Law firm Simpson Grierson believes 2018 is shaping up to be a ‘defining year for privacy’ as New Zealand’s Privacy Bill finally makes its way through Parliament and the Select Committee.
Data privacy is not only making the headlines because of its controversial use. According to Simpson Grierson, the Privacy Bill is intended to promote people’s confidence that their information is secure and will be treated properly.
Partner Sally McKechnie says the Bill, which will replace the Privacy Act 1993, reflects the recognition that firm guidance and tougher penalties are needed in the case of privacy breaches.
The law firm also commends the government's other initiatives such as the establishment of a chief technology officer and a Ministerial advisory group.
“The rise in use of ‘big data’ technologies will continue to present both opportunities and challenges for business and in government in 2018,” McKechnie says.
“In anticipation of this, the Government has recently outlined its priorities across digital technology, media and open government. It has also pledged to review and update a range of other legislation to include the wider effects of digitisation, and introduce a Digital Bill of Rights that will integrate with existing cornerstone legislation such as the Bill of Rights Act, the Crimes Act, the Privacy Act and surveillance legislation.”
Looking overseas, the law firm says that international cloud computing cases such as United States v Microsoft could act as a guide as to how data protection laws could be developed for New Zealand’s own businesses.
New Zealand’s own Privacy Commissioner filed a submission in the US Supreme Court about the case. He believes the US Government should not be able to rely upon US domestic search warrant legislation to access the data, rather than making a mutual assistance request to the Irish government.
“The United States Supreme Court recently heard oral arguments in this case, which concerns the execution of a US search warrant to access personal information held by Microsoft in an Irish data centre,” McKechnie says.
“This case will examine the cross-border reach of law enforcement agencies and how modern data protection laws operate. It could potentially have significant implications for both individuals and companies around the globe.”
“The implications of this case could impact the lives of all New Zealanders. We await the United States Supreme Court’s decision with interest.”
McKechnie notes that are other implications for New Zealand’s Privacy Bill, particularly in cases where breaches have resulted in complaints. She believes damages as a result of breaches are increasing.
She also says that the Office of the Privacy Commissioner reported that almost half of its cases are closed through settlements.
“With increasing delays and backlogs in the Human Rights Review Tribunal, indications are that aggrieved persons and organisations alike will increasingly look to early resolution through the Privacy Commissioner’s office,” she explains.
She also points to the ‘value’ of complaints, which have now become prone to disparity. The Kim Dotcom decision awarded $90,000 in damages, for example.
The Privacy Commissioner had to curb the trend by releasing guidance as to the value (monetary or other) of a complaint.
“This guidance will be a very useful resource for organisations responding to privacy complaints,” McKechnie concludes.