New Zealand has a Privacy Commissioner and a Privacy Act. The regulator has quite limited powers and the legislation is inadequate compared to other common law and European countries. The Commissioner has released the annual report (found here).

The Commissioner reported that the office:

• received a total of 1,003 privacy complaints, up 15% from the previous year, with 279 of those complaints received for investigation.
• there were 2,751 in-house privacy inquiries.
• there were 864 privacy breach notifications, of which 414 were serious privacy breaches.

The New Zealand Financial Markets Authority (“FMA”) has released an information sheet to assist financial institutions with cyber security. 

The press release provides:

The Financial Markets Authority (FMA) – Te Mana T?tai Hokohoko has published an information sheet to help financial services firms enhance the resilience of their technology and operational systems, and meet any relevant licence obligations. Read the rest of this entry »

The use of closed circuit television has been a matter of concern in for privacy commissioners in Europe and the UK for some time.  Now the Privacy Commissioner in New Zealand has provided guidance on the use of the CCTV, responding to the concerns about the use of surveillance cameras.  Unfortunately in Australia at the Federal level the Information Commissioner has showed scant interest with one short page saying pretty much nothing about the issues.  That is a pity.   The potential of privacy intrusion through the misuse of cctv technology is significant. 

The media release provides:

From our experience, putting up a CCTV or surveillance camera can get a strong reaction from the public.

Our Privacy Concerns and Sharing Data 2020 survey found 41 percent of people over 18 years old were concerned about the use of surveillance cameras.

Because CCTV captures images of people, which can be used, stored, manipulated, and disseminated, those who operate the systems need to be aware of how to manage privacy issues.

Good management of personal information is essential to the effective running of CCTV systems. Businesses can only take advantage of the full benefits available from CCTV technology if they manage their system with privacy in mind.

All organisations considering using CCTV need to be mindful of their obligations under the Privacy Act 2020. Organisations must only collect personal information if it is for a lawful purpose connected with their functions or activities, and the information is necessary for that purpose. 

We always recommend that agencies minimise the amount of personal information they collect. Any information that is collected should also be securely disposed of once it’s no longer needed for the organisation’s purpose.

The guidelines provides, with Read the rest of this entry »

In Case note 272681 [2016] NZ PrivCmr 4 the New Zealand Privacy Commissioner considered the issue of misidentification by a credit reporting agency.

FACTS

The Complainant underwent male-to-female gender reassignment surgery and, as woman, changed her name to match her gender.  After the name change, she applied for credit for a number of things, such as hire purchase agreements and home rentals.

The lender checked the Complainant’s information with a credit reporting agency. The agency advised that the woman had previously gone by another name.

The Complainant complained that Read the rest of this entry »