Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Show items from between:

Latest in Media releases and statements

Displaying 81 - 100 of 250

New Cloud Computing Code of Practice : statement

Privacy Commissioner Marie Shroff welcomed the latest release of the Code, saying: “It's important for consumers looking into cloud computing to understand and assess the risks involved and make sound judgments. By setting a standard for local cloud providers to follow, the code makes sure that participating providers will give the right information to consumers to help them make good decisions. This is a very positive initiative from the Institute of IT Professionals (IITP) and I hope it w...

Wake-up call for government sector on privacy and security - GCIO report release

The newly released GCIO report is “a wake-up call to the government sector”, said Privacy Commissioner Marie Shroff. It reveals systemic weaknesses in the way privacy and security have been managed across the government sector.

“While departments are keen to make use of personally-linked data, the Report shows that they haven’t yet got their heads around how to handle it properly. I welcome the recommendations in the report. They are strong and comprehensive and will require so...

Media release: Websites leave children and parents guessing

A recent scan of school websites and some popular children’s game sites showed there is often no information given to users about how their personal information collected via the site will be used and shared.

The scan was part of an international “internet sweep” day, involving the New Zealand Privacy Commissioner and other overseas data protection offices in the Global Privacy Enforcement Network (GPEN).

“Each participating office selected a range of websites to scan. T...

Credit code amended - disclosure allowed for serious threat : media release

The Credit Reporting Privacy Code rules about the use and disclosure of credit information about serious threats are being changed, to reflect a recent Privacy Act amendment.

“The changes mean that credit providers can now feel more confident about whether to release information.  They can look at how serious a threat is, how likely it is to occur and how soon it might happen, before deciding to disclose to someone who can help prevent it,” Privacy Commissioner Marie Shroff said.<...

Statement from Privacy Commissioner Marie Shroff about EQC breach

The Privacy Commissioner Marie Shroff said today that public sector agencies needed to have stronger controls in place when handling spread sheets of personal information.

“The EQC breach is yet another incident involving inadvertent disclosure of large amounts of personal information on a spread sheet. We hope that agencies are starting to realise that they should have stronger controls in place to help to prevent these types of mistakes. But they clearly have a way to go yet.”

Privacy Commissioner amends health code to protect newborn blood samples : media release

Privacy Commissioner Marie Shroff has strengthened the Health Information Privacy Code 1994 to improve legal protections around newborn babies’ bloodspot samples.  These samples are collected as part of a national newborn metabolic screening programme, also called the heelprick or Guthrie Test. The samples are held permanently unless parents request their return.  The amendment will restrict how information derived from the samples may be used and disclosed.

“DNA testing is getti...

Privacy Commissioner issues Civil Defence National Emergencies (Information Sharing) Code 2013 : Media Release

Privacy Commissioner Marie Shroff today issued a code of practice that permits broad information sharing in the event of national emergencies.

"When a national emergency strikes, response agencies need to be certain whether they can share information with others," said Ms Shroff. "The last thing they need is to spend time second-guessing. And agencies that are planning for future emergencies have to be certain what the law will allow them to do, so they can factor that into their plann...

Making the right choices in cloud computing - new Privacy Commissioner guidance

The Privacy Commissioner today released guidance material for small to medium sized businesses (SMEs), to help them protect personal information when using cloud computing. 

"Businesses today are increasingly turning to cloud computing, but many are flying blind with the range of options, providers and risks. Shifting to the cloud can often make really good sense. But responsible businesses will always want to be sure that their client and staff information will be safe. We saw a gap...

Privacy Commissioner allows limited use of credit reporting information for anti-money laundering regime : media release

Privacy Commissioner Marie Shroff has amended the Credit Reporting Privacy Code to allow limited use of credit reporting information for anti-money laundering (AML) purposes.

From 30 June 2013, banks, finance companies and credit insurers will be required to verify their customers' identities, to make sure they are trading with real people who have a known history. The amendment means that these companies will be able to check customers against the credit reporting system to verify t...

European Union endorses New Zealand Privacy Act : media release

20 December 2012

Privacy Commissioner Marie Shroff today welcomed the announcement that the European Commission had formally decided that New Zealand's Privacy Act offers an adequate standard of data protection for the purposes of European law.

"The European decision is a vote of confidence in our privacy law and regulatory arrangements. This decision establishes New Zealand, in the eyes of our trading partners, as a safe place to process personal data."

The Offi...

Report shows leadership gap in MSD client information handling : media release

6 December 2012

'The Deloitte report on MSD makes it very clear that there is a need for strong leadership by senior management on the way client information is handled within MSD,' said Privacy Commissioner Marie Shroff, commenting on a report into the data breach at Work and Income public access kiosks.

'MSD has a huge and challenging role in delivering essential services to many New Zealanders. The Ministry is a mega-store of personal details and could be leading the way for in...

Privacy Commissioner's Annual Report 2012 - The Year of the Data Breach : Media release

28 November 2012

"This year has been marked for us by major public sector data breaches. Notable were the ACC spreadsheet breach in March and MSD kiosk breach in October. These losses of data have highlighted the urgent need for far better security and respect by government agencies for New Zealanders' personal information," said Privacy Commissioner Marie Shroff when she released her Annual Report today.

"The public sector can't afford to be complacent. It's quite clear that ag...

Privacy Commissioner releases credit reporters first assurance reports : media release

27 November 2012

Privacy Commissioner Marie Shroff today released the first compliance assurance reports submitted to her office by the national credit reporting companies.

Under a new requirement of the Credit Reporting Privacy Code, credit reporters are required to file assurance reports each year with the Office of the Privacy Commissioner. The companies must involve an independent expert in the process of preparing their reports.

"The reports were all submitted on ti...

Media Release: Google confirms NZ Street View 'payload' data destroyed

20 November 2012

Privacy Commissioner Marie Shroff received confirmation yesterday that Google has destroyed all the information collected from unsecured WiFi networks during its Street View filming in NZ.

Google had earlier informed the Privacy Commissioner that 'payload' information had been securely destroyed, but after more checks it found one disk that contained New Zealand and Australian information.

'We're pleased to see the certificate from an independent agency...

Media Release: Hard hitting report shows MSD breached client trust

2 November 2012

'Government agencies must treat people's information with the highest standards of respect,' says Privacy Commissioner, Marie Shroff. 'But this hard-hitting report - especially since it follows hard on the heels of the ACC report - shows just how far some of our major agencies have to go before we can be confident our information is protected.

'Basic IT security safeguards to protect personal information were missing...

Statement from Assistant Privacy Commissioner, Katrine Evans, about MSD security breach

 

15 October 2012

We were contacted late yesterday afternoon by the blogger who has broken the story about the security breach at Ministry of Social Development's Work and Income kiosks. It appears that some types of personal data, and other confidential data, could be accessed through the kiosks with relative ease.

Most of the data that we know about so far involves invoices and file server logs. We do not have evidence that the Ministry's client databases have been com...

All WiFi payload data to be destroyed, Privacy Commissioner tells Google : media statement

10 October 2012

Google has now said that it appears it did not destroy all the information collected from unsecured WiFi networks during its Street View filming in New Zealand. In recent checks, it has found one disk that may contain New Zealand and Australian information, along with disks relating to other countries. These had been missed when Google responded to the original privacy investigations.

The Privacy Commissioner's office has told Google to destroy the disk.

G...

Privacy Commissioner says credit industry must be open with consumers about positive credit reporting

19 September 2012

Credit reporting changes proposed: Public submissions invited

Privacy Commissioner Marie Shroff has reaffirmed in planned amendments to a privacy code that lenders must tell existing customers before they share their "positive" credit information. This includes what credit people have and whether they meet their monthly repayments. Lenders can only share this positive information with the consent of their customers.

Ms Shroff has outline...

Privacy Commissioner urges ACC culture change : Media release

23 August 2012

The Privacy Commissioner says a culture change starting at the top of ACC is vital if
further data security breaches are to be prevented.

Marie Shroff is commenting on the findings and recommendations of the Independent
Review of ACC Privacy and Security of Information that were released today.

The report was commissioned jointly by the Office of the Privacy Commissioner (OPC)
and the ACC Board following the unauthorized disclosure of details of 6,...