Vikram Kumar is chief executive of InternetNZ, a non-profit organisation that advocates on behalf of New Zealand users and, though its subsidiaries, administers NZ web addresses.
The Law Commission is expected to deliver the final report on its review of the Privacy Act next month. I hope it includes a recommendation that it is compulsory for people to be informed when their personal information is lost, stolen or inappropriately accessed.
This isn’t a kneejerk reaction to the latest headlines, such as Sony’s PlayStation Network hack. I had blogged about it back in 2007. Many others have also called for making notification mandatory, including the Privacy Commissioner herself and NZICT chief executive Brett O’Riley.
1. Principle 5 of the Privacy Act requires an “agency” (anyone who holds our personal information, including government and businesses) to ensure “that the information is protected, by such security safeguards as it is reasonable in the circumstances to take...” The problem is what’s “reasonable” is up to the agency.
The Law Commission paper referred to above lays out all the standard reasons why notifications should be mandatory. These include reduction of identity crime; reducing other harm; the “right to know”; and policy development.
In another blog post in 2007, I had pointed to a US study and concluded that “there is some evidence that identity fraud or theft that actually comes from breaches involving the disclosure of personal identity information is quite low.”
We continue to remain in favour of making notifications mandatory. As we said in our submission on the Issues Paper last year, we think that this should be in two steps:
This article is tagged with the following keywords. Find out more about MyNBR Tags
Most listened to
- How did Sealegs make a profit? David McKee Wright explains
- ‘Organisations that don’t put effort into employee engagement will be the companies of yesterday’ – Kronos' managing director Peter Harte
- In Editor’s Insight, Nevil Gibson says a New Zealander is helping to unlock the potential of Africa’s cities
- Abano CEO Richard Keys on the sped up timetable for selling the audiology stake
- Without cyber rules, business may struggle to fight back warns FireEye chief security strategist Richard Bejtlich