Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

“Events during the year have reinforced the need for tools to respond to the dynamic data environment that is developing across government and business,” said Privacy Commissioner Marie Shroff when she released her Annual Report today.

“We continued discussions with Ministry of Justice officials as they worked through the Privacy Act review proposals and we now look forward to the Government’s response. Having adequate privacy and security protections will enable the aims of Better Public Services to be realised successfully.”

“A number of other high-profile data breaches and security failures, including the exposure of vulnerability in MSD’s publicly-facing kiosks in December 2012 and an EQC data breach involving many thousands of its Christchurch claimants, showed the weaknesses within many agency systems and processes.”

“The Government’s Bill to reform the Government Communications and Security Bureau (GCSB) took place against a background of heightened awareness and concern about government intrusion and surveillance of civilian life. Our submission on the Bill said that because of the complex and dynamic environment, we believe surveillance, and in particular oversight of that activity, needed to be considered further.

“The Information Sharing Bill became law in February and we received the first application for an approved information sharing agreement (AISA) a few months later. Government agencies are required to consult with us on each AISA and we will make our reports publicly available on our website to support transparency in government.”


For further information contact: Charles Mabbett 021 509 735

Note to editors: Other 2013 highlights

GPEN Internet Sweep

We participated in the Global Privacy Enforcement Network (GPEN) Internet Sweep which was an internationally coordinated effort to scan websites to assess the adequacy of their privacy notices and policies.

NZ data protection is compatible with EU standards

The European Commission (EC) issued a long-awaited decision in December 2012 that New Zealand law is adequate for the purpose of European Union (EU) law which provides New Zealand businesses with a ‘comparative advantage’ in cross-border data processing. The decision came into effect across Europe in April.


We received over 9,000 enquiries from the members of the public and organisations seeking guidance on privacy matters. We also received 310 media enquiries. Numbers were affected by the EQC incident and the MSD kiosk data breach, along with a steady stream of technology related enquiries.

Data breach notifications

We have recently started to track breach notifications more formally, as this is a growing body of work for us and is also a matter of external interest and importance. We recorded 107 notifications this year – more than double than for the previous year.


The Commissioner and senior staff gave 70 presentations and speeches during the year to a wide variety of audiences. We delivered 48 workshops and seminars to members of the public and stakeholder groups.

View the 2013 Annual Report here.