Kia ora koutou.
Earlier this month, New Zealand's Police Commissioner Andrew Coster published an opinion piece in the NZ Herald sharing his frustration about criticism of the police's intelligence-gathering practices. Coster was concerned the police had been criticized for failing to undertake routine intelligence collection and for undertaking routine intelligence collection, in the same news cycle. His comments reflect increasing tension in New Zealand (and worldwide) between public expectations to be protected from harm and enjoy freedom from privacy intrusion. Coster questioned what trade-offs the community was prepared to make in the interests of safety.
These were fair and reasonable questions for the police commissioner to ask as part of a timely national conversation about the balance between privacy and security. Privacy is not — and should not be — absolute. However, he came under fire for his comments, which were described as a disingenuous attempt to deflect recent criticism about the photographing of innocent young Māori by police. A key point of contention for some was his comparison between those events and the police’s inability to detect threats from white supremacists, with a leading criminologist commenting that "[t]here is a reasonable expectation of privacy — a reasonable expectation from parents that their children won't be approached and photographed by strangers — that people posting about organising killings on the internet do not have."
The NZ privacy commissioner will officially weigh in on this conversation, having launched a joint inquiry with the Independent Police Conduct Authority into the police's photographing of innocent young Māori. Terms of reference for the inquiry include why the police decided to collect these photographs, whether the police's actions complied with the Privacy Act 2020 and other relevant laws, and, importantly, how the police ought to manage the collection of personal information in these circumstances. Fortunately, the privacy commissioner does not shy away from difficult conversations, and I have faith this inquiry will result in some fearlessly direct but pragmatic and balanced recommendations. A report is expected in September.
Speaking of important conversations, despite ongoing COVID-19 restrictions, IAPP is optimistically pressing on with plans for privacy events in 2021. A call for proposals for the IAPP Asia Privacy Forum closes 18 April. A call for proposals for the IAPP ANZ Summit is also now out, and I would encourage colleagues in the region to make submissions to participate in what could be one of the first and only in-person events in 2021. The IAPP intends at this point to hold the ANZ Summit in Sydney 9 to 10 Nov. I for one am eagerly anticipating this great event. On 25 March, our Auckland KnowledgeNet chapter will host its first in-person event for 2021. Join us at the event or online to hear Incident Response Solutions Director Campbell McKenzie's not-very-technical update on the cybersecurity threat landscape.
Finally, IAPP certification classes in NZ continue to fill — check out the IAPP Store for upcoming CIPM and CIPT training courses in Wellington. This shows a growing national interest from privacy professionals in broadening their skills and credentials. We would be interested in understanding more about the demand for IAPP certification training in centers other than Wellington or Auckland, particularly whether our South Island members would take up opportunities for local offerings in Christchurch. If you have any views on this, please let me know by email.
Enjoy the digest, and stay safe and well.
Ngā mihi nui,