Privacy Commission

Privacy Commissioner John Edwards is no friend of… anyone really

Privacy Commissioner John Edwards has recommended to Government, as part of its plans to reform the Privacy Act, that the penalty for a serious breach of personal information could be a fine of up to $1 million.

If adopted, the Privacy Commissioner would be able to apply to the High Court for a civil penalty of up to $100,000 for individuals and up to $1 million for public and private sector organisations, for serious breaches (as is the case in Australia).

The recommendation is one of six in the Privacy Commissioner’s latest report on the current operability of the Privacy Act, tabled in Parliament this week. This report coincides with the Government’s stated intention to reform the Act.

In the update report, Mr Edwards notes privacy law reform has been under consideration since 1998, including the wide-ranging Law Commission review from 2008-2011. These reviews and the government response have formed the basis for the proposed modernisation of the Privacy Act, as led by the Ministry of Justice.

But Mr Edwards says a lot has changed since the Law Commission’s review. “Important developments since 2011 that impact on the operation and adequacy of the privacy legislation include developments in data science and information technology, and new business models built on data-driven enterprise.”

He says there are apparent gaps and weaknesses in the Privacy Act’s enforcement framework that need to be addressed if the reforms proposed are to introduce an effective and modernised form of privacy regulation.

He is proposing six recommendations. These are: Read more »

Privacy Commisioner looks into Yahoo! Hack, but my hack was no reason for concern

The Privacy Commissioner didn’t give two shits about the hack of my personal data nor of the Media Party pedalling that all over their papers and airwaves.

But they are real concerned about the hack of Yahoo!

Spark says information from 130,000 Xtra email addresses is “at risk” as a result of a massive hack on Yahoo in 2014 that only came to light last week.

Privacy commissioner John Edwards praised Spark but questioned Yahoo’s response and said the hack showed the need for a New Zealand law to force companies to own up to data breaches.

Yahoo said last week that 500 million email customers had information stolen in the attack which it believed had the backing of a foreign government.

The attack also affected Spark customers as it outsourced its Xtra email service to Yahoo in 2007.

Spark said about 15 per cent of its 825,000 Xtra email addresses were at risk.

The information stolen from Yahoo includes unencrypted questions and answers to security questions that could be used to reset account passwords.   Read more »

Scumbag protestors shut down first bit of openness and transparency from the GCSB

Far left protesters have been wanting more openness from spy agencies  and when the head of the GCSB is invited by the Privacy Commissioner to give a speech about what it the GCSB actually does, you know, in the interests of transparency, protestors then move to shut down that transparency by shouting down the speaker.

The acting head of the Government Communications Security Bureau (GCSB) says it is disappointing her planned speech this afternoon was hijacked by protesters as she was going to reveal operational details never previously discussed.

Una Jagose was about to deliver an address to a Privacy Commission technology forum at the National Library in Wellington when two anti-GCSB protesters unfurled a banner in front of the podium and refused to move.

One man from the audience appealed to the two women to allow Ms Jagose to speak, as that was what they were there to hear, but the protesters said they intended to remain for the duration of the speech.

Privacy Commissioner John Edwards then decided to cancel the event.

Afterwards Ms Jagose said the agency had heeded public calls for greater transparency.

“Protests are a legitimate part of the democracy that we live in and I like the democracy that we live in – so is the work that the bureau does, a legitimate part of the democracy we live in,” she said.

“So it was a shame that one stopped the other from going ahead today.”

Read more »

Privacy Week? Gimme a break!

Justice Minister Amy Adams says Privacy Week 2015 is a reminder to people about the importance of keeping personal information secure.

Privacy Week begins today and is an annual Asia Pacific initiative to promote awareness of privacy issues.

“In this digital age we need to be ever vigilant about the information we provide about ourselves to others and what is done with that information,” says Ms Adams.

Ms Adams said often the best protection of privacy was the steps we take ourselves such as having and regularly updating passwords on phones and computers.

“Some recent reports have found that while 83 per cent of New Zealanders have experienced a cyber-security breach, only 39 per cent changed their online behaviour as a result,” says Ms Adams.

“A further 40 per cent of New Zealanders never or hardly ever change passwords, and 43 per cent do so only occasionally while only 66 per cent of us secure our personal smartphone with a password. Only half secure their work smartphone.”

Ms Adams said Privacy Week was also a good opportunity for agencies, organisations and businesses to think about how they looked after people’s personal information.

Privacy is such a fluid idea.    Read more »

I complain, therefore I am

Facebook Privacy Settings[5]

No wonder the Tiwai Point smelter is still going – we have a large proportion of the population in constant need of aluminium head wear.

They know when you’re out and when you go to bed.

The Office of the Privacy Commissioner yesterday fired a warning shot at power companies over the huge amounts of private details that smart meters collect every day.

In a memo, the office said such meters, which are now installed in more than a million New Zealand homes and businesses, could take electricity readings detailed enough to determine whether customers were using high-energy appliances, such as ovens or heaters, and when they had left the house. Read more »

Let’s just totally ignore the High Court’s ruling shall we?

A decision to clear Cameron Slater of Privacy Act breaches could result in all bloggers being exempt from the legislation, the Director of Human Rights Proceedings says.

The director’s lawyer, Simon Judd, told the Human Rights Review Tribunal today there was nothing to distinguish Mr Slater from any other blogger who expressed their opinions on the internet.

-RadioNZ

Nothing? Really? How about a High Court ruling that he is a journalist?

A court’s recognition of WhaleOil blogger Cameron Slater as a journalist reflects the changing media landscape, the Newspaper Publishers’ Association (NPA) says.

Slater has won a High Court nod that he is a journalist and that his blog is a news medium

-Stuff

That is a pretty strong distinction don’t you think?

 But Mr Judd told the tribunal the case could set a precedent and result in every blogger being exempt from the Privacy Act if the charge was not upheld.

-RadioNZ   Read more »

Vexatious complainant gets slapped for wonky ‘bum slap’ complaint

A story came out a couple of days ago that shows the problem with our employee grievance industry.

A Hamilton woman who lost a sexual harassment complaint against her former boss after he slapped her bum has been ordered to pay him $5000.

Hamilton woman Ella Newman, 23, will appeal the Employment Relations Authority decision that quashed her sexual harassment claim and the decision to make her pay.

I don’t know who advised her, but this should never have got this far.

 

Especially when the Herald reported the following comment from ERA member Anna Fitzgibbon.

Authority member Anna Fitzgibbon rejected those claims, calling Ms Newman an unreliable witness and questioning why she did not complain earlier.

It sounds like she just made stuff up and was an ‘unreliable witness’, probably looking for a Christmas bonus or a trip overseas.

If she had such an unreliable claim, you would hope her lawyer would tell her such.

Unfortunately many employees like her use groups like Community Law, often light on lawyers, and assume employers are wrong no matter what. They then stumble along making the matter worse and fail to speak the truth to their client.   Read more »

Yeah, but he didn’t mean it

John Key delivered just a solitary written apology in 2014, ironically to one of New Zealand’s most controversial political figures.

According to Key “to the best of my recollection”, the prime minister wrote just one letter of apology this year, parliamentary questions asked by the Labour Party show. Read more »

Does the Privacy Commission need to be refocused?

In my own dealing with the Privacy Commission, directly and indirectly, I’ve found it hard to find any “common sense” consistency to their activities.

When 6 years of my emails were taken from me illegally, I tried to encourage the Commission to use its powers to protect the other parties to my communications.   Some of you even wrote in directly.  We all know where that got to.  Nowhere at all.

If you can think of a more wide-spread privacy breach in recent times, please tell me, but I think this one was an occasion where the Commission was central to the solution – and they didn’t do anything other than send form letters (emails) to say that the breach itself wasn’t enough – there had to be demonstrable damage before they would consider action.

With this as a head scratching backdrop, I now share this story with you:

A real estate agent caught going through a client’s underwear drawer has complained to the Human Rights Review Tribunal that his privacy has been breached.

I will stop here.  So you can read that again.   Done?   Confused?

Surely the Commission told him to go away, right?

The man was found guilty of a “gross breach of privacy” by going into a client’s bedroom drawer and handling her underwear shortly after an open home in September 2012.

His name and any identifying features, such as the location of the property, are suppressed.

The man lost his job and surrendered his real estate licence shortly after the event. The Real Estate Agents Authority (REAA) charged him with misconduct.

He pleaded guilty and in March 2013 he told the Real Estate Agents Disciplinary Tribunal that he had “looked in the drawer more out of curiosity and intrigue than out of malicious intent”, and regretted his actions.

He doesn’t deny it.  Plead guilty and put on a display of contrition. Read more »

OK, you’ve had your fun. What about law, enforcement, and common sense?

Dirty politics exists.  On all sides.  Instead of everyone being “shocked” and nauseated enough to need a barf bag, everyone should have just gone “yeah?  so what?”.  Surely there is no revelation that political parties have ways to communicate information about themselves and others that aren’t at the level of a formal press release?

Every journalist worth their meager salary will have contacts throughout society that will do anything from whisper little bits of information to receive heavy dossiers or digital storage with information on it.

But things are different when that information has been obtained through burglary and breaking computer security through deliberately trying to find a way in (hacking).

The first is a sleazy way for information to be passed around.   The second, is illegal.   Why is nobody interested in the difference?

I have watched with interest the furore and posturing arising from the Dirty Politics book.

It sickens me to see lots of politicians jumping on the band wagon and ignoring the rule of law. All parties seem to take it as read that it is OK to publish what is essentially personal and private information.

It is not public domain data.

Nobody seems to be addressing the issue of the legality of the stealing and the use of that data. Why does every commentator seem to think these actions are OK, or at least somehow not illegal?

I have just returned from the UK where journalists and others have recently been jailed for hacking the private phones of celebrities and other VIPs. One person was even low enough to hack the phone of a child who had been abducted and murdered. Read more »