Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Privacy Commissioner blog
Privacy Act to be strengthened
Privacy Forum 2014
New Zealanders more concerned - privacy survey
Data Safety Toolkit
Proposed amendment to credit reporting changes
World online privacy law library gets capacity boost

Privacy Commissioner blog

The Office now has a blog which we will keep up-to-date regularly. Visitors to our website and others who follow the work of the Office will be able to stay informed about our activities through frequent and topical posts. There are already a number of entries including one by the Privacy Commissioner on his first 100 days in the job. You can give us your feedback on each post by leaving comments.

We are considering using the blog as an alternative to Private Word in future. This has the benefit for you of being able to get more regular updates from us on the things we do that matter to you. Please check out the blog and let us know what you think of it. You can find it via our homepage or by going directly here: http://privacy.org.nz/blog/

Privacy Act to be strengthened

A strengthened and updated Privacy Act will give New Zealanders more power over their information and give the Privacy Commissioner better tools to deal with challenges posed by the digital information era, says Privacy Commissioner John Edwards.

Mr Edwards welcomed the Government’s proposals to reform the Privacy Act and says it makes the law more equal to the task of protecting New Zealanders' personal information.

Justice Minister Judith Collins made the law reform announcement on 28 May. Her statement is here. http://www.beehive.govt.nz/release/privacy-law-changes-strengthen-protection

Key proposals include:

  • Mandatory reporting: Organisations will have to report data breaches to the Privacy Commissioner, and notify affected individuals in serious cases.
  • New offences and increased fines: Actions such as failing to notify the Commissioner of a privacy breach or impersonating someone to obtain their personal information will be illegal and carry a fine of up to $10,000. Existing maximum fines (for example, for obstructing the Commissioner) will increase from $2,000 to $10,000.
  • Enhanced powers: The Privacy Commissioner will have new powers, such as the ability to issue compliance notices. The Commissioner’s current power to independently decide to investigate a privacy issue will be enhanced.
  • Guidance and clarity: The Office of the Privacy Commissioner will provide more guidance about how to comply with privacy laws. Also, technical improvements to the Act will make it clearer and easier to understand.

The Privacy Act reforms are the culmination of a process that began with a four-year-long Law Commission project to review privacy, resulting in comprehensive recommendations in its 2011 report.

“These reforms will power up our privacy law to bring it more in line with world class standards of protection that New Zealanders are entitled to expect,” Mr Edwards said.

“Since the Privacy Act was passed 20 years ago, we have seen huge technology-driven changes. The Law Commission report recognised that individual New Zealanders have countless new opportunities from technological developments, but that there are also real risks.”

“People's information can be lost or hacked; organisations collect huge amounts of our confidential information and then fail to protect it; individuals can breach others’ privacy by highly offensive internet postings. The law needs to be flexible and strong enough to be able to deal with these kinds of problems.”

The Privacy Commissioner would be able to make binding decisions on complaints where a person has asked for information about him or herself and has been refused.

In another change, the privacy complaints process would be streamlined, allowing for groups of people to bring "representative" complaints - similar to class actions.

Privacy Forum 2014

This year’s Privacy Forum during Privacy Week (4-10 May 2014) was attended by over 200 people and received positive feedback. The half-day event was held at the Intercontinental Hotel in Wellington

Speakers included:

  • Ian Fletcher of GCSB
  • Martin Cocker of Netsafe
  • Val Hooper of Victoria University
  • Colin MacDonald, Government Chief Information Officer
  • Ryan Ko of Waikato University
  • Ruth Russell of Ernst & Young
  • Miriam Lips of Victoria University
  • Graeme Osborne of the National Health IT Board.

Videos of the speakers’ presentations are available on the Office of the Privacy Commissioner’s YouTube channel: https://www.youtube.com/user/PrivacyNZ or copies of the presentations are available here.

New Zealanders more concerned – privacy survey

Half of all New Zealanders (50%) report becoming ‘more concerned’ about privacy issues over the last few years, a new survey by the Privacy Commissioner shows.

It is the highest level yet recorded in that category in the tracking survey conducted by the Privacy Commissioner (40% reported becoming more concerned in the 2012 survey).

The proportions of young people saying they have become more concerned also increased to 50 percent (increase of 17%).

The survey is based on a nationwide survey of 750 people aged 18 years and over and was carried out from 13-17 March 2014. The margin of error for a sample size of 750 for a 50% figure at the 95% confidence level is +/- 3.6 percent.

The two-yearly UMR individual privacy & personal information survey was released to coincide with Privacy Week.

See the full survey results.

Data Safety Toolkit

An online Data Safety Toolkit is now available to help organisations prevent and deal with data breaches.

The Data Safety Toolkit includes real life case studies as well as tips from a data safety workshop and advice on what to do when a breach happens. The launch of the toolkit took place during Privacy Week (4-10 May).

Notifying the Privacy Commissioner of serious breaches demonstrates that your organisation is being responsible and proactive. The Privacy Commissioner is able to provide advice or guidance to your organisation that may be helpful in responding to a breach.

Proposed amendment to credit reporting charges

The Privacy Commissioner is proposing an amendment to the Credit Reporting Privacy Code that would limit the amount credit reporters can charge individuals who want immediate access to their credit information.

The amendment has been prompted by an inquiry by the Office of the Privacy Commissioner into Veda Advantage’s practice of charging customers $51.95 for urgent requests for personal information. The Commissioner found that this substantially exceeded what was reasonable to charge consumers.

Credit reports are usually to be made available to the individuals free of charge unless the individual concerned requests that the information be made available within five working days in which case a  ‘reasonable charge’ may be made.

The proposed amendment will

  • set the maximum amount a credit reporter may charge at $7.90 (plus postage or courier delivery charges where applicable); and
  • require credit reporters to make this charging limit clear to individuals on their websites.

The report into Veda Advantage’s charge for urgent requests for credit information is available here.

World online privacy law library gets capacity boost

A world leading online resource for privacy law is undergoing a major expansion.

The World Legal Information Institute’s International Privacy Law Library (WorldLII) contains the largest freely accessible and searchable collection of privacy law materials in the world.

Professor Graham Greenleaf, Co-Director of the Australasian Legal Information Institute (AustLII), says the expansion was made possible by a grant from the New Zealand Privacy Commissioner of surplus funds from last year’s APEC Privacy Enforcement Workshop in Auckland.

The library enables online searches over more than 30 specialised privacy law databases, as well as incorporating search results of privacy cases from numerous other databases of general court cases, legal articles and legislation.

“We’ve updated the existing collection of materials to incorporate new series from Europe, North America, Africa, the Pacific and Asia, as well as several specialised international series of opinions and guidance papers,” Professor Greenleaf said.

More datasets will be added throughout 2014. AustLII has extended a standing invitation to privacy enforcement and data protection authorities to add their case report series to the library, at no cost to them. “We would like the Library to become as comprehensive of as many sources of privacy law as possible.”

The International Law Library can be found here: http://www.worldlii.org/int/special/privacy/