From the briefing paper that outlines issues in inter-agency sharing of information and reviews various options, the preferred option:
We believe that the greatest promise is held by the concept of an “approved sharing programme”. In two Canadian provinces, Alberta and British Columbia, one of the statutory exceptions to the non-disclosure principle is “a common or integrated programme or service”.36 In neither Act is this phrase defined; instead its meaning is spelt out in guidance. The detail is, as it were, below the surface. Examples given in the Alberta guidelines suggest that the concept is principally focussed on programmes of beneficial service of the Linwood Service Centre kind.37
We think that for New Zealand the Canadian concept should be extended in two ways. First, we think that the exception should cover all types of sharing programmes and not just “beneficial service” programmes. In fact we think it would be quite difficult to isolate such a category. The solution we propose would be a general one which would cover programmes whose sole purpose is to provide holistic service to an individual or family; programmes which envisage the taking of adverse action against an individual; programmes which combine both these things; and programmes which raise at least the possibility that both may be involved. It would also include programmes which are presently dealt with as information matching. In other words, the concept should be the broad one of an “approved information sharing programme”. Secondly, we believe that such programmes should require formal approval by Order in Council, and that legislation should lay down explicit rules for that approval, and clearly prescribe the protections which surround such programmes. Only in this way can the risks that attach to sharing programmes be sufficiently managed and solutions to them be prescribed. The types of programme are likely to vary considerably. Some would involve more agencies, more information, and more risks than others. Some might modify the application of one or more of the information privacy principles in the Privacy Act. The safeguards and checks and balances would need to be proportionate to those varying levels of risk.
Read the full briefing here (pdf).