Office of the Privacy Commissioner | Annual Report of the Privacy Commissioner 2015
Key points
Outreach and communications
- We launched online education modules. We created these modules in collaboration with online training specialists LearningWorks.
- Our enquiries team handled 8,372 enquiries from the public through our 0800 phone line and email.
- We received 273 media enquiries covering a wide range of topics including data breaches, the Harmful Digital Communications Act, unmanned aerial vehicles (UAVs) or ‘drones’, and property ownership information on public registers.
- We worked with the Department of Internal Affairs and Victoria University to hold the Identity Conference at Te Papa in Wellington in May. The two day conference featured a high quality line-up of local and international speakers and was attended by 300 people.
Dispute resolution and investigations
- We made significant efforts to modernise our complaints processes in order to resolve cases faster. We have increased our use of alternative dispute resolution techniques, including an increased readiness to bring complainants and respondents together in person or by phone.
- We closed 827 complaint files which was an increase from 702 last year. Of these, 44 percent were closed with a settlement between the parties - up from 32 percent the previous year.
- We have implemented a complaints lodgement system through our website, which uses encryption software so that people can make a complaint to us online in a secure way.
- The Harmful Digital Communications Act came into force and changed certain aspects of the Privacy Act. Complaints that were previously outside the ambit of the Privacy Act because of the section 56 “domestic affairs exemption” can now be investigated. This has expanded the nature of complaints people can make to us, particularly those who suffer harm through the online actions or use of digital communications by others.
Research & Analysis
- The Office launched its inaugural $75,000 Privacy Good Research Fund. We received 14 applications. Each successful applicant could be awarded up to $25,000 for an individual privacy-related research project.
Policy and technology
- We undertook policy work with a number of stakeholders to prepare for the upcoming Privacy Act reform. These changes will bring the Act up to date with the current technological and international environment, as well as give the Privacy Commissioner stronger enforcement tools.
- Effective information sharing forms a key component of the Government’s Better Public Services objective. We helped to facilitate this objective through Approved Information Sharing Agreements (AISAs). We assisted in the formation of an AISA between agencies for the Vulnerable Children’s Hub.
- Our office provided advice and feedback for a range of public sector organisations. We supported Customs on proposed changes to the Customs and Excise Act, reviewed Police vetting services in conjunction with Police and the Independent Police Conduct Authority, and made a submission supporting the minimal privacy impact of the Health and Safety Reform Bill.
- We launched our Sharing Personal Information about Families and Vulnerable Children guide and an interactive escalation ladder tool to assist multi-agency teams that work with vulnerable children.
- In an ongoing effort to make privacy easy, we published privacy guidance material including a Privacy Impact Assessment toolkit, a guide on Approved Information Sharing Agreements (AISA) and launched our online Priv-o-Matic privacy statement generator.
Data breaches
- Breach notifications remain voluntary but we expect breach reporting to become mandatory when the Privacy Act is reformed. As in previous years, the most common feature among the reported breaches was human error or carelessness.
- We continued to receive a significant number of voluntary data breach notifications. During the year, we received 121 notifications with 71 in the public sector and 50 in the private sector.
International
- The Privacy Commissioner was appointed Chair of the Conference Committee for organising the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Amsterdam in October 2015.
- Our office assumed Secretariat duties for the ICDPPC.
- We contributed to a review of the APEC privacy framework.
- We continued in our role as Administrator of the Cross Border Privacy Enforcement Arrangement.
- We participated in the annual Global Privacy Enforcement Network (GPEN) sweep which this year targeted the privacy practices of websites and mobile apps used by or popular with children.
A copy of the Annual Report can be viewed or downloaded here.