We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Privacy Commissioner labels 2012 the year of the data breach

Care for personal info like other assets, privacy commissioner Marie Shroff

A clutch of serious events, particularly to do with unintentional release of government-held information, have led privacy commissioner Marie Shroff to label 2012 "the year of the data breach", in her annual report released yesterday.

The report singles out the ACC's unintentional release of data on more than 6500 clients in March and the more recent leakage in the Ministry of Social Development's kiosks.

In private industry, the customer can always react to a provider's inadequate privacy practices by moving their business to a competitor, but with government this is not possible, the commissioner points out. This has led to calls for formal powers and sanctions against such breaches.

"It is clear that people believe regulators should have -- and use -- the ability to call agencies to heel," Shroff says. "For instance in our public opinion survey earlier this year, 97 percent of respondents said that the privacy commissioner should have the power to order an agency to comply with the law, and 88 percent said they wanted businesses punished if they misuse people's personal information."

Personal information is increasingly recognised as an "asset class" in a business, says Shroff in the annual report, and its proper handling is of importance to the economy, particularly where cross-border movement of data is concerned.

"For instance, the World Economic Forum refers to the evidence of an emerging asset class of personal data, but also goes on to note the lack of rules, norms and frameworks that, by contrast, exist for other types of assets," Shroff says.

"We may have the valued goods in the form of personal data -- and the means of distribution through online networks -- but we have sometimes lacked cross-border enforcement mechanisms and regulatory solutions for when things go wrong."

Amendments to the Privacy Act to offer better cross-border protection were put in place in 2010, and the commissioner records that European Union authorities are as a result in the final stages of declaring New Zealand privacy legislation "adequate" for participation in trade with Europe. The adequacy finding is expected before the end of the year.

Privacy risk management should be recognised as a responsibility for the whole of the company, Shroff says.

The report flags cloud computing as an area of progress and the commissioner favourably mentions the Cloud Computing Code of Practice developed under the guidance of the Institute of IT Professionals.

The commissioner's office has been working on a guide for cloud computing targeted at SMEs and expect to be able to make this freely available online shortly.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model