Protecting sensitive information in meetings 22 Feb 2019
How can you ensure that people have the freedom to share their concerns at meetings without being worried about the consequences of recording them in the minutes? This is an issue which plagues various groups.
The Privacy Act 1993 applies to any agency. This is defined as a person or body of persons that collects, uses or stores personal information. Examples of this include businesses, organisations, church groups or societies. If you are a private organisation (i.e. not a government body), the Official Information Act does not apply and you will have a lower threshold of disclosing information.
Information is considered to be personal when it is about an identifiable individual. It does not have to be private or sensitive to meet this threshold.
When personal information is stored by an agency, the person it relates to has the right to access this information. This may include:
- Any references to them in the minutes of a meeting;
- Communication between the person and the agency;
- Decisions made in relation to the person;
- Any complaint the person has made or a complaint about that person.
A request to access this information may be refused if:
- the information would disclose a trade secret;
- the information would be likely to unreasonably prejudice the commercial position of the agency or person;
- disclosure would involve personal information about other people. An individual may only request access to information relating to themselves under the Privacy Act. This may mean that all other references to other people are taken out of the document before it is given to the requester;
- disclosure would result in an unjustifiable breach of another person’s privacy.
If you are an agency concerned with not disclosing sensitive information about someone, you should consider:
- censuring the names if disclosure was recorded. As personal information has to be identifiable, removing the names would avoid this;
- not recording the concerns.
Ultimately your response will be determined by what the agency’s own policy and constitution allows and the current standard practice.
If you want to dive deeper into this topic, the Privacy Commissioner has also published this for clubs and societies.