Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.


2 August 2011

Privacy Commissioner Marie Shroff welcomed the Law Commission's recommendations on internet and technology issues.

'Technology has transformed the social, political and business landscape in the 18 years since the Privacy Act was passed. The existing law has had to adapt to huge changes. People, businesses and their information are facing new challenges online,' said Marie Shroff.

The Law Commission looked at this in detail in its 4-year, 4-stage project reviewing privacy. 'Our law is flexible and technology-neutral, and that has been to our benefit. But new risks have emerged due to the way personal information is electronically amassed, stored and shared - by individuals as well as by businesses', said Marie Shroff.

'These targeted changes are timely and necessary. They will give certainty to business and give individual New Zealanders confidence that risks can be minimised,' Marie Shroff said.

'The changes should enable us to tackle concerns with the right set of tools. It's a case of using modern tools to fix modern problems. For instance, one proposal is a low-cost, low-resource suggestion of a compliance notice that would target those agencies that persistently flout the law,' said Marie Shroff.

Another change would see groups of people able to bring 'class actions' and privacy complaints. 'This recommendation reflects the reality of many privacy breaches nowadays. We see plenty of instances, such the Sony Playstation data breach recently, when thousands of people are affected by one event. We urgently need to have an efficient way of tackling those systemic problems', said Ms Shroff.

'Technology change has thrown down some challenges - particularly when it comes to keeping confidential data secure. The Law Commission has recognised that occasionally things do go wrong and personal data is lost or hacked into. At the moment, people are not necessarily told, and so are put at risk of identity theft or other harm.

'The Law Commission recommends that people must be told if there is a serious data breach that affects them, enabling them to take steps to protect themselves, like cancelling a credit card. What is proposed is moderate, and uses a risk-based approach. I think the Law Commission has got the balance about right,' said Marie Shroff. She noted that responsible businesses would see very little change, but those holding large stores of personal data needed to be aware that notifying customers of losses of information reflected modern consumer expectations.

Loopholes that exist at the moment around the publication of highly offensive material online would be closed under the new proposals. 'We know of cases, for instance, where people have posted intimate photographs of former partners online, and as the law currently stands, there is very little we can do about that', said Ms Shroff. People would in future be able to complain about offensive internet postings about them and have material taken down.

Two new offences are proposed that would make it illegal to impersonate or intentionally mislead someone in order to gather personal information. 'Recent events like the News of the World scandal underline the need for these sorts of laws,' said Ms Shroff.

Other changes proposed in the review include regulating surveillance, interception and tracking through a new Surveillance Devices Act. It would also be an offence to knowingly destroy documents.

'New Zealand business has opportunities in technology and data processing - partly due to our time zone, and developments in ‘cloud computing'. I know business people are struggling at times to get their heads around complex cross border laws and to satisfy international customers that our privacy law is up to scratch. These proposals would bring our law into line with international best practice, enable greater cooperation between privacy authorities, and would ensure New Zealand could opt into the APEC cross-border privacy rules in the future', said Ms Shroff.

Clearer rules would mean businesses sending data overseas could be certain where responsibility for the information would lie.

The report also proposed that people should have the right to be anonymous, or use a pseudonym, when that is lawful and practicable.

The Law Commission has recommended a statutory 'Do-Not-Call' register, to stop unwanted direct marketing calls.

ENDS

For more information contact: Annabel Fordham: 021 509 735.

Copies of all the Law Commission's reports on privacy are available at: www.lawcom.govt.nz