Sam Grover of the Office of the Privacy Commissioner of New Zealand has written a post about the Ashley Madison data leak and what New Zealand law says about the use or any data in the data dump. Here are some excerpts:
My name is in the data dump and people are threatening to use it against me. What can I do?
If someone is threatening, blackmailing or intimidating you, you should contact the Police immediately.
If contact, profile or credit card information from Ashley Madison is being distributed by someone you know, you can make a complaint to this office. We will be able to investigate, but that process will take some time.
If your presence on the list has made its way to a radio or television publication, you should complain to the Broadcasting Standards Authority. And if it is being published in a newspaper or magazine (print or online), you should complain to the Press Council.
Complain to the Broadcasting Standards Authority
Can I check peoples’ email addresses against the leaked information? I don’t want to hire/associate with/work with adulterers.
Not without considerable risk that you might end up being in breach of the Privacy Act! Principle 8 of the Privacy Act says that you should not use personal information without taking reasonable steps to check that it is accurate. There is no way to ensure that the Ashley Madison data is accurate because Ashley Madison did not require email verification. People did not have to prove that their emails were, in fact, theirs – or that the addresses real in the first place.
This means that you cannot be sure of the accuracy of any information in the data dump, so using it to make any decisions (including whether to hire someone) would be an interference with his or her privacy.
A recent Human Rights Review Tribunal judgement highlighted how important this is: A company distributed inaccurate credit reporting information about an individual without taking the necessary steps to make sure it was accurate. The organisation was found to have interfered with his privacy and ordered to pay $25,000.
Can media use the data?
The news media is exempt from most of the Privacy Act, and the right to freedom of expression is enshrined in the New Zealand Bill of Rights Act. However that does not mean the news media has carte blanche.
The Broadcasting Standards Authority and Press Council both have privacy requirements. If you’re a broadcast journalist, you’ll need to defend the fact that publishing this information isn’t ‘highly offensive to an ordinary reasonable person.’ Given the nature of this information, that defence will be a challenge.
If you’re a print journalist, the standard is even higher – the Press Council dictates that any publication of private material needs to be in the public interest or public record.
Both of these standards will be hard to make because the information is
1) Intimate and personal
2) Difficult (if not impossible) to verify as accurate
As an example, the hosts of an Australian radio show used this data to tell a woman her husband was registered on Ashley Madison while live on the air. Lets forget about the legal liabilities involved for a moment. Even the hosts recognised they had crossed the line and left common decency behind with that stunt.
Read more on the Office of the Privacy Commissioner of New Zealand.