Aug 262014
 August 26, 2014  Breaches, Non-U.S.

From the Office of the Privacy Commissioner of New Zealand:

We think it is time to ‘name names’ where it is warranted. Our view is that in certain circumstances, the Privacy Act is better served by revealing the organisations that have breached the law.

Up to now, we’ve rarely publicly named organisations. It was done on an ad hoc basis and by adopting this new policy, the Privacy Commissioner can ensure that a more consistent approach is taken.

We feel that naming an agency in certain circumstances is a reasonable step and as a responsible regulator, we would like to give people the opportunity to give us their feedback. Before adopting this new policy, we are asking for suggestions on how it could be improved.

Naming may encourage compliant behaviour by a named agency, and also by other agencies concerned about the risk to their own reputation. Revealing the identity of an agency may warn the public and other agencies about the practices of the named agency that is breaching the law.

This new policy will enable the Privacy Commissioner to be a more effective regulator, especially in cases where an agency’s non-compliance affects the wider public.

The proposed policy examines the question of naming in detail, including the considerations that make naming more or less likely, how and when an agency might be named, and what the Privacy Act says about the Privacy Commissioner making public statements.

Our discussion document provides a background to the new policy along with a ‘question and answer’ section to help people who may wish to make a submission. The information can be found here. Submissions may be made by 30 September by email to[email protected].

Sorry, the comment form is closed at this time.