Several major public sector data breaches have led to the
Privacy Commissioner labelling 2012 "the year of the data
Among the biggest breaches noted in commissioner Marie
Shroff's annual report, released today, were the ACC
spreadsheet breach in March and MSD kiosk breach in October,
contributing to a loss of public trust.
The incidents highlighted the "urgent need for far better
security and respect by government agencies for New
Zealanders' personal information", said Ms Shroff.
"The public sector can't afford to be complacent. It's quite
clear that agencies holding large amounts of personal
information need to place greater value on that information
Agencies needed to develop strong leadership and a culture of
respect for privacy, as well as practices to protect personal
information: "There has been far too little focus on the fact
that there are real people behind the masses of information
that government agencies hold", she said.
And Kiwis agree.
Privacy complaints have soared as the public loses trust in
A recent TV One Colmar Brunton poll showed 60 per cent of New
Zealanders don't trust government departments to protect
their personal details.
In a commission survey this year, general concern about
privacy was found to have "risen sharply" in the last decade,
up to 67 per cent from 47 per cent in 2001.
Of the respondents, 88 per cent said they wanted businesses
punished if they misused personal information.
Last year, ACC mistakenly emailed a spreadsheet containing
details of about 6748 clients to former National Party
insider Bronwyn Pullar.
The breach sparked a flood of 173 further complaints about
the Government department this year.
Notification of data breaches is not required by law, but the
Law Commission recently recommended it should be made
compulsory where breaches put people at risk.
"That would bring New Zealand law into line with practice
overseas," said Ms Shroff.
The commissioner supported a Privacy Act update that would
require compulsory reporting of data breaches.
She also pointed to an amendment of the Credit Reporting Code
that came into effect in April, allowing more comprehensive
Under the new system, lenders will upload information
monthly, showing whether or not individuals have met their
monthly credit repayments.
As a result, much larger collections of detailed and
sensitive financial information on New Zealanders will be
collected, so additional measures have been introduced to
ensure protection to individuals.