We have split the FAQs into sections to help you. If you don't understand any of the terms used, please check out the glossary at the end of this page.
Q: What do we mean by investing for social wellbeing?
A: There are four key parts of the investing for social wellbeing approach: people centred; based on a wide range of evidence; built on partnerships and trust; and underpinned by clear goals and robust measurement. Combining these four parts and applying them as a holistic way of working will mean people are better supported and resourced to improve theirs and others’ wellbeing, contributing to broader positive social outcomes.
Q: What does wellbeing mean?
A: Wellbeing refers to the ability of individuals and families to live the lives they aspire as part of inclusive, fair and prosperous communities. It includes both material conditions and quality of life.
Q: How is investing for social wellbeing approach different from social investment?
A: While the investing for social wellbeing approach has some similarities with the previous social investment model, it differs from it in a number of key areas. The focus has shifted from reducing government costs to improving the wellbeing of New Zealanders. The new approach also aims to put more emphasis on making sure that people are included in decisions that affect them. Investing for social wellbeing acknowledges that while data and analytics are important when making decisions about services, the real life experiences and knowledge of people who deliver and receive services are equally as important.
Q: Why do we need this approach?
A: The investing for social wellbeing approach provides the method for the social sector to work more effectively to improve the wellbeing of all New Zealanders so that individuals, their families, and communities can live the lives they aspire to.
Q: How will this approach be implemented?
A: It is too early to say. It will depend in part on what we learn through the engagement process. We will actively work to engage with a wide range of stakeholders, including service users, non-government organisations (NGOs), iwi and people working in frontline organisations on how to best implement the approach. Feedback from the engagement process will be collated into a paper which we expect to take to Cabinet in October so Ministers can agree to the approach. This Cabinet paper will also include recommendations about how to best implement the approach.
Q: Will funding, training or other resources be provided to allow service providers to be able to implement the approach?
A: It is too early to say. We’re talking to New Zealand to get input on the high level features that underpin the investing for social wellbeing approach. We also want to start building an understanding of what kind of support and capacity will be needed to implement the approach and what the impacts of the approach will be.
Q: Is this about profiling people?
A: No it’s not. We know that some people need more or different support than others to live the lives they aspire to. We also know that common supports that can have wide ranging impacts for large groups of people. The investing for social wellbeing approach takes into account that people are more than just numbers, and together data, experience and other evidence create rich and broad insights. Our approach works towards using the tools and supports we know will have the greatest impact while also tailoring solutions for those with high needs.
Q: Do we all need to be data or technical experts to be able to implement this?
A: No, we don’t. Better use of data is a big part of this approach, and as we look at implementation we will assess the system and the support needed to do this. We will work closely with a wide range of stakeholders, including service users, NGOs, iwi and people working in frontline organisations on how to best implement the investing for social wellbeing approach.
Q: Why do we need this policy?
A: Information collection, use and sharing play an important role in ensuring the most effective services are provided to the people who need them. At the same time, service users need confidence that the right processes are in place to ensure their personal information is being collected, used and shared appropriately.
The policy is expected to guide social sector organisations on what to consider when collecting, storing, using and sharing the personal information of service users. The policy will make it easier for organisations to understand what is and isn’t appropriate, how we can work through the grey areas together, how to work safely with people’s personal information, and how insights gained from data can be safely shared to help service providers deliver what is needed at a time that will make the most difference. It is essential that the policy will be delivered in the way that builds trust.
Q: What do we mean by a “policy”?
A: The Data Protection and Use Policy does not intend to change the law. The Policy is likely to be a combination of rules, principles, protocols, guidance, and a practical ‘ ‘toolkit’ to support and enable the social sector to easily understand what‘s appropriate and how to safely work with personal information.
The ‘toolkit’ is likely to include guidelines and educational solutions such as ‘how to’ guides and case studies that show how a principle or guideline is enacted in practice. The toolkit may also include other educational solutions, good practice guides and potentially interactive digital tools and services.
Q: What are the major areas the policy will address?
A: The scope of the policy is to:
Q: How are findings from the engagement being used to inform the policy?
A: The findings of the engagement on the protection and use of data have confirmed the major areas set out for the policy to address as appropriate. We’re using the findings to ensure that we develop a draft policy that addresses a range of concerns, is practical and applicable to a diverse sector.
Q: How will this new policy be implemented?
A: It is too early to say. It is something being considered and will depend in part on what shape the final policy takes and what we learn through the consultation process. The policy is anticipated to include a description of the roles and responsibilities of organisations within the system, and details on governance bodies, particularly for the Policy itself. We anticipate the organisation responsible for the Policy, once finalised through Cabinet, will manage the implementation process including accountabilities for organisations who are adopting the Policy, and be available to support organisations as they implement the Policy.
Q: How long will it take to implement the new policy?
A: It is too early to say. Implementation timeframes are likely to be determined with, or by the organisation(s) that will be responsible for the Policy once it is developed.
Q: What is the relationship between this work and the 2016 Ministry of Social Development policy relating to individual client level data (ICLD)?
A: In 2016 MSD announced that there would be a general contractual requirement requiring the disclosure of individual client-level data about service users. The need for a policy relating to the protection and use of personal information in the social sector emerged following a report by the Privacy Commissioner in April 2017, which concluded that the MSD approach was inconsistent with the principles of the Privacy Act. This original proposal to require personal information as a general contracting requirement with NGOs has been withdrawn.
The objective of this work is to create a policy which will provide practical assistance to the entire social sector on appropriate collection, use and sharing of personal information, when other types of data should be preferred, and explore how what we can learn from a range of sources can be returned to communities.
Personal information plays an important role in the provision of social services. For example Work and Income’s provision of benefit payments and employment support requires personal details, employment and income history, health conditions and details about living arrangements to provide support.
Q: Is this work similar to the work of the Data Futures Partnership?
A: A lot of work has been done on these issues and we are building upon this work. The guidelines and research produced by the Data Futures Partnership (DFP), as well as other work such as the Kiwis Count reports and various Privacy Commissioner reports, informs this work.
Unlike the DFP, this work focuses on the social sector. It seeks to:
Information is shared within the social sector for a range of reasons. In addition to the Privacy Act, there are more than 70 sets of legislative provisions governing what can and cannot be done with personal information in the social sector. Have a look at the following document to see an illustration of the kinds of provisions that apply:
In large government agencies information is used and shared for a range of purposes in order to provide services. For example, have a look at this document showing ACC information flows:
Q: Why is personal information shared?
Personal information is currently shared among social service organisations for a number of reasons, some of which include:
Q: What types of personal information is currently collected, and for what?
A: Different types of personal information is currently collected and used by government, NGOs and other service providers, including:
Q: Who has access to personal information once it is collected?
A: Agencies have internal rules and procedures to ensure that only people who should see personal information are able to see it, including controls to prevent a conflict of interest.
Personal information may only be shared among social sector organisations if the law requires or allows it. Sharing may be allowed by the Privacy Act or by other laws. For example, if the information is being shared for the purpose for which it was collected, such as providing a service,or in order to prevent or lessen a serious threat to an individual’s life or health. The Privacy Act also provides for agreements between agencies known as approved information sharing agreements or information matching agreements. Check out the glossary below to find out more about these.
Q: Who oversees the collection and use of personal information to take care of New Zealander’s privacy?
A: State sector chief executives are ultimately accountable for the protection of privacy within their agencies. Departments are required to have Departmental Security Officers - who have responsibility for security, and all organisations are required to have Privacy Officers - who have responsibility for privacy-related matters. The government’s Chief Privacy Officer also has a role to build government’s capability in privacy and security management.
Service providers are responsible for appropriately protecting personal information they hold and generally have employees who have similar responsibilities to Departmental Security Officers and Privacy Officers.
If you have a concern, the first step is to address the issue with the agency or organisation concerned. You can ask to speak with their Privacy Officer. If you are unhappy with the response, you can contact the Office of the Privacy Commissioner for assistance(external link).
Q: What choice do individuals have about the use and sharing of their personal information?
A: In some cases individuals can obtain services without providing any personal information. For example, personal information does not have to be provided to use the National Sexual Violence Helpline. In other cases individuals can opt out of using the service and the sharing of their information. For example, a young person can opt out of the Youth (or NEET) Service, which connects young people with youth coaches and mentoring support by sharing young people’s information between schools and MSD.
Sometimes, with their consent, an individual’s information is shared with other government agencies or service providers in order for them to be provided a complete service. For example, they may be referred to a health specialist. In other cases individuals do not have a choice about their personal information being shared. For example where it is necessary to share information in order to prevent or lessen a serious threat to someone’s life or health.
Q: What is the consultation timeline for the Data Protection and Use Policy?
We expect to deliver a draft Data Protection and Use Policy to Cabinet in early-mid 2019. The public consultation period will be initiated following Cabinet approval of the draft policy for consultation. Details for the consultation will be published on this website. If you would like to receive an email notification when the consultation period is confirmed, please email us to request this.
Q: What is the role of Māori in this process?
A: We are actively engaging and working in partnership with Māori to build on and strengthen existing relationships and ensure that our work translates to positive social outcomes for Māori.
The Treaty of Waitangi and historic Treaty settlements have created opportunities for the Crown and Māori to engage and partner with each other on issues of mutual interest. This process represents one of those opportunities. It is important to explore ways we can work better together given Māori overrepresentation amongst social service users. We know that Māori, like other New Zealanders, have concerns about protection of personal information. We are also aware of other issues that Māori are concerned about, such as Māori data sovereignty and governance. We will actively engage with Māori to understand these issues, and explore the potential to work together in this area.
Q: What is the role of Pacific peoples in this process?
A: This process recognises the diversity of Pacific communities and explores the potential to work together. It is important to explore ways we can work better together given Pacific peoples’ overrepresentation amongst social service users. We will actively engage and work in partnership with Pacific peoples to build on and strengthen existing relationships, understand their concerns about the use and protection of personal information, and ensure that our work translates to positive social outcomes for Pacific peoples.
Q: What is the role of disabled people in this process?
A: We will actively engage and work in partnership with disabled people to build on and strengthen existing relationships, understand their concerns about the use and protection of personal information and ensure that our work translates to positive social outcomes for disabled people. It is important to explore ways we can work better together with disabled people given they are disproportionately affected by negative social outcomes.
Q: How have you ensured that you are talking to the right people?
A: A working group has been guiding the SIA’s work to support the engagement to be as wide, deep and effective as possible. The working group consists of individuals from social sector agencies, NGOs, peak bodies and the Office of the Privacy Commissioner. We also have Māori, Pacific peoples, and disabled people advisors and a client advocate. Engagement hui were held for invited and registered participants in 27 locations across New Zealand, we and will revisit many of these locations during the public consultation for the Data Protection and Use Policy. Organisations with existing relationships with service users have assisted by creating opportunities for direct engagement with service users.
Q: What else is the government doing in this area?
A: A number of government agencies are working to get a better understanding of how to practically focus on the wellbeing of New Zealanders and improve how they use and protect data.
This work includes Treasury’s Living Standards Framework(external link) and the Department of the Prime Minister and Cabinet’s (DPMC) child wellbeing work.(external link) The child poverty reduction bill will lead to the development of a child wellbeing strategy.
We are also coordinating with Oranga Tamariki, and the Ministry of Justice, as they develop codes of practice for information sharing in the areas of child safety and wellbeing and family violence.
When we come to develop the draft policy, we intend that it will complement existing work.
Q: What is the Social Investment Agency (SIA)?
A: The SIA is a small agency that looks right across the social sector. Our focus is on supporting better use of evidence to improve decision making across government in order to improve social outcomes. We work in partnership with other agencies and service providers to innovate and trial new ways of doing things. We co-ordinate, build, and share capability across the social sector.
Q: What’s the SIA’s role in this?
A: The SIA is taking the lead in developing this approach and policy on behalf of the social sector. Both of these will be owned and implemented across the entire social sector. The SIA will take a lead role in supporting agencies and service providers to apply the approach and policy, and monitor how they are implemented.
Agency : The Privacy Act 1993 defines ‘agency’ broadly to include both government agencies and private sector organisations. In these FAQs ‘agency’ has been used to refer to government agencies and NGO has been used to refer to non-governmental organisations providing social services.
Approved information sharing agreement : Allows personal information to be shared between or within agencies and providers without intruding on individuals’ rights, for the purpose of delivering public services. Find out more(external link) about approved information sharing agreements.
Confidentialisation : Applies statistical methods to information to reduce the risk that an individual, household, or organisation can be identified in the information. This can be done by combining responses into broader categories, as explained by Statistics NZ(external link).
Data : Facts and statistics collected for reference or analysis. Data may be qualitative (information that describes a topic rather than measuring it – for instance stories, opinions, attitudes or impressions) or quantitative (facts that can be measured and written down using numbers).
De-identification / anonymisation : The process of removing specific information from people’s data to reduce the risk of any individual, household or organisation being recognised in that data. De-identification typically includes, but is not limited to, removing names, exact dates of birth or death, and exact addresses. How much de-identification is needed depends on the nature of the data, its planned use, and the surrounding processes governing access to and use of that data.
Information matching agreements : An agreement which allows comparison of one set of records with another, to find records in both sets of data that relate to the same person. These agreements are subject to controls under the Privacy Act. Find out more(external link) about information matching agreements.
Linked data sets / data linking : Personal information in existing data sets can be used to link the datasets together. This results in a richer dataset which creates opportunities for more complex and expanded research. For example, data linking helped to identify the role of folate in pregnancy in reducing neural tube defects, such as spina bifida.
NGO : A non-governmental organisation that is funded or part-funded by government to provide social services.
Personal information : Information that can be used to identify a specific person. The Privacy Act defines it as information about an identifiable individual.
Secondary collection : When data is collected by government from NGOs or other government agencies, rather than collected directly from the individual concerned. Some of it will be personal information, some of it will not be. This information is collected to determine eligibility for some services, understand more about service users’ needs, what services they are receiving and what difference the services are making.
Service provider : Government agencies, NGOs and private organisations that provide social services.
Service user : A person who uses social services.
THE ENGAGEMENT AND CONSULTATION PROCESS