2 August 2011

"Business will stand to gain from new recommendations put forward by the Law Commission in its review on privacy," said Privacy Commissioner, Marie Shroff. "The changes will offer greater certainty for businesses chasing domestic and international trading opportunities, particularly in ICT".

"The Law Commission has come to the end of a major 4½ year project looking at privacy and has particularly looked at the huge impact of technology developments since the Privacy Act was passed 18 years ago".

"Our law is flexible and technology-neutral. The review has endorsed that approach. But the Law Commission has also recognised that new risks have emerged from the way today's businesses use personal information".

"The Law Commission has recommended a range of targeted changes. These are timely and necessary to ensure New Zealand can compete internationally, and that New Zealand business can go forward with confidence. The recommendations will be enablers for business", said Ms Shroff.

"Technology change has thrown down some challenges - particularly when it comes to keeping confidential data secure. Businesses are now well aware information is a valuable asset to be protected. The Law Commission has recognised that even in well-run businesses things occasionally do go wrong and personal data is lost or hacked into. They recommend that people must be told if there is a serious data breach that affects them, or when it would enable them to take steps to protect themselves, like cancelling a credit card. The Law Commission has taken a moderate stance and recommended a risk-based approach. I think they've got the balance about right," said Ms Shroff.

A key Law Commission recommendation is that the Privacy Commissioner could order agencies to fix business practices that breach the law. This targeted tool would address those rare occasions when no other solution has worked and people are at risk of harm from misused information or inadequate business practices. "This is simply being equipped with the right tools to do the job in today's environment," noted Ms Shroff.

"Internationally New Zealand business has opportunities in technology and data processing - partly due to our time zone, and developments in 'cloud computing'. We can't have unnecessary legal barriers to those opportunities. The recommendations would bring our law up to date with international best practice, and would enable New Zealand to opt into the APEC cross-border privacy rules in the future", said Ms Shroff.

Clearer rules would mean businesses sending data overseas could be certain where responsibility for the information would lie.

Businesses will be helped by quicker dispute resolution in future if the Law Commission's recommendations in that area go through. The privacy complaints system would be streamlined, with more certainty in those instances when a person asks to see the personal information a business holds about them. The Law Commission has proposed that those cases could be determined by the Privacy Commissioner's office directly. It is also proposed that businesses could refuse a request if the same information had already been released to the requester.

Business could also expect more guidance on applying the law from the Privacy Commissioner on a range of topics.

"These are well-thought through proposals that would help business to capture the benefits of the modern business environment. Personal information is at the heart of many of those opportunities, so getting the fundamentals right is important," said Ms Shroff.

ENDS

For more information contact: Annabel Fordham 021 509 735.

Copies of all the Law Commission's reports on privacy are available at: www.lawcom.govt.nz