Outreach and communications
- Our regular UMR survey in March 2014 showed the highest level of concern about privacy and personal information handling since the survey began in 2001. Half of all New Zealanders say they have become ‘more concerned’ about privacy issues over the past few years.
- We received over 8,000 enquiries from members of the public and organisations seeking guidance on privacy matters. That number was down from over 9,000 the year before.
- We received 287 media enquiries covering a wide range of topics, including the GCSB Bill and surveillance related issues; the debate about an individual’s right to be forgotten; the new Privacy Commissioner; and upcoming privacy law reforms.
- The Commissioner and senior staff delivered 59 speeches and presentations during the year to a wide range of audiences.
- The Office delivered 39 training and education workshops and seminars to members of the public and stakeholder groups.
- We appointed a full-time communications adviser, enhancing our ability to respond to media requests and to develop our social media and website content.
Complaints and investigations
- We received 725 complaints from members of the public. We closed 80% of all complaints received within nine months.
- We completed a joint investigation with the Ombudsman on the Earthquake Commission’s (EQC) handling of information requests in the aftermath of the Canterbury earthquakes. The report found EQC had failed to comply with its Official Information Act and the Privacy Act obligations to provide information to requesters in a timely manner. EQC accepted the recommendations and took steps to implement them.
- The Office conducted an own motion investigation into credit reporter Veda Advantage’s charge for urgent requests by consumers for access to their own credit information. The investigation concluded that Veda’s current charge of $51.95 for urgent requests was unreasonable. The Credit Reporting Privacy Code was amended accordingly and Veda has complied with the change.
Policy and technology
- The Government accepted the major Law Commission’s recommendations for change to the Privacy Act. We continued to work closely with Ministry of Justice officials on the reforms and in the drafting of a new Privacy Bill.
- We made a submission to the Social Services Committee select committee on the proposal to create Child Harm Prevention Orders within the Vulnerable Children Bill.
- We supported the work of the New Zealand Data Futures Forum report on its efforts to build a strategic vision for New Zealand’s digital future.
- The Government Chief Privacy Officer role was established during the year and the Office is collaborating closely in furthering our complementary aims.
- The first two information sharing agreements were authorised. They are between Inland Revenue - Department of Internal Affairs, and between Inland Revenue - New Zealand Police. The Privacy Amendment Act 2013 allows government departments to reach information sharing agreements, which are authorised by an Order in Council.
- The Office gained an advisory position in the National Health IT Board’s Health Information Governance Expert Advisory Group. The Advisory Group is working to develop a Health Information Governance Framework.
- The Office has reviewed and reported on three electronic health record initiatives to assess how successfully they deal with privacy issues.
- We continued to receive a significant number of data breach notifications throughout the year. We have noticed a growing responsiveness by business and government to the reputational benefits of notifying clients when things go wrong.
- Government organisations continue to make up the largest single sector reporting data breaches. The health and business sectors were also significantly represented.
- The most common types of breaches notified were electronic or physical information sent to the wrong recipients.
- In July 2013, we hosted the 39th Asia Pacific Privacy Authorities forum in Auckland and participated in the 40th and 41st forums in Sydney and Seoul. The APPA Forum is continuing to build its importance in the region. Singapore is the most recent authority to join.
- At the same gathering, we hosted an APEC Data Privacy Subgroup capacity building workshop. The event drew more than 70 participants from 15 APEC economies as well as Europe and other countries.
- The European Commission reached the decision in December 2012 that New Zealand’s law provides an ‘adequate level of data protection’ for the purposes of existing EU law. The EU law is now under review and due to be replaced by new regulations. We continued efforts to ensure that European officials understood the need for a smooth transition of these adequacy decisions into any new regime.
- In May 2014, we participated in the Global Privacy Enforcement Network (GPEN) Mobile App Sweep; an internationally coordinated effort to scan mobile apps to assess the adequacy of their privacy notices and policies. The international findings were that nearly one third (31%) of all mobile apps raise concerns about the nature of permissions sought. New Zealand findings were broadly consistent with 38% of mobile apps raising concerns.
A copy of the Annual Report can be viewed or downloaded here.
View the media release here.