Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Privacy Act & codes

The Privacy Commissioner has a statutory responsibility to report periodically to Parliament on the functioning of the Act. You can read his latest report on the current operability of the Act here.

In the update report, Mr Edwards notes privacy law reform has been under consideration since 1998, including the wide-ranging Law Commission review from 2008-2011. These reviews and the government response have formed the basis for the proposed modernisation of the Privacy Act, as led by the Ministry of Justice.

But he says there are apparent gaps and weaknesses in the Privacy Act’s enforcement framework that need to be addressed if the reforms proposed are to introduce an effective and modernised form of privacy regulation.

The Commissioner is proposing six recommendations:

  • empowering the Privacy Commissioner to apply to the High Court for a civil penalty to be imposed in cases of serious breaches (up to $100,000 in the case of an individual and up to $1 million in the case of a body corporate)
  • an update to protect against the risk that individuals can be unexpectedly identified from data that had been purportedly anonymised
  • introducing data portability as a consumer right
  • an additional power to require an agency to demonstrate its ongoing compliance with the Act which would enable the Privacy Commissioner to proactively identify and respond to systemic issues
  • narrowing the defences available to agencies that obstruct the Privacy Commissioner or fail to comply with a lawful requirement of the Commissioner; and
  • reforming the public register principles in the Act and providing for the suppression of personal information in public registers where there is a safety risk.

Mr Edwards says these recommendations will help to ensure that New Zealand’s privacy framework will be fit for purpose in the current environment and for foreseeable developments in the future.