It seems that in the past few years we have created more data than in the entire history of the human race: 40,000 search queries on Google every second; 300 hours of video uploaded to YouTube every minute; a billion active users hosted by Facebook each day.
With all this activity an increase in data breaches seems inevitable.
At present the Privacy Act regulates how agencies deal with personal information.
The Privacy Commissioner monitors the operation of the act and may conduct investigations. But many criticise the Privacy Act as lacking teeth.
Reform has been recommended. Indeed, the commissioner advocates fines of up to $1 million for a serious breach of personal information.
Other recommendations include:
•Protection against individuals being unexpectedly identified from data purportedly anonymised.
• The introduction of data portability as a consumer right.
• Additional power to require compliance with the act to identify and avoid systemic issues.
• A narrowing of defences available to agencies that obstruct the commissioner.
• Suppression of personal information in public registers where there is a safety risk.
The Law Commission also has recommended overhauling and updating the act. Some of the recommendations found favour with the Government.
In particular it proposed:
•Making notification of privacy breaches mandatory including notification to affected individuals when there is a real risk of harm.
•Providing the commissioner with greater "own motion" investigation powers and increased penalties for non-compliance.
•Empowering the commissioner to issue compliance notices for privacy breaches.
Sadly for Winston Peters, to date changes to the legislation have not been made.
Perhaps with Winston in the role of kingmaker we can expect renewed enthusiasm for privacy reform.
- Graeme Hall is a partner at commercial and public law firm Buddle Findlay.
