Kia ora koutou,

As many countries in the Asia-Pacific region start to normalize, I’d like to focus this introduction on a couple of calls to action for IAPP members in the region.

First, consider publishing with the IAPP. As many of you will be aware, the IAPP provides a number of online channels to publish privacy content. IAPP’s flagship publication, The Privacy Advisor, is where you’ll find in-depth, original reporting on important legal developments, expert analysis of rules and privacy practices, and advice on how best to operate a privacy team. The Privacy Perspectives blog is where you can find opinions and insight from leading privacy thinkers around the globe. Privacy Tracker closely follows legislative developments all over the world and is the one place you can get the guidance and analysis you need on how legislation impacts what you do. And Privacy Tech explores the technology of privacy and data protection.

We need more content from privacy professionals in the Asia-Pacific region — and particularly from our newer members in Australia and New Zealand. This is our opportunity to share our privacy thought leadership, our local legislative and practice developments, and our practical insights with our local colleagues and the wider global community. I would strongly encourage you to consider writing for some or all of the publication channels listed above to start building local content for your community. If you’re interested, contact the IAPP Publications team at publications@iapp.org.  

Second, take a look at the new CIPT program, and think about how this could help you embed privacy in your organization. The IAPP has revamped and updated its CIPT certification and training products. CIPT is designed to serve technologists who may not have “privacy” as their main job but are charged with embedding privacy controls in tech. There are a number of business functions that could benefit from the revamped CIPT, such as systems architects, software designers, data analysts and IT risk managers. Fifty percent of the content is new with new domains in privacy engineering and privacy by design methodology, as well as more UX, UI, and IoT orientation. To support the new program, the IAPP has launched a new textbook, online training and live training.

Finally, the big privacy news to come out of New Zealand this week is progress of our Privacy Bill, which will shortly go through its third (and final) reading in Parliament and is expected to commence 1 Dec. I’ve spoken before about the key changes this bill will bring for privacy regulation in New Zealand and overseas as a result of new extraterritoriality provisions. However, I would like to draw your attention to one change that has received less attention to date. The bill includes express provision for privacy class actions and most recent amendments to the bill have clarified that the Human Rights Review Tribunal can award damages of up to $350,000 to each member of such an action. This means privacy breaches affecting large numbers of people could result in actions that could have a significant financial impact on agencies.

Enjoy this week’s digest, and stay safe and well.

Nga mihi nui.