NEED FOR STRONGER PROTECTION

The Privacy Bill (Bill) was introduced to Parliament in March 2018. The Bill is intended to update and modernise the current Privacy Act 1993 (Act) and will affect all organisations doing business in NZ that collect, use or hold information on individuals in NZ. 

Reform of the Act is long overdue and is needed to reflect and keep pace with the major technological developments that have occurred over the past 27 years – such as the rise of the Internet and new technologies such as E–commerce, social media and cloud storage.

NZ also needs more robust regulation of personal information to ensure NZ is in line with the global trend in privacy law reforms, such as Australia’s recent Privacy Act reforms, the OECD Privacy Guidelines and the EU’s General Data Protection Regulation (GDPR).

Unfortunately, the Bill has not gone as far as other reforms that have been adopted overseas, particularly the GDPR and the recent Australian reforms.

KEY CHANGES

While the Bill repeals and replaces the Act, it retains the key privacy principles of the Act.  The six key changes to the Act under the current Bill are:

4.    Information collected: There are tighter controls on the information that can be collected – agencies cannot require a person’s identifying information unless it is necessary for the lawful purpose for which they are collecting the information.

5.    New offences: There are two new criminal offences: misleading an agency to get someone else’s personal information, and destroying a document that contains personal information knowing it has been requested.

6.   Fines increased: Fines for breaches are increased from up to $2k to up to $10k – however this is a long way off the civil penalties of up to $1million that the Commissioner recommended.