Police information requests should never be routine.
Most people assume their relationship with their bank is of a confidential nature. They probably do not imagine it to be as strict and shrouded in secrecy as that associated with Swiss banks, but surely take it for granted that a high premium is placed on their privacy. That, however, is not always so in at least one aspect. Banks are daily supplying the police with personal banking information on the basis that this helps the "maintenance of the law" - an exception in the Privacy Act to confidentiality rules. Sometimes, those police requests are influencing how a bank treats its customers in terms of lending or general services.
This consequence of banks routinely handing over personal information to the police without a search warrant has been highlighted during the Kim Dotcom saga. His application for a $4 million mortgage was declined after the police asked Kiwibank for his records. According to a Kiwibank spokesman, the bank "takes any approach from the police seriously and, as a prudent lender, would consider any such approach as part of its overall assessment of any banking relationship". In effect, the request for information about Mr Dotcom was taken as a sign of looming trouble, and a loan, already approved, was withdrawn.
Such assessments bode ill for customers who seek a loan or suchlike without even knowing they have been the subject of a police request. Some may find themselves off limits even though the police interest may have been fleeting or inconsequential. Clearly, there are areas in which the police have a valid reason for seeking such information - identity theft, hacking and business fraud, for example - but in some cases the police may simply be undertaking a non-specific "fishing expedition". Whatever the motivation, the banks do not seem to exercise sufficient differentiation.
The decision to release information lies entirely with them. Obviously, account details and contact information should not be released lightly, given they could be passed to other agencies, such as Inland Revenue and the Ministry of Social Development, or even end up overseas for use in foreign court orders. The Banking Association's code of practice reinforces this by outlining "a strict duty to protect the confidentiality of all our customers' and former customers' affairs". But Kiwibank's statement that the police seek information as part of daily routine tells its own story about their expectation it will be supplied.
Bank customers would surely feel a little more comfortable if each bank had a publicly notified protocol for dealing with such requests. Among other things, this would ask the police to specify what information they were seeking about an individual, and why disclosure was necessary for the "maintenance of the law". This would allow banks to make a reasoned response, and put an end to fishing expeditions - and the unintended and unfair consequences for some customers.
Even more protection would be afforded customers if the police had to obtain search warrants to gain access to personal banking information. But that would put them to unwarranted trouble in cases of life and death, such as locating a missing person. In such cases, the use of an account can provide an important clue to whether a person is still alive and his or her whereabouts.
It is clear, however, that banks need to be more careful about handing over personal information to the police. They must make it their business to assess whether a request constitutes a valid reason for sidelining the Privacy Act. Centuries of banking tradition and practice demand that this should never be a routine transaction.