INDEPENDENT NEWS

Reserve Bank gets NZ's first privacy compliance notice

Published: Thu 16 Sep 2021 10:41 AM
New Zealand’s Privacy Commissioner issued its first compliance notice to the Reserve Bank.
The notice follows an online attack on the bank’s systems in December 2020.
While the notice makes sense, a press release from the Commissioner’s office reads more bureaucratic procedure than a public shaming.
The Reserve Bank breach happened when software which claims to be secure enough to move confidential information between banks was compromised.
Reports suggest other organisations caught up in the same attack paid ransoms to the attackers. We don’t know if the Reserve Bank paid up.
Systematic weakness
The attack breached the Reserve Bank’s security systems. As John Edwards, the Privacy Commissioner says, it "raised the possibility of systemic weakness in the Bank’s systems and processes for protecting personal information.”
A review of the Bank’s systems uncovered many areas where it has not complied with the Privacy Act’s Principal 5. This says agencies that hold personal information must have reasonable safeguards in place to protect personal privacy.
Yet, the press release from the Privacy Commissioner quotes Edwards saying: “We are heartened by the speed and thoroughness of the Bank’s response. We were notified as soon as the cyber-attack was identified, and they have been constructive and open throughout the compliance investigation process. We are pleased to see the positive way they’ve dealt with the aftermath of the attack.”
In other words, it was sloppy but ended up doing the right thing.
The press release quotes Reserve Bank governor Adrian Orr attempting unconvincing damage limitation.
Yet the whole point of the Act is to pre-empt online attacks. Organisations like the Reserve Bank should have robust protections in place before any private information is put at risk.
While the notice is real enough, this first one is something of a practice run for dealing with future compliance failures.
Reserve Bank gets NZ's first privacy compliance notice was first posted at billbennett.co.nz.
Digitl
New Zealand technology news
Bill Bennett publishes technology news and features that are directly relevant to New Zealand readers.
Covering enterprise and small business computing, start-ups, listed companies, the technology channel and devices. Bennett's main focus is on New Zealand innovation.
Bill Bennett stories are republished on Geekzone and Scoop.
Stories published on this site are available to publishers for a fixed fee or a monthly subscription.
Contact Bill Bennett
Website:
Google+:
Mobile:
0275082740
Twitter:
Linkedin:
http://www.linkedin.com/in/billbennettnz
Email:

Next in Comment

US Lessons For New Zealand’s Health System: Profiteering, Hospital Adverse Events And Patient Outcomes
By: Ian Powell
Israel’s Argument At The Hague: We Are Incapable Of Genocide
By: Binoy Kampmark
View as: DESKTOP | MOBILE © Scoop Media