
2.35 The parties may share the following personal information to achieve one of the
purposes of the AISA:
22
The name and address of a child, and the names and address or addresses of the
child’s parents and caregivers
A child’s date of birth
A notification or an alert from a health practitioner that a child or the child’s family
is at risk
Any history of harm to a child or history of harm to a child in the child’s family
Information about a child’s physical or mental health, which may indicate that the
child has been abused or neglected or is at risk of abuse or neglect
Information about a child’s current and previous well-being, including financial
circumstances, or issues of concern about the child’s well-being, including
financial circumstances
Information about a child’s psychological or emotional difficulties
Information about the capacities and strengths of a child and the child’s family
Issues of concern that have been raised with respect to a child’s education,
including any special education needs
Information that indicates that a child has a record of substance abuse problem or
history of violence
Information about whether a parent or caregiver or a child has a mental illness
Information about a person who may pose a risk to a child and information about
that risk
An assessment of a child for the purposes of the Children, Young Persons and
Their Families Act 1989.
23
3 The Proposed Information Collection and
Handling Arrangements for the Vulnerable
Kids Information System
Overview
3.1 This section outlines the proposed data collection and handling arrangements for the
Vulnerable Kids Information System (ViKI). It describes:
3.1.1 The information management system that will be used by the CAP- referred to
as the ViKI – an information technology system
3.1.2 The purposes for which information may need to be collected, retrieved and
shared about vulnerable children so that triage, referral and case management
decisions can be made
3.1.3 The type of information that may be shared from ViKI
3.1.4 The agencies and professionals who may need to share information gathered.
3.2 The proposed data collection and handling arrangements, and information flows are
shown in the diagram in Appendix 3.
3.3 The information sharing components of the Children’s Action Plan support five broad
purposes:
3.3.1 Identification of the needs of children at risk of abuse and neglect. To identify
children at risk, professionals need to be able to share information about
concerns they have regarding the safety and wellbeing of a child. This is of
particular relevance to the ability of professionals to assess overall risk, and to
decide whether or not these concerns are serious enough to warrant
notification to CYF or referral to a Children’s Team or other services.
3.3.2 Care and protection of children who have been abused and neglected.
Professionals need to share information about the safety, needs, and strengths
of children who have been abused or neglected (children in need of care and
protection will be referred to CYF).
3.3.3 Referral and assessment of vulnerable children. Professionals share
information about children deemed to be at risk of maltreatment (but who do
not meet the threshold for referral to CYF) in order to refer them to a Children’s
Team. Members of the Children’s Team conduct a “whole of child assessment”
to gather information about the child’s needs, safety and strengths, their
current involvement with services, as well as any members of their families or
whānau that might have an impact on their wellbeing.
24
3.3.4 On-going tracking and monitoring of outcomes for vulnerable children.
Professionals share information about the needs, safety and strengths of
children at risk of maltreatment, in order to establish the services that need to
be provided as part of interagency plans to address the child’s needs, and to
monitor the effectiveness of services provided.
Purposes of information sharing in ViKI
3.4 Information gathered and entered into ViKI underpins the Children’s Teams service
response.
3.5 Links exist between the statutory child protection services and the services provided by
Children’s Teams. Any information gathered by the Hub or Children’s Teams may lead
to statutory intervention if the threat to a child is immediately serious. Further work by
the Children’s Team or their partner NGOs delivering services may identify a threat to a
child. The identification of an immediate threat will always result in referral to CYF.
3.6 While there are particular purposes for information sharing, the process of assessment
relies on building up further detail about the circumstances of the child and their
family/whānau. The same information will be used for different purposes at different
points in the process of working with a child. For example, a professional’s concern
about a child may be combined with previously reported information about other risk
factors, to identify whether a child is at risk of abuse and neglect. Information may be
combined with other information about a child’s risks, needs and strengths as the basis
for assessment. This allows a Children’s Team to form the basis for interagency plans
for service provision. Information may also be added to the system as a result of
reviews and monitoring of the outcomes for the child.
3.7 The Tuituia framework underpins the case management information gathered from
contact with the family/whānau through to exit from a Children’s Team. Tuituia is used
to bring together a whole of child assessment to establish a shared (child,
parent/family/whānau and practitioners) understanding of:
3.7.1 The holistic needs of the child
3.7.2 The parents/caregiver’s capacity to respond appropriately to the child’s needs,
and
3.7.3 The impact of wider family/whānau and community factors on both parenting
capacity and needs of the child.
3.8 The assessment is used to inform the aims of the child and their family/whānau so that a
Child’s Plan to achieve these can be developed.
3.9 At agreed intervals, the Tuituia assessment is reviewed along with the progress of the
family/whānau against the goals in their plan. When a review or re-assessment indicates
that the child and their family/whānau are ready to exit the Children’s Team, this
decision is presented to the Panel for approval.
25
Proposed information sharing
Identifying children at risk of abuse and neglect
3.10 A number of the Children’s Action Plan’s components focus on systems to help
identify children at risk of abuse. These processes are mapped on Appendix 3 and
cover the end to end process from initial contact (A-identify needs), determine
response (B-determine and refer to appropriate response pathway) and Children’s
Teams response or universal service or other response (C-respond to needs).
The Hub
3.11 The Hub is being initially staffed by CYF Contact Centre Social Workers using a mix
of telephone and information technology to receive calls, and electronic
correspondence about vulnerable children. Notifications come from professionals and
practitioners initially for the Hamilton site. Professionals and practitioners referring
children to the Hub will be asked to complete a Hub Referral Form (see A2.1-
Appendix 3).
3.12 The Hub Referral Form records whether consent has been obtained from the
family/whānau or child to the referral to the Hub. Information received from a referrer
will be entered in ViKI if a record does not already exist (see B1 and G1 - Appendix
3). This record captures the contact details of the referrer, the referral form, and any
information the referrer decides to share with the Hub.
3.13 Depending on the presenting issues and needs, the Hub will refer a child down
different pathways. Concerns about immediate safety will be notified to CYF (see B2 –
Appendix 3). This information will be recorded in ViKI. Vulnerable children at risk of
maltreatment who do not meet the threshold for entry to CYF but who demonstrate a
need for a multi-disciplinary approach will be referred to the Children’s Teams (see
B3.1-3.5 - Appendix 3). The decision made as a result of a referral to the Hamilton
Children’s Team will be recorded in ViKI.
3.14 Notifications to the Hub will be assessed by a Senior Social Worker drawing on any:
3.14.1 Information provided by the professional or practitioner making the initial
contact and referral (see B1.1 – Appendix 3)
3.14.2 Information already held about the child in question in ViKI (see B3.2 –
Appendix 3)
3.14.3 Pre-existing data about the child and adults held by CYF, Work & Income,
ACC, Corrections and available from MSD systems. (see B1.1 – Appendix 3)
3.14.4 Hub Social Workers may decide they need more information. At this time they
may contact the agencies which are parties to the Authorised Information
Sharing Agreement (ASIA) for Improving Public Services for Vulnerable
Children (see: http://childrensactionplan.govt.nz/info-sharing/) to seek the
types of personal information allowed under that AISA
26
3.15 Families/whānau who need more information and advice will be referred to community
providers via the referring professional for early family support. This support could be
through universal services or to information lines (for example Healthline). This decision
will be recorded in ViKI (see B6.1 Appendix 3).
Sharing information to refer and assess the needs of children identified as at risk of
abuse and neglect
3.16 Children who meet the threshold for the CAP service response (but who are not in
need of care or protection), will be referred by the Hub to Children’s Teams for
assessment (see B3.5 - B4.1 – Appendix 3). Where children do not meet the initial
threshold for a Children’s Team they will be referred to a range of services including
universal services.
In Hamilton the process followed by the Children’s Action Plan is that Children’s
Teams oversee a systematic, interagency practice response to vulnerable
children, covering assessment, planning and implementation and review across
all areas
Engagement with the Hamilton’s Children Team will continue (as is the case with
other Children’s Teams) to be based on obtaining consent from the
family/whānau to access services.
What information needs to be shared to meet this purpose?
3.17 To enable a child to be referred, information which has been stored in ViKI will be
shared between the Hub and the Children’s Team or the service the child and their
family/whānau is being referred to (see B 4 and B4.1 – Appendix 3). At the very least,
basic identifying details about the child and their family/whānau will be shared,
depending on what has been gathered by the Hub and entered in ViKI during their
high-level triage process. Information about risks and protective factors (used in
Tuituia) will also be shared for triage activity and service allocation. Information that
may protect an individual dealing with the family/whānau may also be shared.
Where or who is information coming from?
3.18 At The Hub stage, information will initially be manually obtained from the systems of
the Ministry of Social Development and the referrer. This information will be
manually entered into ViKI. Further information may be retrieved from information
systems held by the Ministry of Health, the Ministry of Education, the Ministry of
Justice and New Zealand Police. This information may be used to supplement the
initial assessment before triage decisions are taken.
3.19 Once a family/whānau has been accepted into a Children’s Team information will be
captured in ViKI from the agencies that the family/whānau agree to work with. This
includes: government agencies, District Health Boards and non-government
organisations.
27
The Vulnerable Kids Information System (ViKI)
3.20 The CAP will operate an information management system known as ViKI. ViKI will
support the Hub and Children’s Teams and will provide software that will:
3.20.1 Capture information from professionals and practitioners related to contacts
to the Hub about concerns related to child vulnerability
3.20.2 Assist professionals working in the Hub and in Children’s Teams in making
the right decisions
3.20.3 Facilitate referral of children to the statutory services where needed
3.20.4 Assist in the process of referral of children to the Children’s Teams or other
services
3.20.5 Provide appropriate security access levels for ViKI users (a role based
system)
3.20.6 Manage the flow of information into the Children’s Teams
3.20.7 Case manage the plan for children within the Children’s Teams
3.20.8 Monitor outcomes of interventions within the plan
3.20.9 Provide information, reports, and feedback to interested (and authorised)
parties.
3.21 The processes for retrieving, entering and recording information by the Hamilton
Children’s Team during their work with a child and family/whānau in ViKI is laid out in
Panel C – Respond to Needs in Appendix 3. It is not possible to identify the number
of times that ViKI will be accessed as information will be retrieved and individual
records will added to the case notes during this phase (C1 - Receive & Review Hub
Referral through to C5 - Close Case). This is because each child’s case is different
and the number of professionals who will work with a child and their family/whānau
will differ each time. Once a case is evaluated and a decision is taken to close the
case the information will be securely held in VIKI until it is archived. Any case details
held will be retained and archived in line with the Public Records Act.
28
4 The Proposal
Overview
4.1 Government agencies, NGOs and others operating in the social services sector have
identified ineffective ‘information-sharing’ as a significant barrier to good service delivery
and better outcomes for New Zealanders6. Where agencies do not communicate all
necessary information about a child and their family/whānau between themselves, this
can lead to adverse outcomes for vulnerable children including:
Issues of safety and risk; and
The effectiveness of services being compromised.
Options for information sharing and their effectiveness
4.2 There are two main mechanisms currently used for sharing information about
vulnerable children:
4.2.1 Sharing information in accordance with the provisions of Privacy Act (including
Approved Information Sharing Agreements) and the Health Information Privacy
Code
4.2.2 Using explicit statutory authorisations, which allow information sharing in
circumstances where children are at risk (for example under the CYF Act).
The Privacy Act 1993
4.3 The Privacy Act 1993 provides strong protection against unauthorised sharing of an
individual’s personal information while also working well to allow information to be
disclosed in critical health and safety situations. The exceptions in the Act, and the
various overrides in other Acts, provide considerable scope to share information in a
variety of situations to facilitate information sharing for the purpose of the CAP.
4.4 The Privacy Act allows disclosure of information to prevent or lessen a serious threat to
the life or health of an individual. Disclosure by agencies or professionals referring to
the Hub is covered by the exemptions under Principle 11(f) of the Privacy Act.
4.5 However in the case of Children’s Teams Privacy Act provisions permit information
sharing in Children’s Teams:
4.5.1 Agencies within the Children’s Team are authorised to share information with
each other where they collect information for children’s well-being or a related
purpose (Principle 11(a), Privacy Act 1993)
4.5.2 Once families have engaged with the Children’s Team, information sharing is
authorised by informed consent where possible (Principle 11(d), Privacy Act
1993).
6 Professor Miriam Lips, Dr Rose O’Neil
and Elizabeth Eppel, Emerging Issues Programme Research
Project Report - ‘Improving Information Sharing for Effective Social Outcomes (Victoria University of Wellington December 2009).
29
The Children, Young Persons and Their Families (CYP&F) Act 1989
4.6 Disclosure by agencies referring to the Hub is also covered by section 15 of the
Children, Young Persons and Their Families (CYP&F) Act 1989. The CYP&F Act also
allows information sharing for specific care and protection activities (note these
provisions override the Privacy Act’s requirements):
4.6.1 Where any person who believes that any child or young person has been, or is
likely to be, harmed (whether physically, emotionally, or sexually), ill-treated,
abused, neglected, or deprived may report the matter to a social worker or a
constable (s15)
4.6.2 Where any person or organisation who discloses information relevant to whether
a child or young person has been, or is likely to be, harmed, ill-treated, abused,
neglected, or deprived is protected against civil, criminal, or disciplinary
proceedings, unless the disclosure is made in bad faith (s16).
Seeking an authorisation
4.7 The most commonly used Privacy Act mechanism for information sharing is to seek an
authorisation (consent) for information sharing from the party whose information you need to
share. This mechanism underpins the existing Children’s Teams operating under the CAP and
the Children’s Teams.
Resolving information-sharing barriers
4.8 To address information sharing barriers operational guidelines for permitted data
sharing have been developed for Hub workers detailing information sharing between
agencies under the AISA. These guidelines will be used in conjunction with the
Operational Guide on Information Sharing for Children’s Teams, revised Information
Sharing Guidelines and consent processes for Children’s Teams. These guidelines lay
out the processes to be followed where a Children’s Team has access to the services of
the Hub, and when they do not have access to the Hub.
30
5 Privacy Analysis and Risk Assessment
Overview
5.1 Part 5 of the PIA is in two sections. Section 1 is a privacy assessment against the twelve information privacy principles around the use of ViKI in The Hub and Children’s Teams. Section 2 is a discussion of privacy risks and mitigations.
Section 1 - Analysis of the proposals against the Information Privacy Principles
5.2 The Privacy Act 1993 aims to promote and protect individual privacy, using twelve principles related to personal information. This Part of the PIA describes the privacy issues associated with using personal information in the CAP, working through the Principles in turn.
Principle 1 – Purpose of collection of personal information
5.3 This principle provides that personal information should not be collected by an agency unless it is collected for a lawful purpose connected with a function or activity of the agency and is necessary for that purpose.
5.4 Hub staff will capture data in ViKI that is necessary for the purposes of identifying vulnerable children, conducting an initial assessment of the needs of vulnerable children and or determining appropriate referrals to address the needs of vulnerable children. Hub staff will capture information in ViKI that is prescribed by the AISA as well as other legislative provisions (e.g. s 15 CYPF Act and the Privacy Act 1993).
5.5 Children’s Team staff will capture data in ViKI for Children’s Teams purposes. Children’s Teams will rely on principles of the Privacy Act (Privacy Principle 11(a), (d) and (f)) when capturing further information in ViKI.
5.6 Possible risks (and mitigations) associated with information collection are discussed in section 2 of this Part.
Principle 2 – Source of personal information
5.7 This principle requires that personal information be collected directly from the person concerned unless a specified exception applies.
5.8 A significant amount of data Information will not be collected directly from affected individuals, coming from information collected by a number of government agencies. Information entered into ViKI will be a mixture of material gathered under the exemption provided by the AISA and consent obtained from the individual or family/whānau who the referring professional or Children’s Team is working with. Information will also be entered into ViKI from referrers who do not have consent and will be relying on Privacy Principle 11(f) or s 15 of the CYPF Act (or possibly another exception in the Privacy Act).
5.9 Some of the sources of proposed collection come with exceptions to Principle 2, specifically:
5.9.1 Where the individual concerned has authorised the collection
5.9.2 Where non-compliance is necessary to avoid prejudice to the maintenance of the law
31
5.9.3 Where non-compliance is not reasonably practicable in the circumstances of a particular case
5.9.4 Where information will be used in a form where an individual is not identified and will not be published in a form where the individual will be identified.
5.10 Risks associated with the operation of this principle are discussed in Part 2.
Principle 3 – Collection of information from subject
5.11 This principle provides that, where personal information is collected from the person concerned, it must ensure that the person is made aware of:
5.11.1 The fact that information is being collected
5.11.2 The purposes for collection
5.11.3 The intended recipients
5.11.4 The contact details of the agency collecting the information and the agency that will store it
5.11.5 The law under which the information is collected (if any)
5.11.6 Whether the supply is voluntary or mandatory
5.11.7 The consequences for not providing the requested information; and
5.11.8 Rights of access and correction to the information.
5.12 Children’s Teams engagement with families is through the provision of information on consent forms. Consent forms allow families to engage with the Children’s Team and rule in or out agencies that they want accessing their data. This practice remains a basis for the operation of the Children’s Teams and the Hamilton Children’s Team.
5.13 A significant amount of data Information will not be collected directly from affected individuals, but will be collected by a number of government agencies. Information entered into ViKI will be a mixture of material gathered under the exemption provided by the AISA and consent obtained from the individual or family/whānau who the Children’s Team is working with. Information will also be entered into ViKI from referrers who do not have consent and will be relying on Privacy Principle 11(f) or s 15 of the CYPF Act.
5.14 This information will be used by the Hub for determining whether a contact should be referred to a Children’s Team or other service. Information is also collected directly from affected parties by a referrer to the Hub and entered in ViKI. Once the Hub makes a referral the information is being used consistent with the purpose for which it was gathered-to provide services to vulnerable children.
5.15 Consent forms at original point of collection will only allow partial compliance with the principle. A process for making the required information available through a variety of communication media should be put in place. Information could be published on the Children’s Action Plan website relating to the collection and handing of information for the purpose of the CAP.
5.16 The risks associated with this issue are discussed in section 2.
32
Principle 4 – Manner of collection of personal information
5.17 This principle states that personal information shall not be collected by unlawful, unfair or unreasonably intrusive means.
5.18 Guidelines are in place at the Hub to ensure compliance with this principle. These practices accommodate the full scope of collection of any personal information by the Hub. Any government information used by the Hub and entered into ViKI has been obtained through use of the AISA, s 11(f) of the Privacy Act or s15 of the CYPF Act.
5.19 The risks associated with this issue are discussed in Part 2.
Principle 5 – Storage and security of personal information
5.20 This principle provides that reasonable security safeguards must be in place to protect personal information against loss, unauthorised access, use, modification or disclosure and other misuse.
5.21 ViKI will comply with and operate under MSD Information Management practices. All personal information held in ViKI is subject to clear responsibilities and procedures about security, access, use, modification or disclosure.
5.22 A security and privacy assessment will be undertaken on ViKI prior to implementation. Privacy by Design has been used as a prime building block for ViKI. The security settings for ViKI meet those required by the GCIO, and the Ministry of Social Development.
5.23 Prior to implementation a complete MSD Certification and Accreditation (C&A) process will be undertaken to assess security risks, identify controls, ensure the controls are effective and for the Business Owner to ensure they are accepting any remaining residual security risks.
5.24 Existing CAP policies on information security have updated and training to ensure compliance with this principle will continue. A Code of Conduct is required for all persons with access to CAP data. This requires care and protection of personal and confidential information to stop unauthorised access. Employees and contractors or government agencies are subject to these obligations already. It is possible that not all NGO employees would have such an obligation in place. This requirement could be dealt with as a term of the contract with a NGO with access to CAP data.
5.25 These issues are discussed further in Part 2.
Principle 6 – Access to personal information
5.26 This principle provides that, where information is held in a way that can be readily retrieved, the person who is the subject of the information shall be entitled to obtain confirmation that the information is held, to have access to it and to be informed that they may request correction of it. Since September 2010, this right applies to all people worldwide who have dealings with the CAP and not merely to New Zealand citizens and people in New Zealand.
5.27 These requirements will need to be met through internal policies and procedures and training about the right of access and correction for affected parties. Existing practices complying with this principle will be updated.
5.28 There are some procedural risks associated with this principle, discussed in section 2.
33
Principle 7 – Correction of personal information
5.29 This principle provides that persons are entitled to request correction of personal information and to request that a statement of correction be attached to the information considered erroneous. Since September 2010, this right applies to all people and not merely to New Zealand citizens and people in New Zealand.
5.30 Existing policies and procedures are in place to support the rights of access to, and correction of, personal information held by the current Children’s Teams. Existing practices and procedures comply with this principle and will be continued and updated as needed.
5.31 There are some procedural risks associated with this principle discussed in section 2.
Principle 8 – Accuracy etc. of personal information to be checked before use
5.32 This principle states that personal information shall not be used without taking reasonable steps to ensure that it is accurate, up to date, complete, relevant and not misleading.
5.33 Processes are in place in the current Children’s Teams to ensure compliance with this principle. In Phase 1 of ViKI implementation, operational guidelines are in place to ensure this principle is adhered to for CAP data. For the Hub, guidelines and processes will ensure compliance before information is entered into ViKI or shared with Children’s Teams.
5.34 Risks associated with this principle are considered in section 2.
Principle 9 – Not to keep personal information for longer than necessary
5.35 This principle states that personal information must not be kept for longer than is required for the purposes for which it may be lawfully used.
5.36 There are existing processes dealing with the issue of information retention by the current Children’s Teams. In Phase 1 of ViKI implementation, MSD operational guidelines and procedures are in place. These will ensure this principle is adhered to for CAP data. For the Hub, CAP processes determined by the AISA will ensure compliance.
5.37 Retention is also discussed in section 2.
Principle 10 – Limits on use of personal information
5.38 This principle provides that personal information collected for one purpose may not be used for any other purpose unless in accordance with one of the exemptions listed in Principle 10.
5.39 Principle 10 is inextricably linked with Principles 1 and 3 - information collected must be necessary for lawful functions or activities and people must be aware of those purposes.
5.40 Children’s Teams use consent to comply with the requirements of Principle 10. They explicitly seek authorisation for information collected to be used for specified purposes.
5.41 For the Hub, there is an intersection between:
5.41.1 Consent obtained where possible before contact by a referrer to the Hub;
5.41.2 s15 of the CYPF Act; and
34
5.41.3 the exemption provisions existing under Principle 11 (f) – to lessen or prevent a serious threat.
5.42 Depending on the circumstance any of these three legal underpinnings may be used. These aspects are discussed further in the section on Principle 11 below. The application of Principle 10 is also considered in section 2.
Principle 11 – Limits on disclosure of personal information
5.43 This principle states that personal information must not be disclosed unless the disclosure is authorised by one of the exemptions specified.
5.44 Principle 11 is also closely linked with Principle 3 in terms of advising people of the purpose of collection and, specifically, intended recipients.
5.45 In Hamilton disclosure of information to the Hub will be covered by: consent; s15 of the CYPF Act; or will rely on the authority of Principle 11(f), that disclosure is necessary to prevent or lessen a serious threat to the health of a child.
5.46 From the Hub, personal information will be disclosed to the Children’s Team or a range of other services providers, including Child, Youth and Family. This is consistent with the purpose for which it was gathered-delivering public services for vulnerable children by the referring professional or practitioner. The Approved Information Sharing Agreement for Improving Public Services for Vulnerable Children allows for disclosure of information gathered for another purpose in the Hub for those signatory Agencies.
5.47 Information under these provisions is entered into ViKI and shared with the Children’s Teams and other service providers, consistent with the purpose for which it was gathered by the Hub.
5.48 Disclosure is discussed in section 2.
Principle 12 – Unique identifiers
5.49 This principle states that a unique identifier must not be assigned to a person unless it is necessary for carrying out its functions efficiently.
5.50 Unique identifiers will be allocated in ViKI to people who the CAP works with. This use accords with Principle 12 and allows for the Hub, the Children’s Teams and the service providers working with children and their families to carry out their functions efficiently.
Section 2 - Risks and Mitigations
5.51 This section summarises the risks and proposed mitigations about the proposed operation of the Hub and Children’s Teams using information from the Hub.
5.52 The risks involved can be broken down into:
5.52.1 Governance
5.52.2 Handling practices
5.52.3 Security.
5.53 Specific risks follow with their accompanying mitigations.
35
Governance risks
5.54 The CAP complies with MSD policies and procedures and has developed privacy policy and procedure to guide the Hub and Children’s Teams entering information into ViKI.
Risk 1 - There is no pre-existing integrated strategy for personal information collection for the
CAP.
Recommended mitigation:
5.55 Regularly review the Information Sharing Guidelines – Privacy Management by Children’s Teams to ensure all aspects of the CAP project life cycle and Information Privacy Principles are covered.
Risk 2 - Unnecessary expense incurred because systems are not designed with privacy
considerations from the beginning.
5.56 Systems designed without consideration of privacy mean there is a risk of ongoing and unnecessary expense. These include difficulties in meeting statutory requirements to provide access to, and correction of, personal information, answering requests under the Official Information Act and Privacy Acts, providing management reports on handling of statutory requests for information and increased exposure to data breach risks.
Recommended mitigations:
5.57 Build ViKI using Privacy by Design.
5.58 Require Privacy Impact Assessments for significantly changed systems.
5.59 Design and build or reuse personal information systems so that requests for personal information can be answered quickly, completely and without undue expense.
5.60 Design and build or reuse personal information systems so that privacy request processes provide adequate management reports on the nature, frequency and resolution of issues.
Risk 3 - Authorisation to access CAP data is too widely approved.
5.61 When authorisation to access personal information is too widely approved, it increases the risk of inappropriate disclosure and use of that information. This is also a security risk for all information. This risk needs to be balanced against the need for an appropriate information sharing culture as part of more joined up service provision for vulnerable children.
Recommended mitigations:
5.62 Establish adequate controls around the granting of authorisation to access information using a security matrix. Design audit processes into all systems used to store and process information to control user accounts, access rights and security authorisation.
5.63 Base access rights to information on a “need to know basis”. Ensure that all Children’s Team staff sign and adhere to a confidentiality agreement and Code of Conduct.
Risk 4 - Inadequately managed collaboration and information sharing with other agencies
5.64 The CAP’s business process is based on agencies being able to share information. When the obligations underlying those arrangements are not adequately established, a risk exists that the CAP will not be able to fully comply with the statutory obligations
36
about the use of personal information. Those obligations go beyond mere security of the information but also include the ability to respond adequately to personal information requests and Official Information requests.
Recommended mitigation:
5.65 Include privacy considerations in collaborative undertakings with other agencies through the use of clear guidelines and sign-up procedures as part of on-boarding or off-boarding any organisations. Particular attention should be paid to measures to prevent unauthorised use or disclosure of personal information.
Risk 5 - Inadequately managed outsourcing does not adequately protect personal information
5.66 This includes service agreements, contracts and MOU’s with other government agencies acting as agents/service providers for MSD as well as contracts with the private sector. The Social Sector Board (SSB) is responsible for the actions of any agencies acting on its behalf in the collection and handling of information. Poorly drafted agreements and contracts can leave the Crown exposed to non-compliance with its statutory obligations including privacy responsibilities.
Recommended mitigations:
5.67 Include privacy considerations in any tendering processes, negotiations and contracts for outsourced collection or handling of information. NZ Information Security Manual (NZISM is GCSB’s Information Security Manual) mandatory security controls have been included in CAP ViKi RFP tender documents along with the Department of Internal Affairs Cloud Computing Questionnaire. In particular, require measures to prevent unauthorised use or disclosure of personal information.
5.68 Limit exposure of personal information to the Hub staff with appropriately cleared role-based access and appropriately cleared members of the Hamilton Children’s Team.
37
Handling practices
5.69 These risks are recognised as practical implementation issues that need to be considered in current and future information handling activities. To mitigate these risks processes need to be established to integrate data and information handling with operating procedures. Awareness raising/training is particularly important.
Risk 6 - Information unnecessarily or excessively collected and retained or collected without adequate justification (Privacy Principle 1)
5.70 Information is sometimes collected because it is possible to do so rather than the information being for current business processes. Agencies should only collect the minimum information necessary for the purpose they have for collecting the information. Similarly, there is a tendency to collect more information based on the view that it may be useful at a later date.
Recommended mitigations:
5.71 Ensure that the CAP complies with the proposed information collection and handling purposes.
5.72 Limit collection of information to what is needed to support CAP functions-in this case the information required to inform a Tuituia Assessment.
5.73 Employ scripting for a referral intake call to ensure regulation of data capture and entry into ViKI at the Hub and from professionals and practitioners in Children’s Team.
Risk 7 - Information not collected directly from the person concerned (Privacy Principle 2)
5.74 A risk exists that information may not be obtained from the person in question. For the Hub, information will be obtained from professionals and practitioners rather than first hand from the family/whānau themselves. This information will be entered into ViKI.
Recommended mitigation:
5.75 Ensure accuracy of information by reference to data sources.
5.76 Ensure where possible professionals and practitioners collecting information from the family/whānau prior to a referral are aware of data required to drive the initial assessment (quick Tuituia).
Risk 8 - Information not collected directly from the person concerned (Privacy Principle 2)
5.77 A risk exists that if any personal information is collected by professionals and practitioners before contact with the Hub it will not be shared due to uncertainty about the use of that information.
Recommended mitigation:
5.78 Clear guidelines and education with referrers about the importance gathering information and how this information will be used will be established.
5.79 The AISA in place for the Hub clarifies how the information is used by the Hub workers collecting it. The AISA has been published on the CAP website. Dissemination of the Operations Guide and CAP Information Sharing Guide with parties working with the Children’s Team will also clarify the uses of information.
38
Risk 9 - People not adequately informed about the purposes of collection of information (Privacy Principle 3)
5.80 It is a fundamental principle of fair information handling principles that people should understand why an agency is collecting their personal information and the ways the information will be used.
Recommended mitigation:
5.81 Ensure that people are notified about how their information will be used whenever information is collected from them.
5.82 Ensure that CAP policies and procedures relating to information about why the information is needed are followed when collecting information from clients.
5.83 Where clients have literacy, language or disability issues it should be explained why the information is needed.
Risk 10 - The manner in which information collected is unfair or intrusive (Privacy Principle 4)
5.84 A risk exists that a failure to gather personal information from potential clients in a respectful or unfair way could lead to a complaint being lodged with the Privacy Commissioner about unfair treatment. This could occur if professionals and practitioners collecting information both outside and within the Hub do not follow CAP guidance when working with clients. This would also be the case if collection processes are perceived to be unnecessarily intrusive.
Recommended mitigation:
5.85 Staff training should include awareness raising of appropriate and respectful responses to cultural and physical considerations when collecting information.
5.86 For the Hub, Hub staff will be collecting information directly from professionals and practitioners dealing with the family/whānau.
5.87 Where possible consent will be obtained from families for the referrer to contact the Hub in Hamilton and for their information to be shared with the Children’s Team.
Risk 11 - Inability to respond effectively to requests for personal information or to investigations by the Privacy Commissioner (and others) because of inadequate system design (Privacy Principle 6)
5.88 When personal information systems are designed and built without proper consideration of statutory obligations, responding to legitimate requests for access to personal information may be difficult, expensive or impossible.
Recommended mitigations:
5.89 Design information systems with the ability to respond to review agencies’ requests/investigations.
5.90 The Hub contact staff will record information used and decision made for all calls received in ViKI, all data is discoverable. ViKI has been designed to record decisions as part of the work flows.
Risk 12 - Information incorrectly associated with a person (Privacy Principle 8)
5.91 It is possible, particularly with information not collected directly from the person, for information to be incorrectly associated with a person.
39
Recommended mitigation:
5.92 Implement processes/checks to ensure that information is not associated with a person record by mistake. Hub Contact Centre Social Workers should use MSD data match plus human check of match to minimize identity mistakes.
5.93 Information entered about individuals as part of the case record in ViKI will be allocated unique identifiers. This will assist in verification of identity when combined with the MSD data match.
Risk 13 - Inaccurate or incorrect data is used to make a decision about a person (Privacy Principle 8)
5.94 Concern surrounds the use of automated processing and decision making as a way of abdicating responsibility for the results of the automatic processes. This is particularly sensitive when automated data matching is used and where the nature of the processing is, essentially, comprehensible only to experts.
Recommended mitigations:
5.95 Explicitly include information in the processes for permitting comment on and checking potentially prejudicial information.
5.96 Develop specific processes for handling false negatives and false positives when matching information.
5.97 Include human intervention and data integrity processes to augment automated processing.
Risk 14 - Information retained longer than necessary (Privacy Principle 9)
5.98 Information should not be retained beyond the requirement underpinning its collection and use. To do so risks unauthorised exposure of the information.
5.99 The business rules for CAP are:
• Keep records available for transactions until child turns 18
• Keep records for Official Information Act (OIA) purposes for 25 years in total at
which point the records pass to the Chief Archivist
• Data can be anonymised for research purposes (transferred to NZ Statistics
Integrated Data Infrastructure) at any point.
Recommended mitigations:
5.100 Introduce standard processes for assessing information for disposal and controls around disposal of hard copy media, sanitisation of storage media and IT equipment using NZISM approved sanitisation methods.
Risk 15 - Disclosure of information without reasonable grounds (Principle 11)
5.101 Inadequate security and other causes can result in information being disclosed without proper authority or justification.
Recommended mitigation:
5.102 Ensure staff understanding of their responsibilities through staff training, awareness
and support materials.
40
5.103 Establish and promote access protocols and preventative measures to guard against unauthorised access and subsequent unauthorised use or disclosure of information.
Security risks
5.104 The nature of information means that storage and security aspects should be a primary consideration.
Risk 16 - Loss of information
5.105 The Hub and the Hamilton Children’s Team rely heavily on collection of electronic information stored and accessed in ViKI. Security becomes more important as information becomes more portable and accessible than when kept solely in paper files. Some privacy threats applicable to electronic information include:
Physical threats from intruders trying to break into the data centre
Intentional and unintentional threats from authorised and unauthorised users
Systems administration errors
Trojans that seek to obtain and distribute PII
Loss or theft of electronic/mobile devices containing sensitive information.
Recommended mitigations:
5.106 Ensure an adequate security environment for information. Establish clear protocols for the storage and handling of information. Establish contingency plans to address any security breaches. Adopt and implement the Privacy Commissioner’s Privacy Breach Guidelines. These include:
a) Physical controls of the facility include locks, guards and surveillance cameras
which prevent entry by unauthorised entities
b) Enforced by Authorisation Manager through user on-boarding and off-boarding,
role based access control
c) System admins and database admins undergo training periodically,
Documentation is updated before all major system change events
d) Enforced by automated signature updates and regular virus scans
e) Data encryption.
5.107 Develop detailed business rules and artefacts describing the Hub security requirements.
5.108 Ensure ViKI has been built with the security of personal data of our most vulnerable in mind.
Risk 17 - Unauthorised access to information
5.109 Increased access to large amounts of information and its portability increase the risk that carelessly defined access protocols can be abused deliberately or by accident.
Recommended mitigation:
5.110 Establish and promote access protocols and preventative measures to guard against unauthorised access and subsequent unauthorised use or disclosure of information.
5.111 Develop detailed business rules and artefacts describing the Hub and ViKI security requirements.
41
5.112 ViKI should be subject to a Security Risk Assessment (SRA) and measured against the NZISM. A set of information security risks should be identified covering the solution, its users, end-user devices, service provider and third parties, CAP and integration with RealMe.
5.113 Controls should be identified for these and a Security Risk Management Plan, and a System Security Plan should be developed.
Risk 18 - Safeguards implemented ensure the security of information is not reasonable (adequate) in the circumstances
5.114 The Privacy Act 1993 requires that reasonable precautions are taken to protect personal information collected. It also requires secure disposal of personal information which is no longer required.
Recommended mitigations:
5.115 Design and document appropriate security procedures for the collection, storage, transmission and disposal of information.
5.116 Ensure that security applied to information is appropriate to the sensitivity of the
information.
General security recommendations
5.117 Adopt the principle that all security policies and processes applicable to CAP data are appropriate to the sensitivity of the data, which is categorized as “In-Confidence” or “Sensitive” – see Appendix 2 for details of classification process.
5.118 Ensure that controls on data are based on a “need to know” for access to information, physical access and transmission.
5.119 Incorporate external expert advice on security of information in the design and construction of any future information systems. Government Communications SB/NZISM, GCIO, MSD Architecture Council already consulted.
5.120 Review the existing policy regime for its adequacy with respect to information.
5.121 Review staff training and training materials for their adequacy with respect to information.
5.122 Ensure authorisation controls are adequate to protect information from unauthorised access, modification, use, disclosure and disposal.
5.123 Categorise all Personally Identifiable Information by the Personally Identifiable Information confidentiality impact level (low, moderate, or high) which indicate the potential harm to the individuals. Not all Personally Identifiable Information may have the same impact if a data breach happens.
5.124 Ensure that all access and changes to information are logged by unique user ID and date and that those logs provide an adequate audit trail.
5.125 All system owners to ensure that there is a process for individuals to correct inaccurate Personally Identifiable Information regardless of how inaccuracy occurred.
5.126 Establish/document procedures for handling of any improper collection, access, modification, use or disclosure of information.
42
5.127 System owners should have an understanding of where Personally Identifiable Information is located on their system and should be able to map the Personally Identifiable Information to specific applications, indicating that they understand exactly what mechanisms are collecting and using Personally Identifiable Information. Without this, it is going to be lot more challenging to safeguard Personally Identifiable Information.
5.128 Ensure that the control system for user accounts, access rights and security authorisations is comprehensive and adequate records are maintained of all such processes.
5.129 Implement contingency planning for information data breaches and other unauthorised information disclosures. Those plans should include notification procedures for all affected parties.
5.130 Develop an incident response plan to handle breaches involving Personally Identifiable Information. CAP should develop plans that include elements such as determining when and how individuals should be notified, how a breach should be reported, and whether to provide remedial services to affected individuals. An incident plan will need close co-ordination between Security teams and legal teams for it to work successfully.
5.131 Incorporate performance indicators for security in system maintenance plans.
6 Conclusion
6.1 This PIA examined the privacy issues associated with collecting and sharing information about vulnerable children in the information technology system (known as ViKI, the Vulnerable Kids Information System) as part of the Children’s Action Plan.
6.2 This Privacy Impact Assessment (PIA) is limited to the initial implementation of ViKI. ViKI is a case management system which will be used for collection and handling of information to support the Vulnerable Children’s Hub and the Hamilton Children’s Team. The system will be used to collect and share information about vulnerable children so that triage, and referral case management decisions can be made by the Hub Social Workers and the Hamilton Children’s Team.
43
APPENDIX 1
Terms of Reference
Privacy Impact Assessment – Information Sharing under the Children’s Action Plan
Purpose
1. The Children’s Action Plan Directorate is examining the information sharing
arrangements required under the Children’s Action Plan.
2. The overall purpose of the Children’s Action Plan is to reduce the incidence of
child abuse and neglect for children faced with complex and interrelated problems
and needs. These complex problems and needs often span a number of domains
including: the family, whanau, the social services sector, education, housing, and
health. Better results for these children are highly dependent on a trustful, open
and more integrated, child-focussed service response from a range of agencies
including government agencies and non-government agencies. This is important
to the success of the CAP especially in dealing with the complex and changing
circumstances of children and their families and care givers.
3. The provision of integrated, child-focussed services for vulnerable children relies
on improved information sharing within government and with service delivery
organisations outside of government. Information sharing can take place in a
number of different ways, with information and communication technology (ICT)
playing a major role. One of the key components of the Children’s Action Plan is
the development of a new Vulnerable Kids Information System (ViKI).
4. Information sharing needs to take place consistent with individuals’ privacy rights.
An important component of this work is a Privacy Impact Assessment (PIA) to
assess the information sharing arrangements envisaged by the Plan.
5. The PIA will follow the methodology established by New Zealand Office of the
Privacy Commissioner Privacy Impact Assessment Handbook. This will ensure
we follow a robust and acceptable process that is consistent with the Privacy Act
1993.
6. Because health information will be included we will also give due consideration to
the impact of the Health Information Privacy Code, in preparing the PIA.
44
Information sharing under the Children’s Action Plan
7. The Children’s Action Plan outlines information sharing for the following purposes:
The prevention of harm to children through the early identification of children
and families at risk
Improving service provision by facilitating the open sharing of information with
and between the child, family/whānau and front line professionals from a
range of government and non-government organisations working with
vulnerable children and their families. (Information is likely to be shared for
this purpose for needs assessment, planning for service provision, service
delivery and on-going assessment of service suitability and effectiveness.)
Improve the integration of services provided by the agencies that work with
children (government and non-government) to support the effectiveness of
public services under Result Area 4 of the Government’s Better Public
Services initiative. Supporting vulnerable children in this context requires
agencies to work together so that these children can be identified and their
needs properly assessed
Monitoring and evaluating the effectiveness of the operation of the Children’s
Action Plan (note this is likely to involve the sharing of anonymised information
for research and evaluation purposes)
8. This PIA will involve analysis and risk assessment of the proposed information
sharing contemplated by the Children’s Action Plan and the development of
recommended high level mitigations and control mechanisms.
What the PIA will cover
9. The PIA will:
Identify the existing mechanisms which are used for sharing information about
vulnerable children (and the extent to which existing mechanisms are limiting
or providing a barrier to service provision for this group)
Assess the benefits and financial costs associated with the proposed
information sharing
Be used to ensure that any conflicts with the Privacy Act and the Health
Information Privacy Code are clearly identified
Examine how any detrimental effects upon individual privacy might be
overcome
Propose mechanisms to mitigate any undesirable impacts or privacy risks
Demonstrate to stakeholders and the public that care and diligence has been
taken in considering the privacy issues associated with the project and its
impacts.
45
PIA Process
10. The PIA process is divided into five stages:
Initial Draft Preparation – complete
First Draft Review and Comment - complete
Second Draft Review and Comment – completed
Release; and
Review after development of guidelines for information sharing in the Hub,
operational information agreement for parties to share information for the
CAP.
Initial draft
11. The Children’s Action Plan Directorate will complete the initial draft of the PIA.
This will outline the information matching arrangements under the Children’s
Action Plan and will consider these against the privacy rules outlined in the
Privacy Act (and the Health Information Privacy Code). This stage focuses on
documenting the main points of impact the plan may have on privacy. Impacts will
have discussion outlined and an initial position outlined. This has been
completed.
First draft review and comment
12. Once an initial draft is prepared it will be released for review and comment to
members of the Children’s Action plan team and stakeholders in key government
agencies and with non-government providers. The focus of the first review stage is
to ensure:
all major impacts are documented; and
that any proposed mitigations are appropriate.
13. This has been completed.
Second draft
14. A second draft of the PIA updated for the Hub has been prepared taking into
account comments received on the first draft.
15. The second draft will then be distributed for comment, including CAP parties and
the Office of the Privacy Commissioner.
16. This has been completed.
Release
The final document will then be released. This will be made available as a public document.
46
APPENDIX 2 CAP IT Team met with Mr Brian James, Information Assurance Manager at NZ Police,
and ex-Information Security Manager at GCSB. Mr James is an expert on the topic of
data security classifications.
James used the Security Framework Supplement Classification Guidelines to walk the
team through a process to classify Children’s Team data, based on examples of data
provided. These guidelines are summarised in a decision tree, attached.
CAP information falls under the heading of “Policy and Privacy”, and can either be “In
Confidence” or “Sensitive”.
CAP data is not “Restricted”, hence NZ Police’s own risk assessment is not especially
helpful.
• In Confidence – which is the bulk of the information received from the majority of
agencies and NGOs
• Sensitive – in rare cases, information from CYF, possibly Police and Courts falls
into this category.
The majority of Children’s Team data is assessed to be “In Confidence”, and only
information which (if subject to breach) might endanger life would be deemed “Sensitive”.
The figure below is taken from the Security Framework Supplement Classification
Guidelines used for the classification:
47
48
APPENDIX 3 Information sharing processes for Children’s Teams
C.RESPOND TO NEEDS
B1.RECEIVE
CONTACT
B2.ASSESS RISK &
URGENCY
A1.IDENTIFY
VULNERABLE CHILDREN
A3.REQUEST FOR
INFORMATION/ADVICE
T
B3.DETERMINE
APPROPRIATE RESPONSE PATHWAY
B6.WRAP UP
END
EMERGENCY LINES (AMBULANCE/POLICE)
HELPLINES
B5.PROVIDE
INFORMATION/ADVICE
IF INFO/ADVICE ONLY
1 1 1
1
2
2 2
2 2
A. IDENTIFY NEEDS
A.IDENTIFY NEEDS
B.DETERMINE & REFER TO
APPROPRIATE RESPONSE PATHWAY
END TO END PROCESS
A2.RAISE CONCERNS
1
1
2
TB4.
HAND OVER TO RESPONSE PATHWAY
1
C1.RECEIVE &
REVIEW HUB REFERRAL
C2.ASSESS & ANALYSE
NEEDS
B. DETERMINE & REFER TO APPROPRIATE RESPONSE PATHWAY C. RESPOND TO NEEDS
DOES NOT MEET THRESHOLD & CRITERIACYF
1
C3.DEVELOP,
IMPLEMENT & REVIEW PLAN
END
C5.CLOSE CASE
C4.EVALUATE SUCCESS
Process Architect: Shani PillaiCAP Directorate: Hub Process Design
Version as at Sept 2015
A1.1Recognise and identify vulnerability in child/
children
A1.2Decide if a referral
should be sent to The Hub
A2.1Fill out Hub Referral
form
A2.2Send/Submit the
Referral form to The Hub
A3.1Contact The Hub for
information
2
2
YES
NOEND
B1.1Receive Referral
Form
T
T
T
NO
G1Capture the contact
1G2
Acknowledge receipt
A
If not an emergency/&
does not meet CYF threshold
A1/1.PARTNERED
RESPONSE (HAMILTON CITY)
CYF 1
ViKI
PROFESSIONALS/PRACTITIONERS
B1.2Explore and understand
requirement
Info/ advice only
B5
B2B3.1
Review Referral Form
B3.2Check if record
exists in ViKI
B3.3Look up/request
for additional information
ViKI
IPV
CYRAS
MSD
B3.4Perform initial
Tuituia assessment
ViKIViKI
ViKI ViKI
CYRAS
A1/1.PR (Hamilton
City)
CYF
CYRAS
2
1
1
ViKI
ViKI
1
1 1 1
1
1
1
1
1
1
2
B3.5Determine & record response decision
G3Send Notifications
A
1
1
B4.1Create & send Hub Referral together with supporting
information (if not CT)
1
ViKI
B6.1Undertake wrap up
tasks
1
ViKI
B6.12
2
END
ViKI
G4Manage workflow
A
1G5
Manage work tasks
A
1
ViKI ViKI
G3
A
M
KEY TO SYMBOLS
ViKI
T Process trigger
Channels
Process events
Hub Referral Form
Professional Judgement
Universal ServiceSpecialist serviceViKI used by
Hub & CT
HS
Tuituia Record
CYF
Hub Supervisor
1 2
C1.
1
C2. C3. C4.
C5.
Info Flow
CYF
49
APPENDIX 4
50
Tuituia framework:
Description
The Tuituia Framework is a single assessment framework which brings together the range of needs that
impact on the wellbeing of children.
Purpose
The purpose of using a single assessment framework is to:
focus on the cause(s) of presenting concerns to deliver preventative actions
consistency when assessing the needs that impact on a child’s wellbeing
determine the scope of actions and service provision
provide the foundation for a single shared integrated plan for each child, where services are co-ordinated and delivered according to the plan, and
enable a consistent approach for measurement of outcome indicators.
Components
The framework is made up of three major dimensions: child (Mokopuna ora), parents (Kiatiaki
Mokopuna) and family/community (Te Ao Hurihui).
Each of these three dimensions is further broken down into domains and related sub-domains:
Mokopuna ora – explores the holistic wellbeing of the child. The child’s individual aspirations and potential are central to all considerations concerning mokopuna ora. Here we seek to understand the child’s: o Attachments: with parents, siblings, caregivers, other significant adults; and the degree to which
these provide safety and security for them o Health: their physical wellbeing and development , their emotional wellbeing, including their
responses to any trauma, grief and loss in their lives; whether suicide and/or self-harm are a concern
o Identity and culture: understanding how they feel about themselves, their hopes, dreams and wishes, cultural beliefs and influences, their sense of belonging
o Behaviour: the extent to which their behaviour places them or others at risk of harm; their ability to understand right from wrong, self-regulate and take responsibility for their own actions
o Friendships: including their ability to empathise, to build stable and respectful relationships with peers and later intimate relationships; the extent to which these friendships promote wellbeing or support risk-taking behaviour
o Learning and Achieving: including this cognitive development, motor skills, skills, interest and abilities, self-care and independence, goals and aspirations
o Education: learning and achieving; exploration of their engagement and achievement in formal education settings or vocational training coupled with broader cognitive and motor development, acquisition of self-care and independence skill; their skills, interest and abilities and constructive use of leisure time.
51
Te Ao Hurihuri - describes the young person (if living independently from family) contemporary world and influences, and explores the family/whānau, social, cultural and environmental influences surrounding the young person. The concept of an evolving changing world is significant in providing a context to the situation that we engage with. Exploration of this dimension includes: o Networks of support: includes social and community relationships, cultural connectedness and
availability of, and ability to access and community services o Resources available: such as how income and housing to meet their basic needs o Family/whānau/hapu/iwi: understanding of extended family/whānau connections and
relationships and degree to which they support young person and stability of living circumstances.
Kaitiaki mokopuna – explores the capacity of the child’s parents and whānau to undertake their roles and responsibilities required to nurture and develop the well-being of the mokopuna. Here we seek to understand caregivers’: o Safe parenting factors: such as their health and wellbeing, intellectual functioning, substance
use and offending o Safety and basic care: including their ability to protect the child from harm and risk and their
ability to meet their basic care needs o Relationship with the child: including the degree to which they are attuned to the needs of the
mokopuna in their care o Skills and knowledge: of how to parent/care for mokopuna; their ability and willingness to
address any concerns o Guidance and supervision: which covers the ability to guide and support the child, set
boundaries and appropriate consequences and support their learning and development of social and life skills.
Outcomes
At the center are the outcomes that we aim to achieve for the child – to be safe, belong, healthy,
achieving and participating.
52
APPENDIX 5 Legal framework
First Alert/Notification The Hub and ViKI Children’s Team
Legal basis CYPF Act s15
Any person who believes that any child or young person has been, or is likely to be, harmed (whether physically, emotionally, or sexually), ill-treated, abused, neglected, or deprived may report the matter to a social worker or a constable. Principle 11(f) the disclosure of the information is necessary to prevent or lessen a serious threat (as defined in
section 2(1)) having considered: (a) the likelihood of the threat being realised; and (b) the severity of the consequences if the threat is realised; and (c) the time at which the threat may be realised.
AISA
5 agencies
Privacy Act 1993 s 96D An
approved information sharing
agreement may authorise a public
or private sector agency to share
any personal information with other
agencies in accordance with the
terms of the agreement. One of
those agencies must be a
Government Department).
Privacy Act 1993
Principle 11(a) – can share information for same purpose for which it
was given
Principle 10(d) - can share info for a different purpose if it is to prevent
or lessen a serious threat.
Consent (exit)
Privacy Act,
IPP11 (d)
disclosure
authorised by
consent – no
specific format
but more proof if
recorded in
writing
Consent
Not legally required.
Good practice - Referrer may have consent of parent/caregiver/child.
Hub social worker records evidence of consent
Not legally required but can’t really work well without consent.
Consent sought – conversation recorded.
Written Agreement to participate implicitly includes consent to
share information and conversation discussing this is recorded.
If no consent, then can:
still go ahead under PP11(a); OR
refer on to CYF if meets their threshold; OR
record in ViKI but not pursue further.
Consent
required
Consent sought
– conversation
recorded.
Information
sharing
purpose
Referral - Express concern
about a child’s wellbeing
Protected by CYPF Act s15
Information sharing-
Discuss assessment and decide on
response/pathway
Privacy Act, IPP11 (a)
Information Hand over
Share info given for the same purpose
PP11(a) or if there is a serious threat PP
10(d)
Need consent to hand information over to
another service provider if they are not a
party to the AISA and the threat is not
serious, e.g. to a NGO
Assessment
Sharing in Children’s Team
Privacy Act, IPP11 (a)
Engagement
Working with the
vulnerable child and
family/whānau to develop a
plan and take action
Information
hand-over
Warm
handshake on to
other service
53
Information
gathering
purpose
Hub social worker - Seek
further information from
referrer about concern for
assessment purposes
CYPF Act s66 – in need of
care and protection
Privacy Act, IPP11 (f)
Information Gathering
Inform high level assessment (Tuituia)
Decide on response/pathway
Privacy Act Part 9A (AISA)
Assessment
Gathering more information for
Tuituia assessment and to identify
best response
Privacy Act, IPP11 (a) and 10(d)
Reassessment
Gathering more information
to assess progress
Consent
Privacy Act, IPP11 (d)-
disclosure authorised by
consent
Information hand
over-exit
Need consent to
hand information
over to another
service provider
as threat is no
longer serious.
Who is
involved
Referrer, Hub social worker Hub social workers
5 agencies: MSD, Education, Health, Justice,
Police
Children’s Team
5 agencies
Professionals and practitioners
(organisations and individuals) as
required
Child, family/whānau,
Children’s Action Team,
Lead Professional, service
providers
Child.
Family/whānau
Lead
Professional,
Children’s Team,
other provider
Operational
process
Information Gathering
Hub social worker gathers
and records further details
from referrer.
Information Gathering, Analysis
(High level assessment) Tuituia
Information Gathering and Analysis
for assessment
(Detailed assessment) Tuituia
Panel Assessment
Planning and giving effect
to the child’s action plan
Transition plan
Nature of
information
Verbal or written personal anecdotal information and/or
Professional records or reports of personal information
About child and family members
Administrative data held nationally, initially
from MSD, then progressively including data
held by the other four agencies.
Verbal or written personal anecdotal information and/or
Professional records or reports of personal information
About child and family members
Professional
records or
reports of
personal
information
Guidance
Messaging
Advice to professionals and
practitioners
CYF Code of Conduct
CT Training
CAP Policies & Procedures
Agency procedures under Privacy Act –
appeals & disputes processes
Professional Codes
CAP Operations Guide
OPC information sharing guidelines
CYF Code of Conduct
CT Training
CAP Policies & Procedures
CAP Privacy and Complaints procedures under Privacy Act
NGOs Privacy and Complaints Policies
Professional Codes