The Privacy Act 1993 governs the collection, use, storage and disclosure of personal information. In addition to the Act there are a number of Codes that apply to the specific industries of health, credit reporting and telecommunications.
Where individuals believe there has been a breach of one of the principles they can make a complaint to the Office of the Privacy Commissioner (OPC) who will investigate the complaint.
The OPC is also responsible for issuing codes of practice, providing education and assisting in policy developments that impact on privacy.
Review of NZ Privacy Law
Following completion of an extensive review into the operation of privacy law, the Law Commission issued a final report with a number of recommendations in June 2011. Despite the significant passage of time, it is still widely anticipated that many of the recommendations will be adopted when the Act is finally reviewed. In February, the Privacy Commissioner’s report on the operability of the Act identified further recommendations to capture developments since the Law Commission’s report, particularly in the areas of data science and information technology. The Ministry of Justice has stated its intention to release an exposure draft of a new Privacy Bill for discussion this year. It is expected the Bill will include mandatory breach reporting, introduce new breaches and increase fines, and enhance the powers of the OPC. If the Privacy’s Commissioners recommendations are adopted, this may extend to the power to require agencies to demonstrate ongoing compliance and fines of up to $1million for private and public sector organisations, and $100,000 for individuals.
Privacy in Business
With the increased sharing of personal information through social media, the focus on using Big Data to drive product development and sales, the impact of storing information using cloud services and growing consumer awareness of their rights, privacy is an increasing priority for businesses. Security and protection against data breach is all important as is ensuring processes and procedures are in place to manage privacy complaints, OPC investigations and security breaches.