Kia Ora, and Happy Privacy Week!

I’ve introduced the Asia Pacific Digest before, as a board director of iappANZ. It’s a real privilege to return as IAPP’s country leader for New Zealand. Over the coming months, I’ll be working alongside my colleague Stephen Bolinger, country leader of Australia, to help IAPP deliver its global support and resources to the ANZ privacy profession. I’m very excited about this opportunity and will do my best to support our strong local privacy community and encourage greater collaboration with our colleagues across the Asia-Pacific region.

As a newly appointed IAPP leader, I thought I’d quickly (re)introduce myself. I started my privacy career working with the NZ privacy commissioner, ultimately managing the commissioner’s Auckland Investigations Team. After seven great years with the regulator, I joined one of NZ’s largest life insurers and built and headed its privacy team. Since 2016, I’ve been a director of privacy consultancy at Simply Privacy. This has given me great insight into the way privacy and the profession are evolving and maturing in NZ. Through all this, I’ve been an active member of the IAPP and really believe in the value this global organization can deliver to us all as we grapple with global privacy change. 

Privacy Week is in full swing in NZ, with events, meetings and initiatives taking place throughout the country. Our IAPP KnowledgeNet chairs have been busy, and we hosted a social KnoweldgeNet gathering in Wellington 13 May and an educational KnowledgeNet meeting in Auckland 14 May. Our Auckland event focused on data ethics, and we heard great thoughts and insights from Assistant Privacy Commissioner Jon Duffy, EY Digital Law Leader Frith Tweedie and Spark Lead Digital Trust Partner Sarah Auva’a. The panel was in agreement that there’s more to privacy than determining what can be done with data; we all have a responsibility to ensure that data uses are the right thing to do. I think ethics will play an increasing role in privacy practice in coming years. 

Privacy professionals in NZ are also watching the reform of our Privacy Act with great interest. In March 2019, a government select committee released its report on the Privacy Bill that will move our law a little closer to international best practice. While there is agreement that the reform does not go far enough to safeguard NZ’s EU Adequacy status, it does introduce some changes that will impact on the work of IAPP members as they help their employers or clients prepare. Not least of these is the long-awaited mandatory privacy breach notification regime, and we’re following the experiences and lessons of our Australian neighbors carefully on this issue. The Australian Office of the Information Commissioner’s quarterly data breach report has revealed for example that a staggering 10 million people had their personal information compromised in a single breach. 

Another major change to our Privacy Act will be an extraterritorial effect. Our law will soon apply to any overseas agency that is carrying on business in NZ, allowing — at least, in theory — our privacy regulator to take action against overseas agencies that might misuse or fail to protect personal information about NZers. This might come in handy for kiwi users of WhatsApp, in view of the revelation this week that spyware had been developed that could install surveillance software on a device simply by making a call to the app. 

Enjoy the digest and the remainder of Privacy Week. I suspect this weekend will be a welcome relief for many exhausted readers.