May 29 — The New Zealand government May 28 released a fact sheet detailing its intended proposals to update the country's data protection regime, including the introduction of new controls on cross-border disclosures and a requirement that companies and public agencies provide data breach notification.
The government announced in 2012 that it would repeal the Privacy Act 1993, but until now it hasn't provided details on the content of the proposed replacement.
The government said it will consult with stakeholders before introducing a replacement bill to Parliament.
“It's vital that New Zealanders have confidence in our privacy laws, and that people know their information is in safe hands,” Justice Minister Judith Collins said in a May 28 statement.
The changes will “help ensure” that the European Union continues to find New Zealand's data protection regime “adequate,” the fact sheet said. In December 2012, the European Commission announced that it considers New Zealand's data protection regime to provide an adequate level of privacy protection to EU citizens' data, meaning that EU data can be freely transferred to New Zealand companies and organizations.
That adequacy finding “is a major advantage to New Zealand business,” according to the fact sheet.
The proposals would oblige companies and agencies sending data overseas to ensure that the recipient organization had “acceptable privacy standards,” according to the fact sheet.
The Office of the Privacy Commissioner—the country's data protection authority—would be empowered under the proposals to publish a list of countries with acceptable privacy laws to help businesses and agencies determine whether overseas recipients are likely to have adequate measures in place, the fact sheet said.
According to the fact sheet, the government will propose that businesses and government agencies be required to notify the DPA of all “material” data breaches.
Factors to consider in determining whether a breach is material include “the sensitivity of the information, the number of people involved and whether there are indications of a systemic problem,” the fact sheet said.
For more “serious breaches,” covered entities “will have to take reasonable steps to notify affected individuals, if there is a real risk of harm.” Determining whether a breach reaches the risk-of-harm threshold requiring notification involves considering factors “such as actual or potential loss, injury, significant humiliation or adverse effects on rights or benefits,” the fact sheet said.
Companies may face fines of up to NZ$10,000 ($8,483) for failure to notify the DPA of a material breach.
Government agencies that fail to notify the DPA of a breach will not face fines. “For now, the Government considers that the prospect of being ‘named and shamed' is the most effective deterrent to ensure public sector agencies report breaches,” the fact sheet said.
The replacement law would also give the DPA new enforcement powers to initiate investigations into possible privacy violations and to issue compliance notices.
To contact the reporter on this story: Murray Griffin in Melbourne at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Full text of the “Privacy Act Review Q & A” document is available at http://op.bna.com/pl.nsf/r?Open=dapn-9kkkps.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).