Certified Hard Copy POI documents for PI FOIs
Dear NBN Co Limited,
I noted from NBN Co correspondence published here on Right to Know that NBN Co is requiring FOI applicants whose FOI even minimally might touch on PI of their own, to send by hard copy only certified copies of birth certificates and driver's licenses to a street mailing address specified by NBN Co.
While it is important under APP 11 of the Privacy Act that NBN Co take 'reasonable proportionate steps' to ensure personal information is only disclosed to parties it is lawfully allowed to, can you please advise:
* how the disclosure of the distance of a service property to its nearest fibre node could constitute 'personal information' given it might disclose information about property infrastructure but not an individual
* how the sole identity verification method sending of certified copies of birth certificates and drivers' licences via unsecure postal service is not unreasonably intrusive and excessive (given the personal information such documents contain) for the purposes of confirming a person resides at the service property in question.
The reason I ask is that it appears that you may be breaching the Australian Privacy Principles by using intrusive and excessive collection not reasonably necessary for the purpose it is being sought for, due to the lack of proportionality and a misunderstanding of what is personal information (which is about a natural person, not objects).
Yours faithfully,
Verity Pane
Dear Ms Pane
Thank you for your email to nbn’s FOI Officer email address.
It appears that your email is not a request for documents under the
Freedom of Information Act (Cth) (FOI Act) and it therefore does not
appear to be an FOI Act application as such.
In relation to your queries about the collection of personal information
in the course of handling FOI requests, nbn takes its obligations under
the FOI Act and the Privacy Act seriously. nbn does not request
verification of an FOI applicant’s identity if the scope of an FOI
application does not appear to include the FOI applicant’s personal
information.
If the scope of an FOI application appears to cover the FOI applicant’s
personal information, nbn must first establish that FOI applicant’s
identity so that nbn does not release the FOI applicant’s personal
information without their permission. nbn takes a flexible approach to
this and adapts its requirements to the circumstances of each case to
ensure that it collects such personal information appropriately.
Regards
Rohan Singh
Freedom Of Information Officer
T 02 9031 3022 | E [1][email address]
Level 13/100 Mount Street, North Sydney NSW 2060
nbn acknowledges and pays respects to the traditional custodians of all
the lands upon which we work.
Notice to recipient: This e-mail is intended only to be read or used by
the addressee. It is confidential and may contain information that is
subject to legal professional privilege or protected by copyright. If you
are not the addressee indicated in this message (or responsible for
delivery of the message to that person), you may not copy or deliver this
message to anyone, and you should destroy this message and kindly notify
the sender by reply e-mail. Copyright, confidentiality and legal
professional privilege are not waived or lost by reason of mistaken
delivery to you. Emails to/from nbn co limited ABN 86 136 533 741 may
undergo email filtering and virus scanning, including by third party
contractors, however, nbn co limited does not guarantee that any email or
any attachment is secure, error-free or free of viruses or other unwanted
or unexpected inclusions. Any views expressed in this message are those of
the individual sender, except where the sender specifically states them to
be the views of nbn co limited.
PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING
FOI2122039
Dear FOI Officer,
The FOI Guidelines state that FOI officers are not to take a pedantic approach to interpretation of FOI applications, and so long as the FOI reasonably provides in writing what its scope is, and how notices may be given, then it is a valid FOI.
Given the nature of my application, it reasonably sought copies of NBN Co documents that directed the verification of identity for access to copies of documents identifying NBN nodes and service distances.
It also sought copies of NBN Co's record of consideration of APP 11 in relation to NBN Co directing collection of certified birth certificates and drivers licences via unsecure means only.
I do not consider your response can be reasonably interpreted as administrative access given it does not address how NBN Co infrastructure to service properties involves personal information given it involves no ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable'.
As was held by the Full Court of Federal Court in 2017 in Privacy Commissioner v Telstra Corporation Ltd [2017] FCAFC 4, information ‘about’ the way in which a telecommunications company such as NBN Co delivers its infrastructure is not information ‘about an individual’ even if NBN Co would not have generated the network if an individual had not requested it.
The details of distance from a node for a service property is therefore not personal information under the Privacy Act.
Collecting personal information in a manner that involve intimidation, deception, or unreasonable intrusion is a breach of APP 3.5 of the Privacy Act. It appears NBN Co is engaging in at least two, if not three, of these.
NBN Co also appears to be breaching APP 11 by unnecessarily exposing those who do concede to your deceptive demands to unreasonable risk of interception and misuse of personal information documents commonly used for identity theft by specifying only one insecure means of providing them.
NBN Co appears to be deceptively using an unreasonable demand for PI collection as an intimidating barrier for access contrary to both the Privacy and FOI Acts.
Yours sincerely,
Verity Pane
NBN Classification - Restricted
Dear Ms Pane
Thank you for your email. I have questions to clarify the issues.
Your email below suggests that you have made a request for documents. Are
you referring to your email sent to nbn’s FOI Officer email address on 13
April 2022? That email did not seek any documents but instead asked some
questions, which I answered in my email sent on 26 April 2022.
Is there another email that you are referring to which contains your FOI
request?
Do you wish to make an FOI Application solely in relation to the distance
from an nbn node to a certain address? If so, please let me know, and
specify the address of the premises so that I can process your
application. You would not need to provide proof of your identity for
such a request.
Please note however that access to that information may be subject to
carve-outs or exemptions under the FOI Act. Alternatively, you may be
able to obtain this information from your retail service provider.
Incidentally, to supplement my email sent on 26 April 2022, please note
that nbn does not request verification of an FOI applicant’s identity if
the scope of an FOI application does not appear to include the FOI
applicant’s personal information, or if the FOI applicant’s identity is
not otherwise needed to process the application. Please note that an
applicant’s identity can be relevant in deciding if requested documents
are exempt. In addition, it is not nbn’s practice to request birth
certificates as proof of identity. nbn leaves the form of the
identification largely to the Applicant.
I’d be happy to arrange a time to speak with you to discuss the scope of
any FOI application you would like to make. My phone number is below, or
I’m happy to call you if you let me know your number.
Regards
Rohan Singh
Freedom Of Information Officer
T 02 9031 3022 | E [1][email address]
Level 13/100 Mount Street, North Sydney NSW 2060
nbn acknowledges and pays respects to the traditional custodians of all
the lands upon which we work.
Notice to recipient: This e-mail is intended only to be read or used by
the addressee. It is confidential and may contain information that is
subject to legal professional privilege or protected by copyright. If you
are not the addressee indicated in this message (or responsible for
delivery of the message to that person), you may not copy or deliver this
message to anyone, and you should destroy this message and kindly notify
the sender by reply e-mail. Copyright, confidentiality and legal
professional privilege are not waived or lost by reason of mistaken
delivery to you. Emails to/from nbn co limited ABN 86 136 533 741 may
undergo email filtering and virus scanning, including by third party
contractors, however, nbn co limited does not guarantee that any email or
any attachment is secure, error-free or free of viruses or other unwanted
or unexpected inclusions. Any views expressed in this message are those of
the individual sender, except where the sender specifically states them to
be the views of nbn co limited.
PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING
FOI2122039
Dear Rohan,
The FOI Guidelines state that FOI officers are not to take a pedantic approach to interpretation of FOI applications, and so long as the FOI reasonably provides in writing what its scope is, and how notices may be given, then it is a valid FOI.
Given the nature of my application, it reasonably sought copies of NBN Co documents that directed the verification of identity for access to copies of documents identifying NBN nodes and service distances.
It also sought copies of NBN Co's record of consideration of APP 11 in relation to NBN Co directing collection of certified birth certificates and drivers licences via unsecure means only.
I do not consider your response addresses this. I find it unethical of you to pretend otherwise, as even if you did not comprehend this from my request of 13 April it would have been explicit to you such a formal FOI had been made by my response of 3 May that clearly stated such documents were sought under FOI.
Despite this, you have let this FOI go deemed refusal. NBN Co, even with a deemed refusal, still remains obligated under the FOI Act to provide said decision to substitute this deemed refusal.
In closing, your claim that 'NBN [Co] does not request verification of an FOI applicant’s identity if
the scope of an FOI application does not appear to include the FOI applicant’s personal information, or if the FOI applicant’s identity is not otherwise needed to process the application' is clearly untenable given the multiple FOIs about service distance from a property boundary to an NBN node here on Right to Know received demands for personal identity verification.
This is despite any document about 'service distance from a property boundary to an NBN node' containing no personal information about any private individual, because it involves no ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable'.
Again, as was held by the Full Court of Federal Court in 2017 in Privacy Commissioner v Telstra Corporation Ltd [2017] FCAFC 4, information ‘about’ the way in which a telecommunications company such as NBN Co delivers its infrastructure is not information ‘about an individual’ even if NBN Co would not have generated the network if an individual had not requested it.
It is technical information about the NBN network, not personal information, and the intent of these improper PI verification demands appears to be nothing more than to create an artificial and unlawful chilling and barrier to access to official information.
Worse, it is privacy intrusive and unnecessarily creates risk of interception of documents commonly used to perpetuate identity theft, because NBN Co demands them in one way only using an unnecessary and unsecure method.
So again, where is the document/s NBN Co hold that established and created this unnecessary unlawful and privacy violating demand - who at NBN Co decided this to create this APP 11 risk and breach of the FOI objects, because if it is not documented it further underlines this as an abuse of process applied by your FOI section.
Has your Chief Privacy Officer (required by the Act) even approved this practice?
You can't just wild west cowboy your way on this - it is fair to request verification of identity in order for FOI applicants to access personal information, but this type of information is not and has never been personal information, and I think you are well aware of this.
Otherwise you would have processed this FOI by now.
Verity Pane
Dear Ms Pane - my apologies for the delayed response. I have received
your email and will come back to you on your request shortly.
Regards
Rohan Singh
Freedom Of Information Officer
T 02 9031 3022 | E [1][email address]
Level 13/100 Mount Street, North Sydney NSW 2060
nbn acknowledges and pays respects to the traditional custodians of all
the lands upon which we work.
Notice to recipient: This e-mail is intended only to be read or used by
the addressee. It is confidential and may contain information that is
subject to legal professional privilege or protected by copyright. If you
are not the addressee indicated in this message (or responsible for
delivery of the message to that person), you may not copy or deliver this
message to anyone, and you should destroy this message and kindly notify
the sender by reply e-mail. Copyright, confidentiality and legal
professional privilege are not waived or lost by reason of mistaken
delivery to you. Emails to/from nbn co limited ABN 86 136 533 741 may
undergo email filtering and virus scanning, including by third party
contractors, however, nbn co limited does not guarantee that any email or
any attachment is secure, error-free or free of viruses or other unwanted
or unexpected inclusions. Any views expressed in this message are those of
the individual sender, except where the sender specifically states them to
be the views of nbn co limited.
PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING
FOI2122039
Dear Ms Pane
My Access Decision in relation to your FOI application is attached. There
were no documents found within the scope of your application.
As indicated below, if you wish to make an FOI application solely in
relation to the distance from an nbn node to a certain address, you would
not need to provide proof of your identity for such a request. Please
note however that access to that information may be subject to carve-outs
or exemptions under the FOI Act.
Regards
Rohan Singh
Freedom Of Information Officer
T 02 9031 3022 | E [1][email address]
Level 13/100 Mount Street, North Sydney NSW 2060
nbn acknowledges and pays respects to the traditional custodians of all
the lands upon which we work.
Notice to recipient: This e-mail is intended only to be read or used by
the addressee. It is confidential and may contain information that is
subject to legal professional privilege or protected by copyright. If you
are not the addressee indicated in this message (or responsible for
delivery of the message to that person), you may not copy or deliver this
message to anyone, and you should destroy this message and kindly notify
the sender by reply e-mail. Copyright, confidentiality and legal
professional privilege are not waived or lost by reason of mistaken
delivery to you. Emails to/from nbn co limited ABN 86 136 533 741 may
undergo email filtering and virus scanning, including by third party
contractors, however, nbn co limited does not guarantee that any email or
any attachment is secure, error-free or free of viruses or other unwanted
or unexpected inclusions. Any views expressed in this message are those of
the individual sender, except where the sender specifically states them to
be the views of nbn co limited.
PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING
FOI2122039
Mr Singh,
It isn't tenable to claim you have that you have not placed unlawful barriers to access on foi requests about the NBN network (by demanding certified copies of birth certificates and driver's licenses to be sent to NBN Co by mail, when the foi request involved no personal information) when such demands have been published here https://www.righttoknow.org.au/request/7...
I hope NBN Co will now cease such unethical practices, as such a demand is only valid (just) when the foi is requesting personal information. Network information about distance from a node to a service point is not personal information.
Verity Pane