E.17.01 Prisoners Requests For Access To Personal Information

Policy Standard

• Requests for personal information by prisoners are processed in accordance with the Privacy Act 1993.

Performance Standards

1. A request for personal information (which need not be in any particular form) is to be answered as soon as reasonably practicable, but not later than 20 working days after the day of the request.
2. A request for personal information can be made either by the individual to whom the personal information relates, or by an ‘authorised agent’, i.e. someone authorised by the individual to make the request.
3. An authorised agent must have the written or proper authority to request the personal information. Verification from the person whose information is being requested can clarify this.
4. Requests made by persons without authority to be an agent, or who are requesting personal information about other individuals are to be treated as requests under the Official Information Act 1982 (Refer Policy and Procedures Manual System E.16).
5. Requests for personal information may also be made by government agencies who have a statutory authority for the disclosure of personal information (Refer to – E.17.02).
6. Under Information Privacy Principle 6 (IPP6) a prisoner has a legally enforceable right to obtain confirmation as to whether personal information is held about them and to have access to that personal information.
7. Under Information Privacy Principle 7 (IPP7) a prisoner is entitled to request correction of personal information, or to have attached to it a statement provided by the prisoner requesting the correction sought but not made. The prisoner is to be informed of the steps taken in response to their request.
8. The prisoner can elect to have disclosure of their personal information by receiving a copy of it, by inspecting the original (a prisoner is not to be left unsupervised with a file), by hearing oral information about its contents, or by being provided with a summary, unless any of these options would be administratively inefficient, contrary to the legal duty of the agency, or prejudicial to the interests outlined in 10 below. Reasons are to be given if the form of disclosure is not in the prisoner’s preferred option. If a prisoner chooses no particular form of disclosure then the most appropriate form in the circumstances is to be chosen.
9. All information subject to a request for disclosure must be carefully examined by an officer authorised by the Prison Manager before information is released.
10. The good reasons for refusing to disclose personal information include but are not limited to:
    • If disclosure would prejudice the security, defence or international relations of New Zealand (s27(1)(a)); or
    • If disclosure would prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial (s27(1)(c)); or
    • If disclosure would endanger the physical safety of any individual (e.g. informants) (s27(1)(d)); or
    • If disclosure would involve the unwarranted disclosure of the affairs of another individual, including deceased individuals (s29(1)(a)); or
    • If disclosure, being ‘evaluative material’ (i.e. for the purposes of determining eligibility for employment, or promotion or continuance of employment, or removal from employment, or for the award of scholarships, awards, or other benefits or whether these should be continued, changed or cancelled, or for insurance purposes) would breach an express or implied promise to the supplier of the information that this, or their identity, would be kept confidential (s29(1)(b)); or
    • If, after consultation with the prisoner’s medical practitioner, disclosure of mental or physical health information would be likely to prejudice the mental or physical health of the prisoner (for this reason the contents of Psychological Service reports are not released without the permission of the Principal Psychologist of the relevant Psychological Service Office) (s29(1)( c)); or
    • If disclosure would be likely to prejudice the safe custody or the rehabilitation of that individual (e.g. information which is likely to distress an ‘at risk’ prisoner) (s29(1)(e)); or
    • If disclosure would breach legal professional privilege (e.g. a departmental legal adviser’s notes on an issue – the legal adviser must be contacted to determine if the privilege exists) (s29(1)(f)); or
    • The release of information would constitute contempt of court or of the House of Representatives (s29(1)(i)); or
    • The request is frivolous or vexatious, or the information requested is trivial. These are the truly irrational, mischievous or malicious requests. Triviality is a judgement on the circumstances of the case and cannot simply be assumed because requests are numerous, time consuming or appear to have no practical purpose (s29(1)(j)); or
    • The information is not readily retrievable, does not exist, or cannot be found (s29(2)(a) &(b)); or
    • The information is not held by the agency and there are no grounds for believing the information is held by another agency, or connected more closely with the functions of another agency (s29(2)(c)).
11. There are other grounds for refusing disclosure of personal information contained in sections 27 to 29 of the Privacy Act. Access to personal information can not lawfully be refused for any reason other than those in the Privacy Act.
12. It is good practice to copy exactly what has been released, and if a further request is made for another copy of the entire file, it is justifiable for only a copy of information gathered since the first request to be provided.
13. A decision to refuse disclosure of certain personal information is not the same as a blanket refusal to disclose all information held on an prisoner’s file (in some situations only sections of the file / document need to be withheld and the other parts can then be released (e.g.: the names of other prisoners may in some instances be able to be deleted from documents such as incident reports if one of the good reasons for non-disclosure exists).
14. The names of staff members contained in documents held on prisoners’ files, that are the subject of a request for disclosure, cannot be deleted unless good reason exists under the refusal provisions of the Act, to allow the names to be withheld.
    
    For example: In some cases there may be grounds for deleting staff name(s) from copies of Incident Reports under section 27(1) (d) of the Privacy Act 1993 on the grounds that “disclosure would endanger the physical safety of the staff member(s) concerned (Performance Standard 10).
    
    The following steps should be followed by the officer authorised by the Prison Manager to examine information subject to a request for disclosure, when considering whether or not staff name(s) can be deleted from a copy of an Incident Report on this ground.
    1. Consider whether the identity of the staff member(s) whose name(s) are in the report is already known to the prisoner requestor. This is because the identity of those staff members cannot be deleted on the basis that disclosure would be likely to endanger their safety, when you are not disclosing their identity because it is already known to the prisoner requestor.
       In most cases it will be clear from the Incident Report whether or not the identity of the staff member(s) is already known to the prisoner requestor, but occasionally it may be necessary to check with the staff member(s) involved.
    2. If it is clear that the identity of the staff member(s) whose name(s) appear in the Incident Report is not known to the prisoner requestor, those staff members should be told about the refusal provision under section 27 (1) (d) of the Privacy Act 1993 and given the opportunity to outline what, if any, concerns they have for their safety if the incident report is released without their name being deleted.
    3. A decision must then be made as to whether or not the concerns outlined by each staff member amount to a sufficient basis to justify deleting his / her name.
       
       Note: When the incident report concerned is evidence in relation to a disciplinary offence charge full disclosure is generally always required, so it is not necessary to follow this process when responding to a request for disclosure for the purpose of a disciplinary offence hearing.
15. The reason for refusing disclosure of all or part of an prisoner’s file or a particular document are given at the time of refusal and the grounds for this reason are also given unless this would prejudice the interests being protected. The prisoner must also be advised of their right to complain to the Privacy Commissioner to seek an investigation and review of the refusal.
16. It must be remembered that reasons for refusing disclosure of personal information have to be justified if a prisoner makes a complaint to the Privacy Commissioner.
17. Prisoners or their authorised agents cannot be charged for the disclosure of their personal information.
18. A record of all requests by prisoners for disclosure of personal information is maintained at a central location at each site / unit. A record of the information that is disclosed / withheld is kept and the dated on which disclosure is made is recorded.
19. Any concerns about compliance with the Privacy Act should be directed to one of the Legal Advisers at National Office.

Procedure Standard

• All requests for personal information made by Prisoners are to be forwarded to the Prison Manager or delegate for a response.
• All requests for personal information made by Prisoners will be recorded in a site register maintained by the Prison Manager or delegate.
• The Prison Manager or delegate will enter all requests into the register.
• The register will contain details of the request, including but not limited to;
  • Requester name.
  • Date received.
  • Information required.
  • Decision on release of requested information.
  • Reason for decision.
  • Date of reply.
• Requests for personal information requested by Prisoners will be facilitated in accordance with E.17.

Key Roles and Responsibilities

Prison Manager or delegate

• Must keep a register for audit purposes.
• Compete the request and record in the register.
• Determine if the request is to be approved or declined.
• Liaise with Legal Section for advice if required.
• Must examine information before it is released
• Foward all requests to the appropriate Unit Manager for processing.
• Keep a copy of what the prisoner has requested.

Unit Manager

• Record in writing any oral requests for access to personal information.
• Ensure that request is relevant, not frivolous.
• Ensure that any information request is handled in accordance with the Privacy Act 1993.
• Contact Legal for advice if required.
• Submit response to the Prison Manager or delegate for vetting and processing.
• Ensure that the prisoner is informed of decision to either allow access or decline request, and under what grounds any refusal has been made.
• Advise the prisoner that he has the right to complain to the Privacy Commissioner to seek an investigation and review the refusal.
• Ensure that any copies of information are signed and dated, prisoners file noted, file notes notated.
• Ensure that any staff whose name appears on information requested are notified.
• Ensure that prisoner file is checked, up to date and accurate.
• Ensure that staff supervise prisoner whilst he has access to personal file.
• Give information to prisoner within 20 working days after day of request.

Prisoners

• Make all requests for access to personal information in writing addressed to the PCO of the accommodation Unit in which the prisoner is housed.