2018 a defining year for privacy says law firm
This year, privacy should be at the top of every boardroom agenda says law firm Simpson Grierson.
Overseas, the controversial use of personal information is firmly in the headlines and at home, the long-awaited Bill to
reform New Zealand’s 25-year-old Privacy Act has finally been introduced into Parliament.
The Bill replaces the Privacy Act 1993, as recommended by the Law Commission’s 2011 review of that Act, and is intended
to promote people’s confidence that their personal information is secure and will be treated properly in an increasingly
Partner Sally McKechnie says that changes introduced by the Bill, reflect a general uplift in recognition that firm
guidance and tougher penalties are needed where privacy is breached.
“In addition to the introduction of the new Bill, we have been seeing upwards trends in the quantum of damages for
privacy breaches, not only in the Human Rights Review Tribunal but also earlier on in the complaints process,” says
“The Office of the Privacy Commissioner recently reported that nearly half of its cases are being closed through
settlements. With increasing delays and backlogs in the Human Rights Review Tribunal, indications are that aggrieved
persons and organisations alike will increasingly look to early resolution through the Privacy Commissioner’s office.”
The disparity between the generous awards in the Tribunal, most recently in the Dotcom decision - awarding $90,000 in
damages, and compensation in the Employment Relations Authority is also driving volume in the Tribunal.
McKechnie says that this trend has been so prevalent that the Privacy Commissioner has recently released guidance as to
the ‘value’ of a complaint, monetary or otherwise (including anonymised examples of recent settlement figures).
“This guidance will be a very useful resource for organisations responding to privacy complaints,” she says.
Simpson Grierson notes that in addition to modernising the Privacy Act to reflect the way new technologies have changed
how personal information is used, the Government has signalled that the establishment of a Chief Technology Officer and
Ministerial advisory group is at the top of its list.
“The rise in use of ‘big data’ technologies will continue to present both opportunities and challenges for business and
in government in 2018,” says McKechnie.
“In anticipation of this, the Government has recently outlined its priorities across digital technology, media and open
government. It has also pledged to review and update a range of other legislation to include the wider effects of
digitisation, and introduce a Digital Bill of Rights that will integrate with existing cornerstone legislation such as
the Bill of Rights Act, the Crimes Act, the Privacy Act and surveillance legislation.”
The law firm points to developments overseas, in particular the key cloud computing case United States v Microsoft, as a
guide for how data protection laws could be interpreted, applied and developed for New Zealand businesses.
“The United States Supreme Court recently heard oral arguments in this case, which concerns the execution of a US search
warrant to access personal information held by Microsoft in an Irish data centre,” says McKechnie.
“This case will examine the cross-border reach of law enforcement agencies and how modern data protection laws operate.
It could potentially have significant implications for both individuals and companies around the globe.”
McKechnie notes that the New Zealand Privacy Commissioner filed a submission in the United States Supreme Court on this
case, submitting that the US government should not be able to rely upon US domestic search warrant legislation to access
the data, rather than making a mutual assistance request to the Irish government.
“The implications of this case could impact the lives of all New Zealanders. We await the United States Supreme Court’s
decision with interest.”