Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Privacy commissioners seek greater power as breaches increase

Regulators lack "clear mandate," said New Zealand privacy commissioner Maria Shroff

Privacy commissioners of Australia and New Zealand said they need more enforcement authority to combat data breaches and other privacy concerns.

Regulators “have to be responsive” to increasing privacy incidents, New Zealand privacy commissioner Maria Shroff said in a speech this morning at the International Association of Privacy Professionals (IAPP) Privacy Summit. If breaches continue to occur, “people will lose trust.”

The Office of the Australian Information Commissioner (OAIC) received 1357 privacy complaints in the 2011-2012 fiscal year, Australian Privacy Commissioner Timothy Pilgrim told the Privacy Summit in a separate speech.

The privacy office received 285 media requests about privacy, 28 per cent more than in the previous year, he said. The office received 46 data breach notifications and initiated 37 own motion investigations.

The Office of the Privacy Commissioner in New Zealand fielded many questions after news came out that the Accident Compensation Corporation had inadvertently emailed 6748 NZ clients’ details, Shroff said. The 28-person office received 8,500 public enquiries and 295 media requests this past fiscal year, she said.

“Clearly, people are actively looking to exercise their privacy rights, and privacy concerns remain at the forefront of people’s minds despite the global take up of online services seeking users’ personal information," said Pilgrim.

There is an “increasing awareness and concern about privacy,” Shroff agreed. “The public is now expecting accountability” and expects privacy commissioners “to be able to do something about it.”

More enforcement power would help regulators to better respond, Pilgrim and Shroff said.

“In Australia and New Zealand, we have had certain powers that we could have in an extreme case used, but I believe we haven’t had a very clear mandate to go out there and do inquiries,” Shroff said.

The New Zealand commissioner also complained of a low budget for her office. “We can barely pay our rent and our staff at this stage.”

Privacy reform legislation under consideration in the Australia Parliament would strengthen the privacy commissioner’s enforcement authority, among other provisions, said Pilgrim.

Under the proposal, the commissioner could perform audits of the private sector at any time and make a determination to resolve an own motion investigation, he said.

“Currently, I do not have access to any remedies where I have an investigation commenced,” Pilgrim said. Under the proposed statutory changes, “I would be able to take accept written undertakings from an organisation” and enforce compliance, “and I’d also be able to go to the courts in certain cases to seek civil penalty orders of up to $220,000 for individuals and up to $1.1 million for companies.”

“My focus will still be on trying to resolve complaints by conciliation,” Pilgrim said. “However I will not shy away from using existing determination power or in the future the new powers I have where it is appropriate to do so.”

The Australian Senate is expected to consider the privacy bill on 29 November, the last sitting day of Parliament for the year, Pilgrim said. If the Senate passes the bill, it will move to the House for approval, he said.

Meanwhile, Shroff is awaiting the New Zealand government’s response to a report recommending more enforcement powers for her office. The proposed new powers are similar to the ones proposed in Australia.

Pilgrim noted that the Australian privacy reform bill does not include a proposal he supports to mandate data breach notification. Submissions to the government on whether to take up that issue at a later date were due today.

“There is no doubt that data breaches can cause concern in the minds of the public,” Pilgrim said. “Risks to individuals through data breaches pose serious threats to those individuals in terms of identity theft or identity fraud.”

A data breach “also poses significant reputational risks to businesses,” he said. “This cost is in addition to other costs associated with data breach,” which some researchers estimate at “millions of dollars.”

Follow Adam Bender on Twitter: @WatchAdam

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: New Zealand, senate, regulation, Parliament, Maria Shroff, laws, House, privacy, enforcement, Timothy Pilgrim, reform, Australia, data breach
Latest Blog Posts
Whitepapers
  • Empowering Modern Finance - The CFO as Technology Evangelist
    The CFO as Technology Evangelist is a research report commissioned by Oracle and Accenture, in collaboration with Longitude Research, that explores how modern CFOs and finance executives are adopting emerging technologies within their finance functions to enable the development of new capabilities and to transform the role of finance.
    Learn more »
  • Oracle Fusion Financials Cloud Service
    Modern organizations are under intense pressure to provide accurate, reliable, and speedy financial information to business decision-makers. Furthermore, complying with global standards has become more of a headache than ever before. How do you know if financial management in the cloud is right for you? This data sheet takes an inside look at Oracle Fusion Financials Cloud Service, exploring key product features as well as financial management benefits your organization can realize quickly, including: Lower transaction processing costs and fewer data entry errors; Automated financial processing; Effective management control; Real-time visibility to financial results; Improved compliance; and more Get everything you need to meet financial compliance and improve your bottom line.
    Learn more »
  • ERP Selection: Finding the Right Fit
    Finding a needle in a hay stack is hard, but the task pales in comparison to finding a specific needle in a pile of needles. Selecting the ideal Enterprise Resource Planning (ERP) solution can feel just as daunting. ERP represents a serious investment for any organisation and is vital to future success. This report explores the strategies organisations are employing to find the right ERP fit that will give them the tools they need to thrive.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index