NZ banks’ terms & conditions for handing customer data to the police

Nicky Hager’s lawyer Felix Geiringer  asks: What do New Zealand’s leading banks say in their terms and conditions about handing their customers’ data to Police and other Govt agencies?

They say they will hand over customer to data in breach of Privacy Act. Westpac have apologised to Hager and have promised to change their terms

But the other major banks have made vague assertions that they will not breach customer privacy but still have dodgy terms, and have not made a commitment to change their terms to comply with the law.

Regardless of views about Hager’s use of hacked data, this is an important issue for everyone.

Via Twitter @BarristerNZ:

There has been significant publicity over Westpac’s decision to hand Nicky Hager’s data to Police. But this issue was never limited to Westpac.

A study conducted by the OPC in 2015 suggested that our financial institutions might have been releasing to Govt the data of close to 10,000 customers per annum without a warrant / production order.

Possibly close to 10,000 customers each year! And this appears to have been happening for over a decade.

Plus, all our banks, not just Westpac, had entered into a written agreement with NZ Police to give over customers data without warrants or productions orders.

Basically, all our banks promised Police that they would breach the Privacy Act if Police asked them to. And it looks like Police may have made many thousands of such requests.

Westpac said to Hager that its terms permitted the release. The OPC rejected the argument that those terms could be relied upon. However, Westpac terms, on their face, did set a much lower bar for releasing data than our Privacy or Search and Surveillance legislation.

Westpac have apologised for its breach, and it has also promised to change its terms. There will now be an enforceable contractual promise from that bank to customers that it will not do this again.

What about other banks?

I am told that in answer to journalists’ questions some other banks have made vague assertions that they will not breach customer privacy. But what do their terms actually say?

Kiwibank’s terms are very similar to the ones Westpac had at the time of the Hager release.

Kiwibank’s terms assert that, by banking with it, you authorise it to release your data to Police whenever Kiwibank thinks it will help Police with an investigation.

That test bypasses the protections that parliament has put in place which limit releases to circumstances where Police can objectively establish reasonable grounds to believe the data is evidence of a crime.

ANZ’s terms are almost the same again, arguably even looser. It says that by banking with it you agree that it can give your data to Police if it believes that doing so will help prevent crime.

ASB’s terms are more open to interpretation. It can release data to Police when required to by law. There can be no objection to that. But it can also release data in a variety of other circumstances.

ASB’s terms define the purposes for which it is holding your data to include to “investigate illegal activity”. The terms allow release to 3rd parties for this purpose. However, the Govt isn’t expressly listed as one of those 3rd parties.

If the list of 3rd parties in ASB’s terms is read as a closed list, it arguably has the best terms. If it is not read as a closed list, then it has one of the worst terms.

BNZ’s terms are clear, and are clearly the worst of those discussed here. Its terms claim that you have authorised it to share your data with Police or other Govt agencies for the purpose of detecting any crime.

The circumstances of release permitted by BNZ’s terms are astoundingly broad. Those terms have little regard for the duty to protect the secrecy of BNZ’s customers’ information.

I haven”t analysed TSB’s terms.

So, there you have it, and I think that this raises serious questions. We know the NZ banks were doing a very bad job of protecting our private data. They say they are doing better now, but are they?

And, if these banks are now not handing over data to Police without a warrant or production order, why is this still not reflected in their terms?

Principle 11, Privacy Act 1993 – 6 Information privacy principles: Limits on disclosure of personal information

 

Leave a comment

5 Comments

  1. Blazer

     /  11th March 2019

    the banks are always a law unto themselves.

    When sprung breaking the law,they just pay fines and continue on.

    When they go broke they get Govts to bail them out.

    When they are shakey they rely on Govt guarantees to meet their obligations.

    The private central banking system is a suppurating sore on the face of humanity.

    Reply
  2. NOEL

     /  11th March 2019

    So the Privacy Act trumps solving a crime?

    Reply
    • Blazer

       /  11th March 2019

      what ‘crime’?

      Reply
      • Kitty Catkin

         /  11th March 2019

        Any crime. Money laundering, tax evasion, money from drug dealing….I thought that banks were obliged to make that available. The government’s welcome to look at mine, if it doesn’t mind being bored to death.

        Reply
    • Blazer

       /  11th March 2019

      you have the right to remain silent…why should heinous criminals like bankers not respect your inherent right to…privacy?

      Reply

Leave a Reply to NOEL Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s