New Zealand Privacy Commissioner releases report showing that data breaches are on the increase, like in Australia

December 9, 2024 |

New Zealand has a Privacy Commissioner and a Privacy Act. The regulator has quite limited powers and the legislation is inadequate compared to other common law and European countries. The Commissioner has released the annual report (found here).

The Commissioner reported that the office:

  • received a total of 1,003 privacy complaints, up 15% from the previous year, with 279 of those complaints received for investigation.
  • there were 2,751 in-house privacy inquiries.
  • there were 864 privacy breach notifications, of which 414 were serious privacy breaches.

As with the Australian Office the Commissioner highlighted the need to amend the Privacy Act, noting that the Privacy Act is based on work completed in 2011 by the Law Commission and that significant technological developments necessitate the need for better privacy protection including:

  • greater protection in relation to sensitive data, such as biometrics.
  • establishing a right to erasure;
  • establishing incentives for organizations to take privacy seriously;
  • requiring organizations to demonstrate how they meet their privacy requirements; and
  • providing New Zealanders with better protections for automated decision-making, such as artificial intelligence (AI), inaccurate predictions, unexplainable decisions, and lack of accountability associated with such technology.
In the accompanying press release the Commissioner stated:

Thousands of times each day New Zealanders provide their personal information in exchange for goods and services. They could be face-to-face with a small business or online with a large government department. All of these exchanges involve privacy.

A society that values privacy and personal information is one where its people can have greater trust in government and businesses because they know their information will be looked after. This Annual Report is the first under theStatement of Intent 2023–2027, which sets my Office’s purpose as ensuring that privacy is a core focus for agencies. We do this to protect the privacy of individuals, enable agencies to achieve their own objectives, and safeguard a free and democratic society.

Our strategy is to push us towards the four objectives set out in the Statement of Intent:

    1. We will work in partnership with M?ori to take a te ao M?ori perspective on privacy.
    2. We will engage and empower people and communities who are more vulnerable to serious privacy harm.
    3. We will set clear expectations to provide agencies with greater certainty about their responsibilities.
    4. We will promptly use our full range of investigation and compliance powers to hold agencies accountable for serious privacy harm.

It is my belief that achieving these objectives over the next few years will improve privacy outcomes for New Zealand. While it is early days yet, there are some promising signs of success in this report. For example, our biennial public survey of New Zealanders has shown a slight increase in public awareness of their right to access personal information under the Privacy Act 2020 (the Act).” 

Leave a Reply





Verified by MonsterInsights