We have to lift our game on privacy: InternetNZ

New Zealanders’ privacy is increasingly threatened by breaches online, warns InternetNZ.

With people sharing personal information in more places, it’s more important than ever that our 25-year-old privacy law gets the attention it needs as part of the update for the Internet era, says InternetNZ chief executive Jordan Carter.

“Recent data breaches show that New Zealand has to lift its game on privacy protection,” says Carter.

“There’s currently no law requiring companies like Z Energy, Vector, or LinkedIn to tell New Zealanders if their data has been leaked.

Carter says the Justice Select Committee needs to take this opportunity to make the Privacy Bill fit for 2018 and beyond.

This means working with the suggestions submitters have made, and consulting on new ideas that people have raised, he adds.

“A modern privacy law is too urgent to delay, but also too important to risk getting wrong. This Bill has waited five years to get to Select Committee. Taking the time to test new changes is the right thing to do now, to pass this Bill and make it fit for purpose.”

“No one who works in the privacy space believes the current privacy law in New Zealand is good for 2018,” says Ellen Strickland InternetNZ policy director.

No caption

Has your data been included in a breach? There’s no way to tell Jordan Carter, InternetNZ

“We urgently need an up-to-date privacy law that is fit for purpose in the Internet age.

“We think it’s great to see so many businesses, organisations and individual New Zealanders engaging to support privacy protections that work in the 21st Century and there are some good ideas in those submissions that deserve to be looked at,” says Strickland.

InternetNZ is calling for the following changes to the current Privacy Bill:

· An urgent review of EU adequacy under GDPR, which came into effect in May. InternetNZ says New Zealand needs to retain its stamp of approval from the EU. Without this, every individual New Zealand company who trades with Europe would have to do their own compliance with EU law and that would be a big burden.

· Align breach notifications. The Bill currently requires companies whose data is breached to notify people to let them know they’re effected. “We support breach notification but are calling for an approach which follows overseas best practice in line with Australia, Canada and the European Union. This will make it easier for New Zealand businesses who work globally. We don’t want to drown people in notifications but we want them to be meaningful,” says InternetNZ

Carter says the committee has received more than 165 submissions from a range of organisations such as Bell Gully, Trade Me and Xero.

“This isn’t some niche nerd thing, this is something every New Zealander cares about. The Privacy Bill affects every organisation that serves us – from your daycare centre to your accounting software and your supermarket loyalty card.

“Has your data been included in a breach? There’s no way to tell. My data could have been breached, your data could have been breached. With no law requiring organisations to report these breaches we have no way of knowing and taking steps to protect ourselves,” says Carter.

No caption

Meanwhile, a Consumer NZ survey finds seven out of 10 consumers have been on the receiving end of unwanted phone calls from companies selling everything from pay TV to vacuum cleaners in the past year.

An unlucky 30 percent are getting nuisance calls at least once every fortnight. More than half of consumers also said they were phoned by a charity asking for a donation.

Consumer NZ chief executive SueChetwinsays consumers’ options for stemming the flow of unwanted calls are limited.

Across the Tasman, the government stepped in and set up an official Do Not Call register. It’s illegal for any company to call a number listed on this roll. In May 2018, a double-glazing company was fined A$25,200 for calling numbers on the register.

Consumer NZ wants a similar register established here.

“While there are the industry-run ‘Do Not Call’ and ‘Do Not Mail’ registers, our findings show these schemes are falling well short of the mark,” says Chetwin.

“The schemes are voluntary and only some companies use the registers so there’s nothing stopping others from hounding you. They also won’t stop scammers.”