Collins signals Privacy Act overhaul

Justice Minister Judith Collins today announced the Government will repeal and re-enact the Privacy Act 1993 following its review by the Law Commission.

Changes will likely include mandatory reporting of lost or stolen data, such as the recent ACC privacy breach.

The Commission’s recent report Review of the Privacy Act 1993 made over 100 recommendations for reform and the Government will consider those recommendations as part of its wider reform of privacy.

Intellectual Property expert Rick Shera told NBR, "Our privacy expectations are more nuanced now with the prevalence of social media.

"The changes proposed recognize that by giving the Privacy Commissioner a greater range of remedial powers and by adding a new crime for serious disclosure of personal information arising out of a domestic situation. The addition of new rules around impersonation online is also long overdue."

First overhaul since internet
“Our current privacy law has been in place for almost 20 years and predates the creation of the internet. Huge changes to technology and information flows have occurred during that time and they have overtaken our privacy laws,” Ms Collins said.

Personal information is private and should not be divulged unnecessarily. However, people now expect more information to be available more quickly and, as social media has shown, are more likely to share what used to be considered ‘private information’.

“The foundations of the Act are sound, but it needs to be updated to reflect our changing attitudes and the way people, business and government use information in the 21st century,” Ms Collins said.

“We have already acted to address the immediate need for better information sharing for public service delivery through the Privacy (Information Sharing) Bill which is expected to be passed later this year.

Further announcements regarding specific policy proposals will be made later this year. 

Privacy Commissioner Marie Shroff said she supports the key recommendations made by the Law Commission. These include:

• Privacy breach notification - to help people to protect themselves if their information ends up in the wrong hands and to make agencies accountable to their customers
• Giving the Privacy Commissioner the ability to audit agencies, so she can see what's gone wrong and how to fix it
• Getting problems fixed quickly, by enabling the Commissioner to require agencies to comply with the law (for example, strengthening security safeguards, issuing take-down notices, or ordering an agency to give people access to information about themselves)
• More effective complaints procedures - for example by making it easier for the Commissioner to deal with class action complaints about systemic problems
• Closing off highly offensive and damaging internet postings, such as intimate photographs taken of former partners
• A statutory "Do Not Call" register, so people can stop unwanted telemarketing calls
• Additional protections for victims of crime and harassment