ACCforum: Consumers at risk from outdated privacy law -NZ - ACCforum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Consumers at risk from outdated privacy law -NZ

#1 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 16 July 2015 - 01:39 PM

Consumers at risk from outdated privacy law - expert
Home › Money › News › Business
Read More:


Fuseworks Media Fuseworks Media
Wednesday, 17 June 2015 - 1:34pm

New Zealand’s privacy law is falling behind the rest of the world and threatening consumers’ personal data, according to a leading cyber risk management expert.

Under the current law, if a New Zealand company experiences a data breach (such as a hack or accidental leak of customer data) the company is not obligated to inform the affected consumers.

This means that customers’ personal data, including credit card details, tax information and medical histories, could be being passed around online without their knowledge.

The managing director of Delta Insurance Ian Pollard, says New Zealand is out of step with international data-security standards and New Zealanders are at greater risk of having their personal information leaked.

"New Zealand ranks fourth in APEC (The Asia Pacific Economic Cooperation forum) for cyber attacks, we simply cannot afford to be complacent on this issue," says Pollard.

He says while New Zealand’s data security laws do not currently require mandatory notification in the event of a breach, New Zealand businesses operating internationally do need to abide by the standards of the countries they are doing business in.

Pollard says the USA is one of the most advanced in this regard, with 47 out of 50 states already having mandatory breach notification laws in place, and there are moves towards putting federal laws in place to govern the entire country.

New EU laws are also on the way, scheduled for implementation in late 2015 to early 2016 thanks to updates to the EU Privacy and Human Rights Law.

Pollard says the new regulations will apply to all 27 member states and are expected to significantly change the privacy and data-protection landscape. They will introduce stricter requirements for reporting data breaches within 24 hours of detection with penalties of 1 million Euros or 2 per cent of the company’s global revenue for non-compliance.

Australia has also announced that legislation requiring mandatory breach notifications will be introduced later this year, changing the current status quo where it is recommended but not legally required.

Existing laws have served New Zealand well, Pollard says, but they are in need of an update to reflect the changing online landscape.

"The New Zealand Privacy Act was written in 1993 to tackle the problems of the time, but the modern cyber-security environment and proliferation of data have grown in ways that were difficult to predict," he says.

Pollard says the government should be careful to avoid creating laws that are too onerous for New Zealand businesses, as the laws adopted by some nations might be too difficult to comply with for smaller New Zealand companies.

Pollard says a notification period of fourteen-days would be more suitable for New Zealand’s business environment, but that the notice period could vary with on the size of the company and the kind of data that was breached.

"Getting the right protections in place is vital, not just for consumers but for businesses as well; a legal battle over a breach can be extremely costly to business both in terms of legal costs and brand damage," Pollard says.

#2 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 12 April 2016 - 04:14 PM

NZ 'falling behind' rest of world on privacy laws - Privacy Commissioner


Last updated 15:33, February 18 2016

Stalled privacy law reforms mean New Zealand is lagging behind the rest of the world when it comes to protecting the public's personal information, the country's privacy watchdog says.

Privacy Commissioner John Edwards spoke to Parliament's justice and electoral committee on Thursday morning, warning of the need to move ahead with changes to our privacy laws.

The Government first signalled plans to overhaul New Zealand's privacy laws in 2012. Two years later, a range of proposals were revealed - including the introduction of a maximum $10,000 fine for identity theft and a mandatory requirement to report data breaches to the commissioner.
Governments elsewhere in the world have taken the world's biggest digital players to task over privacy breaches.

Governments elsewhere in the world have taken the world's biggest digital players to task over privacy breaches.

However, another two years further on, the proposals are yet to become law.

* $10,000 fines for identity theft
* Privacy laws to be overhauled
* Minister furious over ACC's privacy stance

"We're starting to lag behind, and the pace of change in this area is really picking up and increasing.

"More and more personal information is vulnerable, more and more is online, and there is a greater concern - people have to have confidence that their personal information is safe in order to engage in the digital economy."

Edwards said there was a range of powers used well in other parts of the world - but that they were not at the disposal of New Zealand's privacy watchdog.

"If you look at my colleagues in France, they threatened to ban Google and fine Facebook millions of pounds - these are the kinds of enforcement powers which you see in a number of regulators which we don't have here."


A number of other countries made it mandatory for companies to let privacy watchdogs know when there had been a breach of private data, which was not the case in New Zealand.

However, Edwards said he was not frustrated by the lack of progress with the law changes.

"There are political priorities and the parliamentary programme is a scarce resource, so I guess I've been around long enough to not get frustrated by these things - you just have to live through it and make the best of what we've got."

The watchdog would use any extra powers granted to it by new laws "as soon as we can get them", he said.


Justice Minister Amy Adams
said she was happy the current privacy laws were "robust", but was aware that changes were needed.

"It's an evolving area of law and there are always new developments to track and to follow, but I am comfortable with where we are."

Adams said the reforms announced by the Government in 2014 were still progressing, but she had identified other "tweaks" which should be considered as part of the legislative process.

She had spoken to Edwards about the Government's work in recent months, and said that new legislation was likely to be introduced to Parliament this year - "hopefully sooner rather than later".

"It's progressing well, and I think it's in a good place and will be better for taking that extra time."

- Stuff

Share this topic:

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users