The Government is creating a new role of Government chief privacy officer (GCPO), which it says will provide a stronger focus on privacy and security across government.
“It is important that New Zealanders have confidence in government agencies to do all they can to ensure personal information is kept safe,” says State Services Minister Jonathan Coleman.
“The Department of Internal Affairs is being realigned to strengthen privacy and security across the public service. The creation of a Government chief privacy officer gives additional support to the Government chief information officer (GCIO) to set standards and provide leadership and assurance that privacy is managed appropriately.”
The GCIO is leading a two-year programme to ensure New Zealanders have trust and confidence that their information is secure by improving information privacy and security practices in government.
“Agencies are reporting regularly to the GCIO, Colin MacDonald, on their growing capability and their plans to improve,” says Internal Affairs Minister Chris Tremain.
“98 per cent of agencies now have accountability for privacy and security at senior executive level, compared to 21 per cent a year ago. While significant progress has been made, on-going work is required to ensure improvement is system-wide and sustained.”
The newly created GCPO position follows the decision to transfer the Ministry of Civil Defence and Emergency Management (MCDEM) to the Department of the Prime Minister and Cabinet (DPMC).
The GCPO role will lead an all-of-government approach to privacy and will be responsible for providing leadership, assurance and advice on privacy issues, support to agencies to meet their privacy responsibilities, and co-ordinated engagement with the Privacy Commissioner. Internal Affairs will work closely with the Privacy Commissioner to develop the new function.
Responding to the announcement, Paul Matthews CEO of IITP (Institute of IT Professionals) said in a blog post that while the news was welcome, there was yet a long way to go.
"IITP would like to see the creation of a one-stop central 'hotline' where breaches can be reported and guidelines established on how government should handle breaches and notifications. In addition, there should be guidelines for members of the public on how they can go about reporting breaches.
"Finally, we also recommend that a bug bounty programme be established which pays a small reward for vulnerabilities found and can provide what many hackers really want: recognition," he writes in his post.
Matthews also states that IITP would be happy to discuss these ideas with the GCPO when the role is filled.