ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

Privacy bill submissions are in

Paul Brislen, Editor. 02 July 2018, 8:33 am

Changes to the New Zealand Privacy Act are imminent with public submissions now closed and the select committee getting down to the business at hand.

One of the key issues facing the committee will be how to handle any requirement to make companies reveal any data breaches.

European Union law is particularly strong in this regard (this writer has just received advice from Fortnum and Mason - an English shop - of a data breach despite being pretty sure he's never bought anything from them ever) and companies are now openly and quickly admitting to breaches. The US, meanwhile, is still approaching the issue at a State level rather than nationally which, given the hold US-based companies like Facebook and Google have over data, should alarm users of their services.

Reseller News has taken a look at how big US-based multinationals have responded to New Zealand's privacy regulation revamp, and finds that Facebook, for one, wants to see New Zealand law fall in line with other jurisdictions, such as Australia, so as to make life easier for those that operate across multiple countries.

That's fair enough, but Facebook also warns about setting the bar for notifications too low - leading potentially to increased contact with customers about breaches that may have a minimal impact.

"Excessive notification of minor breaches may dilute its value overall - people may become accustomed to receiving unnecessary breach notifications, that they may come to ignore genuinely harmful breaches and not be prompted to take remedial steps," the submission says.

Amazon Web Services would like to see a clear line drawn about who is responsible for securing the data that is collected - AWS of course hosts a lot of data over which it has very little control, and so would like to see the collector explicitly spelt out as the person of responsibility for security.

But the new law will be written in light of the EU's introduction of the General Data Protect Regulation (GDPR) law which came into effect last month and which sees more protection for users and their data, including the so-called "right to be forgotten".

Google and Facebook are facing challenges on this front in their home state of California where new legislation has been introduced allowing users more control over their own data, who can access it and whether or not they can remove data from services offered by these internet giants.

The California Consumer Privacy Act of 2018 is now in force and includes a fine of up to US$7,500 per record should data be lost - a figure which would make even those stalwarts at Equifax (which lost 143 million records) think twice.

And speaking of thinking twice, one submitter has a stark if somewhat confused warning for the government about protecting data:

"If the Government does not step up a long way, I will have to do it on behalf of our tried and challenged communities being taxed as another day in the office. Make solid changes or I can and will make everybody accountable."

You have been warned.


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio