Privacy Commissioner ponders higher penalties
Breaches of privacy could become much more costly in future.
Tuesday, December 13th 2022, 7:33AM
by Eric Frykberg
The Office of the Privacy Commission (OPC) is mulling over the idea of making breaches of privacy more costly than they are now.
Australia recently raised its penalties for breaches of privacy to a maximum fine of A$50 million, up from A$2.2 million.
This took place in a mood of popular anger after hackers seized data from almost 10 million customers of the telco Optus and other hackers took health records from Medibank.
In New Zealand, the maximum penalty for a breach of the law is a $10,000 fine. In addition, the OPC will sometimes help negotiate a settlement between two disputing parties that can determine a monetary payment which is commonly $20,000 or $30,000.
The Privacy Commissioner Michael Webster says he is not unhappy with the way his office currently works.
Apart from negotiating settlements, the office has a range of actions, ranging from giving advice and help to businesses, to issuing compliance notices, such as the one issued against the Reserve Bank last year.
But Webster says there might be a need for something more,
“I am certainly very interested in looking at the role that a financial penalty regime consistent with New Zealand consumer law could have, in terms of punishing people for poor management of people's personal data,” he said.
“These regimes exist in many other jurisdictions.”
Webster said a lot of debate would be needed with affected state agencies before anything actually happened, but it was worth looking at.
He added it was too early to talk about the size of any penalties that might apply.
However, Webster's predecessor John Edwards proposed a maximum fine of $1 million four years ago, but that was knocked back.
Any new penalties could be applied against advisers and financial institutions which gather personal information about people in order to borrow or lend money.
But Webster made clear penalties could apply for negligent as well as deliberate breaches.
For example, if a hacker got into a company's financial records and it was later shown that cyber protection was not up to scratch, then action could be taken against the company involved.
« The rise of the digital investor | Tough times ahead for NZ economy: Nikko economist » |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
Printable version | Email to a friend |