The Privacy Commissioner has largely backed proposed changes to the Privacy Act in a 105-page submission to the Law Commission and has called for the creation of a chief privacy officer role in government.
The Law Commission says the rapid expansion of technology in recent times has exposed privacy issues, and it has moved to update the 1993 Act.
Law Commission head Sir Geoffrey Palmer said at a privacy forum in Wellington last month that information sharing had major privacy implications, especially between government agencies.
The act did not fit with the changed public sector environment, in which whole-of-government approaches and integrated service delivery were increasingly important, he said.
"We have reached the tentative conclusion that the act needs to be changed to better facilitate appropriate information-sharing amongst government agencies."
It could mean treating the public sector as a single entity so that there was "a rebuttable presumption that personal information held by one public sector agency can be shared with other public sector agencies if such sharing is for the benefit of the individual concerned".
Sir Geoffrey said both public and private sector agencies were currently under no legal obligation to notify individuals or the Privacy Commissioner when an individual's personal information was compromised -- for example lost or obtained by computer hackers.
Privacy Commissioner Marie Shroff said the Privacy Act was fundamentally sound, but she supported many of the proposed changes. "We have particularly urged reform where the Act is not effective in protecting privacy."
She suggested a chief privacy officer role be created in government to provide "leadership, expertise and help create a culture of respect for privacy across government", and putting a mandatory privacy breach notification rule in place where appropriate.
There was also scope to enhance the role of privacy officers in large agencies.
Creation of "anonymity", "openness" and "accountability" principles, in line with other international data protection statutes was also suggested.
"These would empower individuals, particularly in the digital environment where information crosses national boundaries all the time."
Ms Shroff said when it came to the continual transfer of information in and out of jurisdiction, which has come with the electronic age, the Act was generally silent in response to the resultant risks. "It is time to tackle the issue. OPC (Office of the Privacy Commissioner) supports an accountability principle as a measured response."
She said OPC also endorsed proposals for a national do-not-call telemarketing list, something that would enable individuals for the first time to opt out of commercial telemarketing with a single registration. "This will be welcomed by many New Zealanders."
There is currently only a voluntary scheme confined to Marketing Association members.
The commission is due to publish its final report on the Privacy Act late in the year.