Shroff shifts towards mandated disclosure

Privacy Commissioner says there's a 'good case' for legislation

Privacy Commissioner Marie Shroff is edging towards supporting a mandatory data-breach disclosure regime for government agencies now that voluntary guidelines have been finalised.

Shroff says that some people thought because she was promoting voluntary guidelines she did not support a change in the law to require organisations to notify affected individuals.

“However, I believe that there is a good case to require agencies by law to notify customers where a security breach puts those customers at risk,” she says.

Shroff says the voluntary guidelines are not inconsistent with such a move and will provide useful experience of disclosure.

“Both the Australian and Canadian Privacy Commissioners have called upon their governments to enact breach notification laws,” Shroff says. “The Australian Law Reform Commission has studied the question and proposed that this be done in Australia. I believe there is now enough experience to suggest that breach notification laws are a useful adjunct to comprehensive information privacy law.

“I encourage the Law Commission in its current privacy review to give special consideration to the usefulness and possible approach of a New Zealand breach notification law.”

Join the newsletter!

Error: Please check your email address.

Tags privacy commissionerSecurity IDdata breach disclosure

Show Comments
[]