Kia ora koutou,
It's Wiki Tūmataiti (Privacy Week) here in New Zealand. We've taken the baton from our friends in Australia (we're fashionably late, some might say), and our privacy community is showing great engagement with events and activities across the country. In addition to more light-hearted celebrations — such as Simply Privacy's Annual Privacy Week Tiny Film Festival (which this year involved a screening of the 2005 German film "The Lives of Others") — we've seen a variety of excellent events hosted by the Office of the NZ Privacy Commissioner, IAPP and others.
Our week’s events opened Monday with two sessions in Wellington and Auckland exploring agency experiences of the new privacy breach notification requirements. INFO by Design hosted a panel discussion with Assistant Privacy Commissioner Liz MacPherson, along with privacy leads from Kiwibank and the Earthquake Commission and Tim Stead from Securiti, to explore the ways technology could support more effective breach management. A Privacy Live session, entitled "The Privacy Act 2020 six months on," saw the privacy commissioner quizzing a panel of privacy professionals, including Air NZ Chief Privacy Officer Sarah Thompson, Lowndes Jordan Partner Rick Shera and Spark Lead Digital Trust Partner Sarah Auva’a, about how they made privacy a priority. The session was candid and revealing, with panelists sharing their honest experiences of managing our new mandatory privacy breach notification regime. While concerns continued about NZ's vague notification threshold, panelists agreed that our more flexible notification timeframe ("as soon as practicable") avoided the risk of providing affected individuals with scant or inaccurate notifications that could do more harm than good, allowing organizations to fully establish what had occurred and the harm it might cause. The IAPP also hosted the privacy commissioner at a Wellington KnowledgeNet 13 May to hear more about how the new act was bedding in.
The privacy commissioner made two other noteworthy announcements this week. First, the commissioner reported his office received a 97% increase in privacy breach notifications in the four months since the new Privacy Act came into force. Referring to a stocktake of privacy breach reporting released this week, the commissioner noted more than half of the breaches reported involved emotional harm and a third involved an increased risk of identity theft. Something that has received less media attention is the commissioner's announcement that his office signed a Memorandum of Understanding with the U.K. Information Commissioner's Office to foster international collaboration in privacy enforcement. In light of recent global calls for the convergence of privacy laws and regulatory approaches, this is an important step toward a stronger and more cohesive approach to enforcing privacy compliance regarding global technology corporations.
Thanks to our travel bubble with Australia (which has come close to bursting a couple of times recently but so far remains intact), it's looking increasingly likely that, at the very least, NZ and Australian privacy pros will be able to come together at the IAPP ANZ Summit in November. Time is running out to submit a proposal to speak at the Summit (the call for proposals closes 13 June). However, now is the time to start planning for the trip. Bubble-permitting, this will be an epic opportunity to reconnect with friends and colleagues in the region.
Speaking of bubbles, as you read this introduction, I will be in attendance at the Privacy Commissioner's Privacy Forum 2021 in Wellington, alongside IAPP Australia Country Leader Stephen Bolinger, who has taken advantage of the bubble to join us from Melbourne. Besides providing me with the opportunity to reconnect with a great colleague, the forum will reflect on privacy issues raised by the COVID-19 pandemic and discuss the initial findings of the privacy commissioner's inquiry into the rental sector. We'll report back on the forum in a later digest intro. In the meantime, enjoy the digest, and don't forget to "make privacy a priority."
Ngā mihi nui,