By Jessica Walker
Communications and Campaigns Manager | Pou Whakahaere Whitiwhiti Kōrero, Kaupapa Whakatairanga
Penalties for privacy breaches are embarrassingly low compared with those found in our nearest neighbour, Australia. In Australia, serious privacy breaches can lead to fines as high as AUD50 million. In New Zealand, there is no express penalty for a privacy breach.
The recent Manage My Health data breach has brought privacy concerns to public attention. It led Katja Feldtmann, a cyber security expert, to launch a petition calling for enforcement powers and penalties to be strengthened under the Privacy Act 2020. The petition is informed by Katja’s day-to-day work with organisations that handle sensitive personal information and the recurring gaps she sees between privacy obligations and enforceable cybersecurity practices.
The petition requests that the New Zealand House of Representatives: increase penalties for serious or repeated privacy breaches, strengthen the Office of the Privacy Commissioner’s enforcement powers and improve accountability where organisations fail to protect personal information.
Open for signatures until 28 February – the petition reason states that privacy breaches “can cause serious harm, including identity theft, financial loss, emotional distress, and loss of trust in essential services”.
Katja says, “New Zealanders are being asked to trust organisations with their most sensitive personal information. However, those organisations often fail to protect our information. This petition is about closing the gap between what organisations say they do and what they are required to do to keep people’s data safe.” She believes that heavier fines and enhanced powers for the Office of the Privacy Commissioner are needed to deter poor practices, improve accountability, make penalties proportionate and ensure organisations protect personal information.
Consumer NZ agrees that much stricter penalties are needed to keep New Zealanders’ personal information safe. We have been arguing for this for many years now. If you want to see meaningful fines for businesses that breach the privacy rules, please sign the petition on the parliamentary website.
