Go Back  PPRuNe Forums > PPRuNe Worldwide > The Pacific: General Aviation & Questions
Reload this Page >

What is CASA doing with your personal information?

The Pacific: General Aviation & Questions The place for students, instructors and charter guys in Oz, NZ and the rest of Oceania.

What is CASA doing with your personal information?

Old 20th Jul 2020, 12:49
  #1 (permalink)  
Thread Starter
 
Join Date: Mar 2000
Location: Canberra ACT Australia
Posts: 185
What is CASA doing with your personal information?

One of my ‘pet hates’ is CASA’s propensity to set up systems that are an insult to my intelligence and integrity. The latest of numerous examples is what I consider to be the unauthorised disclosure of my ASIC photo.

At my most recent medical examination for the purposes of the issue of my medical certificate I was surprised to see my ASIC photograph on the DAME’s computer screen. How did that get there, methought? The existence or otherwise of a photo of me in the DAME’s clinic has zero causal connection to my compliance or otherwise with the applicable medical standard. Thus it could not be there for the purpose of assessing my compliance with with the applicable medical standard.

Then it struck me: Of course! It’s because we’re all presumptive criminals who would send someone else to the medical exam to pretend to be us!

The good news is that, after I complained to the CASA Privacy Officer, the ASIC photograph that CASA took it upon itself to put in the MRS will not be made available to DAMEs who access the system. (Well, at least CASA has told me it won’t be....). I explained to the CASA Privacy Officer that most of my medical examinations in the past few decades were successfully completed without a photograph of me being present in the room, and that my DAME and I are capable, without CASA’s assistance, of ascertaining our respective identities.

The logic of CASA seems to have been that I have consented to the disclosure to DAME’s of any information CASA about me, whether or not relevant to assessing my compliance with the applicable medical standard. But the language of CASA’s consent and CASA’s explanation of it are ambiguous.

The full correspondence is below.

If you’re not a fan of the inexorably increasing overreach of CASA Avmed, drop an email to the CASA Privacy Officer and tell them you don’t want your ASIC photo disclosed DAMEs.

Message to CASA: When one party to a transaction does not trust the other, the mistrust is reciprocated. You don’t trust me (and my DAME)? I don’t trust you. Someone who is prepared to go to the extreme extent of sending a substitute to a medical exam will always work around your system. And maybe if your system had not evolved into the Frankenstein’s monster that it now is, far fewer people would be scared of it and wouldn’t be doing their utmost to avoid being entrapped by it.

(I pause for a moment to wonder what Avmed will do, next, to deal with the risk of an identical, teetotal twin from attending my medical examinations...)

I remind CASA of part of Dr Rob Liddell’s submission to the Aviation Safety Regulatory Review:
The dangerous result of CASA’s draconian regulatory measures is that now many pilots tell CASA as little as possible about any medical problems in order to protect themselves from expensive and repetitive investigations or possible loss of certification . Most pilots are responsible people and they have no desire to be in charge of an aircraft if their risk of incapacity is unacceptable. When their DAME and their specialist believe they meet the risk target for certification without endless further testing demanded by CASA and the advice of their own specialist is ignored by the regulator then the pilot’s lose confidence in the regulator.
Dr Liddell is, in my view based on my personal observation and experience, the only person employed by CASA in the last few decades to have sufficient expertise and experience to understand how medical certification properly integrates with and contributes positively to aviation safety.

My query to CASA:
Dear Privacy OfficerAt my most recent medical examination for the purposes of the issue of my current medical certificate, I was surprised to see, on the doctor’s computer screen, a copy of the photo on my Aviation Security Identification Card. The doctor was logged in to CASA’s Medical Record System.Are you able to explain how a photo I have supplied as part of an application for a card issued under legislation that is not administered by CASA can lawfully end up in CASA’s Medical Record System? In any event, for what purpose has that photo been put in CASA’s Medical Record System?RegardsClinton McKenzie[ARN deleted by me from PPRuNe for privacy reasons]
CASA’s initial substantive response:
Dear Mr McKenzie CASA's Privacy Policy explains how CASA collects, holds, uses and discloses personal information in accordance with the Privacy Act 1988 (the Act), and subsequently the Australian Privacy Principles (APP). APP 6 explains that — 6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless: (a) the individual has consented to the use or disclosure of the information; or (b) subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information. 6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if: (a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is: (i) if the information is sensitive information—directly related to the primary purpose; or (ii) if the information is not sensitive information—related to the primary purpose.On 17 January 2019 you signed an Application for Aviation Medical Certificate - Declaration (attached), which stated— I Mr Clinton Earl McKenzie - except as provided in CASR 67.180(5), authorise the disclosure to CASA and the examiner of any information about me that may help CASA to decide whether I meet the relevant medical standard, being information that is held by a person, organisation, body or authority referred to in CASR 67.180(6). I also authorise CASA to disclose to any DAME that has assessed me, any medical or other information about me. The Privacy Notice on the declaration also explains that— CASA is collecting the information on this form for the purpose of assessing an application by you for a medical certificate. This is required by Part 67 of the Civil Aviation Safety Regulations 1998. The form and any associated medical reports or documents are provided to CASA by a designated aviation medical examiner (DAME). The form will be stored by CASA in medical files for each ARN holder who applies for or seeks renewal of a medical certificate in a Medical Records System (MRS). The form and associated documents are accessible by officers of CASA's Office of Aviation Medicine. The documents may be provided, when required, to other officers of CASA, such as the Legal Affairs, Regulatory Policy and International Strategy Branch. CASA will provide the forms and associated documents to medical specialists where a review of medical issues raised in the reports is necessary. It may also disclose them to recreational aviation administration organisations to facilitate their responsibility for overseeing sport and recreational activities. By signing this form, you authorised CASA to disclose your personal information to any DAME, not limited to medical records, for the purpose of assessing your medical certification. I do however note that the declaration does not explicitly identify the disclosure of a photograph that is being held on CASA's database for a purpose secondary to medical certification. Therefore, I do not consider APP 6.1(a) to be applicable. For the purpose of APP 6.2(a) I do consider that your authorisation to disclose to any DAME any medical or other information about you does satisfy the test that as the individual, you would reasonably expect CASA to use or disclose personal information held by CASA that are not medical records.Moreover, on 8 February 2018 you signed your ASIC Renewal Application (attached). This form attached the photograph that is the subject of your concern. This application explains that— By making this application, you consent to CASA collecting, using and disclosing your personal information as set out above. The Applicant Certification of the form, signed by you, states— I, Clinton Earl McKenzie consent to CASA using and disclosing my personal information in accordance with the Privacy Act (including giving information to Commonwealth and State government agencies for the purpose of obtaining criminal records and other background checks). Again, while I do not consider that your authorisation explicitly involved disclosure of personal records to your DAME, I do consider your authorisation satisfies the test that as the individual, you would reasonably expect CASA to use or disclose the personal information provided on the form for a secondary purpose under APP 6.2(a). You raised a concern with "how a photo I have supplied as part of an application for a card issued under legislation that is not administered by CASA can lawfully end up in CASA’s Medical Record System". At the time of your ASIC Renewal Application on 8 February 2018, CASA was an ASIC issuing agency. Please be aware that also at the time of your application, Aviation ID Australia were contracted to process these applications on behalf of CASA for the purpose of the flight crew licensing requirement that licence holders attain an ASIC to be able to exercise their licensing privileges. The application form clearly identifies that all authorisation is provided to CASA. CASA did not cease its function as an issuing agency until early-2020, two years after the date of your application. The photograph used is the photograph provided to CASA as personal information under that application.For the purpose of APP 6.2, the Act defines sensitive information to include— (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification. A photograph is biometric information and therefore, I consider APP 6.2(a)(i) to be applicable. Civil Aviation Safety Regulation (CASR) 67.170 explains that— (1) If a person submits to a relevant examination by a DAME or DAO, the DAME or DAO must ask the person to produce evidence of his or her identity before finishing the examination. (2) The evidence must include a photograph of the person. (3) However, subregulation (1) does not require the DAME or DAO to ask the person to produce the evidence if the DAME or DAO knows or reasonably believes the person is who the person claims to be.A DAME may not consult with an applicant for the purpose of assessing an application for a medical certificate under CASR Part 67 unless the DAME is reasonably satisfied of the applicant's identity. CASA's purpose as an issuing agency of your ASIC related to issuing your flight crew license under CASR Part 61. A flight crew licence holder is required to attain a current ASIC and medical certification to be able to exercise their Part 61 privileges. I consider that the photograph was collected for the primary purpose for you to exercise privileges of your flight crew licence, ensuring the regulation of safe air navigation (the primary purpose). The photograph was disclosed for the secondary purpose of providing the DAME with relevant biometric information to satisfy the DAME that you are who you claimed to be and that the DAME accessed the correct file for the purpose of assessing an application by you for a medical certificate (the secondary purpose). An individual would reasonably expect discloser of personal information of a sensitive nature to occur for a secondary purpose of this nature, as the primary purpose cannot be exercised in the absence of the secondary purpose. Therefore, for the purpose of APP 6.2(a)(i), I consider your DAME's access to your biometric information for the secondary purpose to be directly related to the primary purpose. While CASA has complied with its duties as an APP entity under the Act, I understand from your email that you do however have concerns with your DAME being able to view your photograph through MRS. The capability to modify your DAME's access to your photograph on MRS file is available and may be disabled if you wish. Please confirm if it is your preference. I look forward to hearing from you. The content in this email has been cleared by Branch Manager, Advisory and Drafting. Kind regards[Name and contact details provided by CASA author, but deleted by Clinton McKenzie for this post.]
My response:
Hi [x]

The substance of the consent in the application form for a medical certificate is disclosures for the purpose of ascertaining compliance or otherwise with the medical standard. The content of my ASIC photograph is entirely irrelevant to that purpose.

You seem to be construing the words “or other information about me” as authorising the disclosure of information that is not relevant to ascertainment of my compliance with the medical standard. Is that your construction?

The reason I am confused is that you say:“By signing this form, you authorised CASA to disclose your personal information to any DAME, not limited to medical records, for the purpose of assessing your medical certification.“ I agree.

And the disclosure of the content of my ASIC photograph is self-evidently not “for the purpose of assessing [my] medical certification”. I have been assessed many times over the decades for the purpose of medical certification, and those assessments were done without a photograph of me being present in the room.

Please arrange for the modification of my DAME’s access to the MRS so that the photograph is not visible to the DAME. My DAME and I are capable, without CASA assistance, of ascertaining our respective identities.

Regards

Clinton McKenzie

[ARN deleted by me from PPRuNe for privacy reasons]

CASA’s reply:
Your aviation medical file was modified yesterday afternoon and your photograph is no longer visible (see attached).

Moreover, as explained in my email, I am not satisfied that you signing the declaration that authorised disclosure of personal information other than your medical records was sufficient consent under APP 6.1(a) for your photograph to be used for the purpose of your medical assessment. It appears that we share this same view.

I have taken the position that, for the reasons explained in my email, the photograph was used for a secondary purpose under APP 6.2(a)(i).

As your photograph is no longer visible on your medical file, no further action is required and I trust that your concern has been addressed.

Kind regards

[Name and contact details provided by CASA author, but deleted by Clinton McKenzie for this post.]

Last edited by Clinton McKenzie; 20th Jul 2020 at 13:03.
Clinton McKenzie is offline  
Old 20th Jul 2020, 21:38
  #2 (permalink)  
 
Join Date: Jul 2010
Location: sydney
Posts: 1,449
Clinton,

I think the DAME viewing your Photo is the least of your worries.
It became apparent to me that anyone down to the tea lady, can access your medical files within CASA.
Whatever happened to the notion of doctor patient confidentiality?
That begs the question of what else in your CASA records is freely accessed, which could be passed to
entities outside CASA, as happened to me.
If you apply for an AOC for example you are required to disclose your financial records. Are these passed to other entities?
1984 is rapidly approaching I fear.
thorn bird is offline  
Old 21st Jul 2020, 00:30
  #3 (permalink)  
 
Join Date: Apr 2008
Location: Australia
Posts: 456
I think the DAME viewing your Photo is the least of your worries.
Agree. I doubt the CASA MRS system complies with security and privacy requirements for holding sensitive medical information.

As originally implemented, it allowed your employer (if you used a work email address) or your ISP to access your medical records. Some extra controls have been put in place and it's some time since I last used it so I don't know the current status. I would be surprised if there has been an independent audit of the security.
andrewr is offline  
Old 21st Jul 2020, 08:42
  #4 (permalink)  
 
Join Date: Jan 2002
Location: australia
Posts: 1,403
Your ASIC image/photograph on/in your Avmed file.
Having having had a CAsA person breach the privacy of CAsA docs to get my pvt mobile number and thus be able to make an anonymous call of obsenities and a bash threat.
As soon as I saw an ASIC photo in the medical system, my complaint was privacy could be breached so the CAsA phone caller who was going to get others to do the bashing would get a copy to make sure they get the right target as threatened.
The ASIC picure was for a security clearance..so WTF has it to do with yr medical record.?
Altho it was removed at request from the AvMed site, I'll bet it is still elsewhere in the paperwork, and still available for any breach of privacy.
Any docs etc about your self... CAsA keeps no record of who infringes their privacy protocols of your material/docs.
aroa is offline  
Old 21st Jul 2020, 09:22
  #5 (permalink)  
Thread Starter
 
Join Date: Mar 2000
Location: Canberra ACT Australia
Posts: 185
I obviously don’t care about a DAME “viewing a photo of me”, thorn bird and andrewr. I have shown a DAME the photo on my driver’s licence to ‘prove’ my identity. That’s a matter between my DAME and me.

I do care about what CASA chooses to do with personal information it has about me.

I do care about the mindset of whoever it was who came up with the idea of disclosing to DAMEs a copy of a photo that someone submits for the purpose of obtaining an ASIC, when the photograph has no causal connection with compliance with the applicable medical standard. It is just another manifestation of what I consider to be overreach.

People with a zealous commitment to making everyone ‘safer’ and more ‘secure’ come up with these ideas, which only inconvenience the law-abiding at great cost. If we don’t challenge them and curb some of these behaviours when we can, it will only continue.

The security of records kept by CASA is a related but different risk.

Last edited by Clinton McKenzie; 21st Jul 2020 at 22:58.
Clinton McKenzie is offline  
Old 21st Jul 2020, 11:29
  #6 (permalink)  
 
Join Date: Aug 2004
Location: Melbourne, Australia
Posts: 8,414
...........and I get attacked when I suggest ADSB can be used as a harassment and enforcement tool......

‘’Any information stream given to any authority will be misused unless there are legislative legal prohibitions against it.

This is not a new problem.

I suspect Pilots will now be wondering what Avmeds response to Covid19 will be. Some will perhaps avoid testing out of fear for what that response might be.
Sunfish is offline  
Old 21st Jul 2020, 11:53
  #7 (permalink)  
 
Join Date: Apr 2008
Location: Australia
Posts: 456
I suspect you would be upset if someone else's medical problems were entered into your records. I am sure it would be much harder to erase than it was to enter.

Some people have the same name.
Some people have the same name and date of birth.
Some people have the same name and live at the same address.*
Some people have the same name, and none of them live at the addresses on file.

This is why CASA use an ARN. The DAME needs to make sure they are entering information into the correct file. Using a photo already linked to your ARN (which you provided for the purposes of identifying yourself) seems like a good idea to me.

* I know two brothers who married girls with the same first name. For a time, they all lived at their parents. The amount of confusion this caused everywhere that used name and address to identify people (including the doctor) was a running joke. It's funny when you're young and healthy. Once you have some medical history and need it to be in the correct file it becomes more significant.
** I also know a guy where the family tradition is that all males have the same first name, and everyone goes by their middle name. This too causes predictable confusion.
andrewr is offline  
Old 21st Jul 2020, 12:14
  #8 (permalink)  
 
Join Date: Aug 2004
Location: Melbourne, Australia
Posts: 8,414
Andrew, the photo doesn’t have to be linked to your ARN in CASA records for that to happen. The ARN and photo are linked in the ASIC files. It is sufficient for a DAME to make the link.

Furthermore, the problem of updating multiple copies of the same data in separate databases is NOT trivial. CASA is actually making problems for itself in hovering up data.
Sunfish is offline  
Old 21st Jul 2020, 12:33
  #9 (permalink)  
 
Join Date: Apr 2008
Location: Australia
Posts: 456
The DAME needs to be sure they are updating the record for the correct person. A photo attached to that record seems like a useful check.

As you say, multiple databases cause additional problems, particularly for foreign names that may not follow the same pattern as English names. If Clinton McKenzie presents an identity document for:
Clinton MacKenzie
McKenzie, Clinton
Clinton Mc Kenzie
Mc, Clinton Kenzie
Clinton Kenzie, Mc
Kenzie, Mc, Clinton
... just to pick some patterns that might be applied to a foreign name, would you accept it? A photo allows you to be more sure and more importantly, reduce mistakes.

https://www.kalzumeus.com/2010/06/17...e-about-names/
andrewr is offline  
Old 21st Jul 2020, 15:19
  #10 (permalink)  
 
Join Date: Mar 2005
Location: America's 51st State
Posts: 217
I had the exact issue andrewr refers to on my last medical. Despite a “normal” ECG when undertaking my Class 1 medical, I was more than surprised/concerned to receive documents from CASA AVMED requiring me to see a cardiologist & obtain a Stress Echocardiogram due to abnormalities identified in my ECG. The end result being that AVMED were assessing another person’s ECG (same surname as mine) that did have an issue.

No apology, no nothing & the person who really did have the ECG issue is probably blissfully flying around totally unaware he has an issue...
VH-MLE is offline  
Old 21st Jul 2020, 18:23
  #11 (permalink)  

Victim of a bored god

Moderator
 
Join Date: Jan 1996
Location: Utopia
Posts: 6,665
You never know who may disclose personal information..................


tail wheel is offline  
Old 21st Jul 2020, 23:05
  #12 (permalink)  
Thread Starter
 
Join Date: Mar 2000
Location: Canberra ACT Australia
Posts: 185
Originally Posted by VH-MLE View Post
I had the exact issue andrewr refers to on my last medical. Despite a “normal” ECG when undertaking my Class 1 medical, I was more than surprised/concerned to receive documents from CASA AVMED requiring me to see a cardiologist & obtain a Stress Echocardiogram due to abnormalities identified in my ECG. The end result being that AVMED were assessing another person’s ECG (same surname as mine) that did have an issue.

No apology, no nothing & the person who really did have the ECG issue is probably blissfully flying around totally unaware he has an issue...
In other words, CASA’s ARN system and its records management system are not foolproof. The existence of your photo in MRS did not prevent the mistake being made.

The more important point is that most of the medical information should not be there in the first place. It is only there because over-reaching non-specialist medical bureaucrats have decided they know better than, and want to second-guess, the professional judgments of specialists.
Clinton McKenzie is offline  
Old 22nd Jul 2020, 02:09
  #13 (permalink)  
 
Join Date: Oct 2005
Location: Australia
Posts: 885
Clinton was this before or after the Auscheck Regulations (2017)?

CASA were not an issuing body, they handballed all that to a third party (who was then hacked by a fourth party, who has all your information including photo as well) thankfully the link on their page now goes to a list of all ASIC providers, rather than just the one they picked with no tender process at all.



Clare Prop is offline  
Old 22nd Jul 2020, 03:30
  #14 (permalink)  
 
Join Date: Aug 2004
Location: Melbourne, Australia
Posts: 8,414
Clare Prop:

Clinton was this before or after the Auscheck Regulations (2017)?

CASA were not an issuing body, they handballed all that to a third party (who was then hacked by a fourth party, who has all your information including photo as well) thankfully the link on their page now goes to a list of all ASIC providers, rather than just the one they picked with no tender process at all.
I wondered why I was getting spam that quoted my ARN.
Sunfish is offline  
Old 22nd Jul 2020, 10:59
  #15 (permalink)  
Thread Starter
 
Join Date: Mar 2000
Location: Canberra ACT Australia
Posts: 185
It was after 2017. My photo wasn’t on the DAME’s computer screen during any of the previous frustrating ‘interactions’ I’ve witnessed between a DAME and CASA’s MRS.
Clinton McKenzie is offline  
Old 22nd Jul 2020, 14:21
  #16 (permalink)  
 
Join Date: Apr 1998
Location: Mesopotamos
Posts: 1,387
I too was surprised when my ASIC photo was pulled up on the system when I went for my medical but for a different reason. It was quite an old photo and I actually looked good back then.

The Privacy Act is a bit of a wishy-washy instrument. Rather than use words like "must" and "must not" throughout they intersperse words like "could" and "shouldn't" in there which can make interpretation difficult. Then there are the built-in exemptions, often on condition and/or jurisdiction.

Outsourcing is also big in government, and many private companies handling matters on the government's behalf are completely ignorant of our Privacy Act even though they pretend they are experts, even government employees can be ignorant. Many of these people often make the mistake of sending confidential, sensitive and private information by internet e-mail which is not secure.

The OAIC tend to only go for the big fish as processing requests is expensive. My own experience with privacy breaches has been to deal with people making the breach kindly and educate them where their failure occured in the Privacy Act and highlight the consequences of not complying, often this works well enough, unfortunately not all the time.



cattletruck is offline  
Old 25th Jul 2020, 13:53
  #17 (permalink)  
 
Join Date: Aug 2004
Location: Melbourne, Australia
Posts: 8,414
Cleared to enter. An automatic infringement generator is a trivial bit of software. I’ve written non trivial applications in VB (don’t laugh) many years ago.

For each bit of restricted or controlled real estate the logic is simply (for a rectangular volume of CTA):

1000:’IF lat > min lat AND lat < max lat AND lon > min long AND long < max long AND alt > min alt AND alt < max alt AND NOT flight = “IFR’ THEN Ping = “you are nicked” GOTO credit card

I’m sure c++ is more elegant, but it’s that simple.

‘’When information streams like this are available, Government cannot resist the temptation to use them unless prohibited by strong legislation - which we haven’t got.






Sunfish is offline  
Old 25th Jul 2020, 20:44
  #18 (permalink)  
 
Join Date: Jul 2005
Location: Earth
Posts: 208
The GA 'Tell No One Nuffink' principle has worked very well for a long long time. You have to tell CASA some stuff, but just the bare minimum please and as with the tale of the ASIC photo above, delete what you can.
The Wawa Zone is offline  
Old 25th Jul 2020, 23:31
  #19 (permalink)  
 
Join Date: Aug 2004
Location: Melbourne, Australia
Posts: 8,414
Off topic, but One use of photographs - which is illegal in employee selection, is to discriminate on the basis of color, race, age and good looks. I can’t think why CASA would want a photo. The ARN is the index data. Anything else, as AndrewR explains is subject to amendment.
Sunfish is offline  
Old 26th Jul 2020, 01:08
  #20 (permalink)  
Thread Starter
 
Join Date: Mar 2000
Location: Canberra ACT Australia
Posts: 185
I can’t think why CASA would want a photo. The ARN is the index data.
Because you can send someone to undergo your medical examination in your place, armed with your ARN. All that quoting an ARN proves is that the person quoting it knows that number.

As explained by CASA in the corro I quoted, CASR 67.170 says "(1) If a person submits to a relevant examination by a DAME or DAO, the DAME or DAO must ask the person to produce evidence of his or her identity before finishing the examination. (2) The evidence must include a photograph of the person. (3) However, subregulation (1) does not require the DAME or DAO to ask the person to produce the evidence if the DAME or DAO knows or reasonably believes the person is who the person claims to be."

You will see that the regulation quoted by CASA anticipates a concept that seems to me to have been lost to CASA Avmed: A thing called "trust" of and between doctors and their patients.

CASA has taken it upon itself to use photographs supplied for one purpose (ASIC applications) for another purpose (medical examination ID), and the basis for that decision seems to me to be that medical certificate applicants and DAMEs can't be trusted.

However, as you can see from my corro, you can ask CASA not to disclose your ASIC photo to DAMEs and it seems that CASA will restrict the use of the photo accordingly. Of course, others may not care less what CASA does with the photo. That's their decision.

Last edited by Clinton McKenzie; 26th Jul 2020 at 06:42.
Clinton McKenzie is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.