March 25 – As he starts a five-year term as the new privacy commissioner for New Zealand, John Edwards told Bloomberg BNA in a March 25 interview that he is moving quickly to make full use of his limited powers to deal with organizations that ignore their privacy obligations.
Edwards said he will do more to bring into line businesses and other covered entities that show little interest in compliance, despite being limited by a lack of authority to issue fines or compliance notices with injunctive requirements.
In December 2013, Edwards was named to take over from former Privacy Commissioner Marie Shroff, who served in the role for a decade. He took over the post in mid-February.
Edwards said his existing powers make him “mostly an influencer or a persuader,” rather than a regulator.
“I think we need to be thinking a bit more creatively about how to deploy the tools that we have so that we drive some compliance where we see people flouting the law,” he said.
“One of things that I will be doing more of is ‘naming and shaming,’ ” he said.
“So I will be identifying organizations who I believe fall short of the legal requirements, and I believe that has some power,” he said.
Edwards proved his willingness to highlight poor privacy practices by issuing a March 25 notice that named Veda Advantage, one of the largest credit reporting companies in the country, charges consumers an “unreasonable sum” for urgent requests for credit information. The notice accompanied a report on the office's investigation of Veda.
Edwards said in the notice that he was considering examining the charging practices of other credit reporters, adding that people making urgent requests are likely to be in a vulnerable position.
Although he can't issue fines for data protection violations, Edwards noted that he can refer a complaint to the Human Rights Review Tribunal, which can award damages of up to NZ$200,000 ($170,927).
Edwards added that punishments meted out either by his office or the tribunal aren't the only risks facing organizations that fail to meet their privacy obligations.
These days, personal information is one of the most important assets held by many companies and agencies, he said.
If organizations lose the trust and confidence of customers and interest groups that personal information will be protected, then that will “erode their brand value and shareholder value,” he said.
Edwards may also soon find his powers augmented somewhat. The government is considering its response to a major Law Reform Commission inquiry into privacy that reported in 2011.
“We are awaiting decisions on what parts of the Law Reform Commission recommendations will be adopted,” Edwards said. “But certainly we have heard that the government is looking favorably on compliance notices.”
In November 2013, however, the government was unable to move legislation that would have given the privacy commissioner expanded powers to audit government agencies and issue notices requiring them to remedy data security and privacy problems.
Edwards said that he was also keen to reduce privacy compliance costs for industry and government.
A central element will be doing more to disseminate useful information to organizations concerning privacy obligations, he said.
That could include sharing the lessons learned from investigations into data breaches, Edwards said.
It could also include developing generic information for activities such as recruitment practices, rather than requiring each organization to “think hard and come up with its own answers on what constitutes best practice.”
To contact the reporter on this story: Murray Griffin in Melbourne at firstname.lastname@example.org.
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).