Story image

NZ urgently needs to get the Privacy Bill right for everyone's sake, says InternetNZ

04 Sep 2018

InternetNZ says it’s more important than ever for New Zealand to get its privacy laws on track, particularly as Kiwis’ data is becoming increasingly threatened by data breaches in New Zealand and across the world.

Parliament is currently wading through the Privacy Bill, a proposed modernisation of our 25-year-old Privacy Act.

According to InternetNZ chief executive Jordan Carter, you only have to look at recent data breaches to realise that New Zealand has to lift its privacy game.

"Has your data been included in a breach? There’s no way to tell. My data could have been breached, your data could have been breached. With no law requiring organisations to report these breaches we have no way of knowing and taking steps to protect ourselves," says Carter.

“There’s currently no law requiring companies like Z Energy, Vector, or LinkedIn to tell New Zealanders if their data has been leaked.”

"This isn’t some niche nerd thing, this is something every New Zealander cares about. The Privacy Bill affects every organisation that serves us - from your daycare centre to your accounting software and your supermarket loyalty card.”

He says that New Zealand’s Justice Select Committee must use the opportunity to make the Privacy Bill work not just for 2018, but many years beyond. While it’s too urgent to delay, it’s also too important to risk getting it wrong.

“The Justice Select Committee needs to take this opportunity to make this Privacy Bill fit for 2018 and beyond. In practical terms, that means working with the suggestions submitters have made, and consulting on new ideas that people have raised,” he says.

“This Bill has waited five years to get to Select Committee. Taking the time to test new changes is the right thing to do now, to pass this Bill and make it fit for purpose."

The Bill has gained plenty of attention amongst New Zealanders. It attracted 165 written submissions, including some Xero, Trade Me, and Bell Gully.

According to InternetNZ, even Vector has called for strong measures to lift the Privacy Bill so that it’s fit for the Internet era.

A number of other global breaches such as LinkedIn, Facebook and Cambridge Analytica have also proven that there needs to be a strong focus on privacy.

Europe’s General Data Protection Regulation (GDPR) has certainly helped to address some of those privacy concerns, but New Zealand’s laws don’t currently stack up.

According to InternetNZ policy director Ellen Strickland, nobody who works in the privacy space believes the current law works for 2018.

“We urgently need an up-to-date privacy law that is fit for purpose in the Internet age. We think it’s great to see so many businesses, organisations and individual New Zealanders engaging to support privacy protections that work in the 21st Century and there are some good ideas in those submissions that deserve to be looked at," says Strickland.

InternetNZ says the proposed Privacy Bill needs two urgent changes:

1) An urgent review of EU adequacy under GDPR. New Zealand needs to retain our stamp of approval from the EU. Without this, every individual New Zealand company who trades with Europe would have to do their own compliance with EU law and that would be a big burden.

2) Align breach notifications. The Bill currently requires companies whose data is breached to notify people to let them know they’re effected. We support breach notification but are calling for an approach which follows overseas best practice in line with Australia, Canada and the European Union. This will make it easier for New Zealand businesses who work globally. We don’t want to drown people in notifications but we want them to be meaningful.

Read more about our coverage on the Privacy Bill and privacy in New Zealand:

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.