Kia ora koutou,

Following Stephen Bolinger’s intro last week, it’s exciting to see such a strong level of engagement from our Australia and NZ members in the IAPP ANZ Summit Online content. While it cannot replace an in-person event, it provided us with a good injection of privacy, self-indulgence and some virtual collegiality. One benefit of this virtual summit has been its reach, with participation in both live and prerecorded events vastly outstripping traditional in-person events, both in terms of numbers and geographical representation. In addition to the joy of bringing so many privacy professionals together, this has given our speakers — and their ideas — far greater exposure.

Last week I had the immense pleasure of conducting what one colleague described as an “exit interview” for NZ Privacy Commissioner John Edwards. This was an important opportunity to both honor the significant impact of Commissioner Edwards’ tenure and let him reflect on his time in office, which he did with honesty and humility. IAPP Staff Writer Jennifer Bryant did a great job reporting on the key points of the discussion, which saves me the job of summarizing the event here. However, a couple of things stood out for me in particular.

It was refreshing to hear a candid account of the commissioner’s transition from barrister to CEO. Having worked independently for more than two decades, Commissioner Edwards was open about the challenges he faced by joining and leading an established team. He accepted he initially underestimated the manner and place of the office in the institutional landscape and that he had benefited from this as much, if not more than the office had benefited from his leadership. I suspect this sentiment will be well-received by the staff of the U.K. Information Commissioner’s Office, who will no doubt be wondering how he will approach his new role.

It was also reassuring to hear the commissioner’s views on how government attitudes to privacy have evolved since he began in the role. Amid the distractions of privacy breaches, privacy law reform, political change and pandemics, it is helpful to reflect on the fact that all the while, government (and, I would suggest, corporate) attitudes to privacy have been maturing. Often we are so caught up in the day-to-day that we forget to take stock. While we undoubtedly have some way to go in NZ, a look back on the public sector privacy initiatives that have taken place in the last seven years — efforts to build social license, the development of data stewardship roles and processes for government, the growing influence of the government chief privacy officer, and collaboration on the safe use of algorithms and AI — reveals a major shift in thinking, centered on respecting the social contract and the place of trust in the privacy framework. I would suggest Commissioner Edwards played a critical role in this shift.

In the end, I think the commissioner displayed all the traits during the interview that I believe made him a great regulator. He was outspoken, approachable, reasonable and, in some moments, inspirational. As I said on the day, John has been a leader for privacy communities in NZ and beyond, setting a benchmark for effective privacy enforcement. NZ’s privacy community is losing a true figurehead for privacy, but he will have an even greater platform for good in the U.K. and will continue to make a difference. Thank you, John — haere tū atu, hoki tū mai (go well and return in good health).

For the rest of us, though, it is business as usual here in the APAC region, and there’s plenty to get your teeth into in this week’s digest. Enjoy the read, and stay safe and well.

Ngā mihi,