Kia ora koutou,
Every two years, the Office of the Privacy Commissioner conducts a snapshot survey of New Zealanders’ attitudes to privacy, testing their concern levels, trust in those processing their data and awareness of privacy rights. The results of the survey are particularly interesting this year, as they appear to indicate a shift in New Zealander attitudes to privacy which, the OPC comments, may be influenced by the impact the COVID-19 pandemic has had on the way we live. Off the back of this year’s survey, the OPC published an insights report, "Privacy Awareness and Engagement in Aotearoa New Zealand." Here’s a snapshot of some of the OPC’s key insights.
- Privacy concerns depend on the situation. The OPC observed that people have become less concerned about the security of their information on the internet and wondered whether sharing personal information online has become so ubiquitous that people no longer feel they have a choice. That said, ongoing media coverage of cybersecurity issues appears to have prompted concern by New Zealanders about dealing with agencies that have failed to protect their data, with six in 10 people saying they would change service providers if hearing their current provider had poor privacy practice. This certainly supports recent reflections during Privacy Week that privacy is the foundation of trust.
- People’s awareness of privacy rights is still limited. This year’s survey showed New Zealanders remain somewhat immature in their awareness of fundamental privacy rights. Only half of those surveyed knew they had the right to request their personal information, and only one in 10 people ever made such a request. The OPC also noted that agency awareness of subject access rights appears to remain similarly low, with a staggering 80% of complaints to the OPC relating to data subject access issues. These are surprising insights, given that we’ve had a Privacy Act for nearly 30 years, and privacy has been a recurring theme in the media during the COVID-19 pandemic.
- Most privacy breaches are avoidable. The OPC noted that, after an initial rise in breach notifications following the commencement of the new Privacy Act, the total has dropped. The OPC stated it is too soon to discern whether this drop is due to improvements in privacy practice or a growing failure to report privacy breaches as the new notification regime is no longer front of mind. Human error remains the most significant cause of privacy breaches, with email error remaining a standout issue.
Interestingly, the OPC’s experience of reducing privacy breach reporting aligns with a 41% decrease in cybersecurity incidents being reported to Computer Emergency Response Team NZ. In its Q1 2022 Quarterly Report, CERT NZ reported 2,333 cybersecurity incidents were responded to in Q1 2022, compared to 3,977 incidents in Q4 2021. Other insights shared by CERT NZ include attackers continue to use phishing as a stepping stone to other types of attack, and attackers are also targeting the increasing popularity of non-fungible tokens to carry out scams. It was also reported there has been a 95% decrease in malware reports from Q4 2021 and a 31% increase in ransomware reports.
Once you’ve processed all these useful insights, be sure to register for our next NZ KnowledgeNet event 22 June, when we pull together a panel of experts to discuss the role of data ethics in organizations. BNZ Privacy and Data Ethics Head Rachel O'Brien, CIPM, Foodstuffs Data and Analytics Head Mazen Kassis, CIPM, and Xero Global Privacy General Manager Claire Knight, CIPP/E, will explore what data ethics are, why they are important, how organizations are managing ethical issues, and the state of data ethics maturity in NZ. This event will be in-person in Auckland and virtual for those in other parts of NZ or the APAC region.
I really hope to see some of you at the event later this month but, in the meantime, stay safe, be kind and enjoy the digest.
Ngā mihi.