The Privacy Commissioner says human error in sending information to the wrong person continues to cause most of the breaches that agencies report to his office.
John Edwards has released the Office’s annual report for the year ending 30 June 2018.
The Office says it receives voluntary breach notifications from a variety of public and private sector agencies. “We encourage this because we can guide agencies on how they should respond to breaches, and how they can stop them from happening again.”
“Breaches that agencies report can help us identify common privacy issues and risks. We also use the lessons learned from these breaches to educate agencies about good information handling practices. This year agencies reported 168 breaches to us,” the report says.
“Ninety-one of those notifications were from public agencies and the other 77 were from private agencies. Because breach reporting is voluntary, there is no way of knowing what proportion of all the breaches that occur are reported to our office.”
The Office says the report covers a dramatic year as privacy laws internationally changed and high-profile data breaches were in the media spotlight.
A major focus was the introduction of New Zealand’s updated Privacy Bill to Parliament.
“This has been a unique opportunity to safeguard the rights of New Zealanders and modernise our privacy legislation,” says Mr Edwards.
“At the same time, we’ve continued to improve our everyday operations and work towards our overall goal of making privacy easy.”
The report notes that during the year, the Office answered 9,147 enquiries, well above its expectation of 7,500. As a consequence, it introduced a call centre service, live chat, and other changes to improve the enquiries function.
Agencies reported 168 breaches to the security of personal information this year.