After 25 years’ service to the Office of the Privacy Commissioner, Assistant Commissioner Blair Stewart is retiring. For anyone with an interest in privacy law, this is significant and sad news. Blair’s contributions to the promotion of privacy within New Zealand and internationally are substantial and enduring.

Blair joined the Privacy Commissioner’s office in early 1993 in the lead-up to the enactment of the Privacy Act 1993. He has worked closely with three Privacy Commissioners, Sir Bruce Slane, Marie Shroff and John Edwards, providing intellectual rigour in his advice and support.

Codes of practice

One of Blair’s prime responsibilities has been the development of statutory codes issued under the Privacy Act. His first achievement came within six weeks of the new law in 1993 with the issue of an interim code of practice for health information. The interim Code was one of the first health privacy laws in the world and the first in a series of innovations marking Blair’s time with our office.

He also drafted and refined the Health Information Privacy Code 1994 which has proved to be a highly successful and flexible framework for handling often sensitive and critical information.

Within 24 hours of a declaration of a state of emergency in Christchurch, Blair worked to develop an emergency code. This meant the Office was able to issue the Christchurch Earthquake (Information Sharing) Code to enable those dealing with the emergency to share personal information to assist victims of the earthquake and their families, and help in the coordination and management of the response.

He also developed an ‘accountability model of regulation’ for credit reporting to maintain public trust in the transition to the comprehensive credit reporting system currently used.  

Blair’s responsibilities have included policy and legislative issues, oversight of government information matching and technology. In these roles he established systems for providing reasoned privacy input into the development of new laws and information matching programmes.

Review of the Privacy Act

One substantial task was to undertake a major review of the Privacy Act itself. The recommendations from that review in 1998 form a substantial input into the reforms in the current Privacy Bill. You’ll find that input in his 434 page Necessary and Desirable report.

International contribution

Blair has had a principal responsibility for our office’s international policy work. In that role, he played a major part in helping to secure a positive decision for New Zealand from the European Commission that our law provides an ‘adequate level’ of privacy protection to allow the free flow of personal data from the European Union to New Zealand for processing.

He has also been acknowledged internationally as a pioneer in developing and encouraging the practice of carrying out Privacy Impact Assessments to help organisations understand better the possible privacy repercussions of a new process, product or service.

Blair has also made a substantial contribution to work amongst other privacy regulators, both at regional and global level, and in working groups of international governmental organisations.

He played a key role in building the Asia Pacific Privacy Authorities (APPA) forum into a highly effective regional cooperation network and actively led a number of its projects. He helped establish the Global Privacy Enforcement Network (GPEN) and was an actively contributor for two decades to the International Conference of Data Protection and Privacy Commissioners (ICDPPC). Blair led multiple conference working groups and served as the ICDPPC Secretariat for three years. He helped develop APEC’s Cross-border Privacy Enforcement Arrangement (CPEA) and served for a number of years as a CPEA Administrator. He also served as a member of the United Nations Global Pulse Privacy Advisory Group

Blair will be missed as a colleague. In a year that marks the 25^th anniversary of the original Privacy Act, his departure marks the span of years from when our privacy law was enacted to the impending arrival of a new Privacy Act.

Image credit: Blair Stewart - OPC photo

Asia Pacific Privacy Authorities (APPA), Global Privacy Assembly (GPA), International, Europe