Discussion document put out for comment.
The Privacy Commissioner John Edwards believes it’s time he regularly names companies that breach the Privacy Act.
Previously, revealing names has been done on an ad hoc basis but the Office of the Privacy Commissioner (OPC) said adopting a naming policy would ensure a more consistent approach.
It intends to bring in the policy from 1 November 2014 but has put out a discussion document so Kiwis can provide their feedback.
OPC public affairs manager Annabel Fordham said in some circumstances naming an agency might encourage compliant behaviour by that agency as well as other agencies concerned about the risk to their reputation.
“We have always had the power to name agencies but we’ve rarely exercised it. The change in our policy is to ensure that a more consistent and effective approach is taken,” Ms Fordham said.
The Privacy Commissioner recently chose to identify credit reporting company Veda.
“We had investigated Veda’s charging practices and published a report naming them and outlining our finding that they were overcharging customers who needed their credit information urgently,” Ms Fordham said.
“In that case, we felt it was necessary to name them because the size of the credit reporting market was such that it would not have been fair to other credit reporters to not to have specified who we were talking about.”
Consumer NZ supports the Commissioner’s push to reveal organisations that have breached the law.