This year will mark the 25th anniversary of the Privacy Act — it was passed by Parliament on 5 May 1993 — but a push begun in 2011 to update the legislation remains a work in progress, according to the Privacy Commissioner.
Meanwhile in Australia a new data protection act comes into effect this week, 22 February and in Europe the General Data Protection Regulation (GDPR) will take effect in May this year.
NZ Privacy Commissioner John Edwards said the Privacy Act was a tribute to the lawmakers of the time because it has withstood substantial challenges.
"The Privacy Act is a technology-neutral piece of legislation with a principle-based approach that has made it resilient in the face of technological changes,” he said.
“This approach has meant that it is not obsolete even 25 years later."
However, he said the current law was not as strong as it could be. “Other OECD countries have been modernising their privacy and data protection laws, including Britain, Canada, Singapore and Australia. One of the reasons other countries are updating their privacy laws is because of how interconnected the world is now,” Edwards said.
“The speed and quantity of data that multinational companies shift around the world is a new development since 1993. New Zealanders are sending their personal information overseas multiple times a day by using Google, Facebook or Netflix. It’s important that our privacy laws are up-to-date and modern to accommodate escalating data flows and new technologies."
Edwards said a new Privacy Bill, recommended by the New Zealand Law Commission in 2011, and committed to by the Government in 2014, remained a work in progress.
“The Ministry of Justice continues to regard privacy law reform as a priority and is currently preparing the draft legislation,” he said.
“The reform proposals to the Privacy Act include stronger powers for the Privacy Commissioner, mandatory reporting of privacy breaches, new offences and increased fines. In particular, the reforms aim to encourage private and public sector agencies to identify risks and prevent incidents that could cause harm.”
A Ministry of Justice website post dated 27 November 2017 states:
“We're progressing reforms to New Zealand’s privacy laws to protect people’s personal information, and help ensure businesses and organisations that hold such data safeguard and handle it appropriately.
“The reform proposals include stronger powers for the Privacy Commissioner, mandatory reporting of privacy breaches, new offences and increased fines.
“In particular, the reforms aim to encourage private and public sector agencies to identify risks and prevent incidents that could cause harm.”