SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Parliament supports NZ's Privacy Bill during first reading
Wed, 11th Apr 2018
FYI, this story is more than a year old

New Zealand's proposed Privacy Bill is going through the first round of debates in Parliament this week, with the support of all sitting MPs.

Justice Minister Andrew Little opened the first reading with an introduction describing the Bill and how it must be able to cope with the new challenges of protecting personal information.

“The purpose of the Bill is to promote and protect people's privacy and to give them confidence that their personal information is properly protected. The current Privacy Act was enacted 25 years ago. Since then, information technology has revolutionised how we deal with personal information. Collecting, storing, and disclosing more personal information than ever before using social media, eCommerce, and to connect to devices, cloud storage, and other new technologies.

He says that early identification and prevention of privacy risks rather than remedies after the fact are required. The Bill also upholds the 12 current privacy principles.

“One of the key reforms in the Privacy Bill is a new requirement for agencies to report privacy breaches. A privacy breach is any unauthorised access to, or disclosure, loss, or destruction of, personal information. It can also include a ransomware attack.

Failure to disclose breaches may come with fines of up to $10,000.

Little continues to discuss how people need to be aware if their information is breached; how the Privacy Commissioner needs new capabilities to enforce compliance and other powers.

Speaking about safeguards to New Zealanders' personal information sent or held overseas, a New Zealand agency must be responsible for that data. Little paraphrases,

“Lies and social media can be halfway around the world while the truth is still strapping its shoes on.

“The select committee process is very important and I urge all New Zealanders with an interest in privacy as an issue to come forward and to have their say on the Bill. It will be important for the Bill to have maximum scrutiny; not just from members of this House, but all citizens.

National MP Christopher Finlayson talked about the 1993 Privacy Act's importance in shaping law for the last 25 years, but we now live in a different age.

“New technologies have rapidly advanced the type, the quality, and the quantity of personal information available to governments and businesses. I think this Bill is going to go some way to modernising our privacy legislation and reflect these technological changes.

“I'd like to know how the reforms as to how the approved information sharing mechanisms work and whether or not we can improve on those.

Minister of Broadcasting, Communications and Digital Media Clare Curran took the time to explain that while other law reforms such as the Search and Surveillance Act, Telecommunications Interception Capability and Security Act passed through law, what was left behind was privacy law reform.

“By their very nature, revolutions cause momentous disruption. The digital revolution has occurred, particularly over the last seven years, much has changed. But the protections of people's privacy has not been modernised and has not had a value put on it. That is why this is so important.

“Having the individual and the importance of their personal data as the key purpose of this new Act is a very powerful statement for our citizens. It sends a clear message that this government sees people as central to the business of government and keeping them safe is the point of the work that we're doing.

She also mentions that trust is vital to democracy. People need to know that their information is safe and used for legitimate purposes, particularly when algorithms are drawing on their data; as well as frameworks in place for when trust principles are breached.

National MP Maggie Barry expressed dismay that the proposed Bill has removed some requirements including a breach penalty fine of up to $1 million, issues around data portability, compliance monitoring, and controls around the re-identification of data, adjusting criminal offences, and informing the public register on privacy principles.

Labour MP Priyanca Radhakrishnan supported the themes of digital change and the importance of updating New Zealand's privacy laws.

“Under this particular Bill, if someone's privacy is breached they can complain to the Privacy Commissioner. The change that this bill will bring about is that the Privacy Commissioner's role is strengthened,” Radhakrishnan says.

“It gives the role a bit more teeth because the Commissioner who then attempts to resolve the dispute can make a decision. If the person is not happy with the decision that's made, it can be appealed to the Human Rights Review Tribunal.

She notes that ransomware attacks and cybercrime are significant to the Privacy Bill because personal information can be stolen and used to commit identity fraud.

Other speakers included Darroch Ball, Chris Bishop, Golriz Ghahraman, Shane Reti, Nick Smith, Raymond Huo, Mark Mitchell, and Tamati Coffey.

Read more about New Zealand's Privacy Bill here.