New Zealand’s 20-year-old Privacy Act is likely to be repealed and re-enacted following the four-stage Law Commission review. The final report was released in August 2011, but Government is yet to introduce bill to Parliament. Changes recommended in the review include:
• Compulsory privacy breach notification. This will have major impact on businesses that have traditionally kept data losses under an ‘umbrella of silence’ to minimise trading and reputation losses.
• The Privacy Commissioner will enable audit agencies to tell businesses what has gone wrong and therefore how to fix it. International experience suggests, however, that this creates significant costs for business responding to auditing agency demands.
• review of penalties for Privacy Law breaches. Penalties exist under existing legislation but are imposed irregularly because there is no compulsory notification. Privacy breach notifications climbed 58 percent in Europe after legislation was introduced. Fines up to £500,000 can be imposed.
• Imposing orders to strengthen safeguard security systems by issuing ‘take down’ notices and ordering the regulatory agency to allow individuals access to personal information.
•Procedures for streamlining complaints within the Privacy Commission, for example, making it easier for the Commission to deal with class action complaints about systemic problems.
• Giving the Commission authority to remove offensive or damaging internet sites.
See www.lawcom.govt.nz/project/review-privacy.
