Category: Privacy Commissioner

Source: Privacy Commissioner

20 May 2024, 09:00

A recent study of New Zealander’s attitudes to privacy shows higher levels of concern among Māori.

The biennial privacy survey of nearly 1200 New Zealanders (including over 320 Māori) was released last week to mark Privacy Week 2024.

Pou Ārahi at the Office of the Privacy Commissioner, Shane Heremaia (Ngati Tūwharetoa, Te Arawa), says the survey showed Māori are more concerned about privacy in every way.

“Total concern for individual privacy was higher across Māori respondents, as was the rate who had become more concerned about these issues over the last few years.

“Privacy concerns drive behaviour. A standout example among Māori is that one in three (33%) stated that in the past 12 months they’ve avoided contacting a government department due to privacy concerns. For non-Māori that figure is one in seven (14%).”

Māori are more likely to also have avoided doing a range of other activities due to privacy concerns, including using social media (44% v 32% non-Māori), online shopping (43% to 26%), online dating (41% v 26%), signing up for loyalty cards (36% v 22%) or visiting a particular place due to surveillance concerns (30% v 14%).

“Māori were also more likely to express concern about bias in facial recognition. This included being concerned about it being used without people being told or agreeing to it, its use in retail stores to identify individuals and its use by law enforcement to identify individuals in public spaces.

“Facial recognition is clearly an issue for Māori. This reflects concerns expressed by the Privacy Commissioner about bias and accuracy in the use of facial recognition technology and how he’s worried about what this means for Māori, Pasifika, Indian, and Asian shoppers, especially when the software is not trained on New Zealand’s population.”

The survey also shows that Māori are more concerned about children’s privacy, with 88% wanting the government to pass more legislation that protects children’s privacy, while 80% said that protecting children’s information was a major concern in their life, which is significantly higher than the 59% figure for non-Māori.

One positive development was that 54% of Māori are aware that the Privacy Act gives them rights to a copy of any personal information an organisation holds about them. While this is an increase from 50% in 2022, there is still a lot of room to make people more aware of their privacy rights and what they can do if their rights are breached.

“It’s clear Māori are increasingly aware of the importance of privacy and are wanting greater control of their personal privacy. There’s also greater understanding of the possible negative consequences new technology like facial recognition technology might have and it’s important Māori views regarding privacy are represented and understood”.

Source: Privacy Commissioner

During Privacy Week when we talked about notifying individuals about privacy breaches, we got asked a lot of questions about our guideline around 72 hours. Heres what we mean when we say 72 hours
You must inform the Privacy Commissioner of serious privacy breaches as soon as you practically can after becoming aware of them. Our expectation is that you will do this within 72 hours of becoming aware that its a notifiable breach. This timeframe is a guide only and is intended to initiate prompt notification to us. In some cases, it will be clear from the outset that a breach has occurred and that it is notifiable.

Source: Privacy Commissioner

13 May 2024, 09:00online shopping 28% and online dating 28%.

People are not just aware but they’re also acting. In our survey, 70% declared that they were likely to consider changing service providers in response to poor privacy and security practices.

“Our survey also showed Māori are more concerned about privacy in every way. A standout example of the privacy concerns expressed by Māori is that 32% stated that in the past 12 months they have avoided contacting a government department due to privacy concerns. For non-Māori that figure is 14%.”

“It’s fitting these results come out in Privacy Week as it shows that people value privacy and are increasingly willing to speak up about things they think are going to have a detrimental impact on their personal privacy,” says Mr Webster.

The survey had nearly 1200 participants.

Privacy Week runs from 13-17 May and we’re running a series of free online talks and conversations covering a range of topics. 

Source: Privacy Commissioner

• Home /
• News /
• Privacy Commissioner releases 2023 credit assurance reports

7 May 2024, 09:00

The Privacy Commissioner has released the annual compliance assurance reports submitted by the three national credit reporting companies for the 2022/2023 year.

Credit reporting agencies send us reports each year so we can check they are meeting their obligations under the Credit Reporting Privacy Code, Privacy Commissioner, Michael Webster said.

“My office has completed our annual assurance round of Equifax; illion and Centrix’s compliance with the Credit Reporting Code and no issues have been raised.”

These assurances are focused on making sure the agencies keep credit information safe and secure and take reasonable steps to check credit information is accurate before using or disclosing it.

We also make sure there are processes for individuals to request access to and correction of their credit information and confirm there is information on the agency’s complaint process available on its website.

Source: Privacy Commissioner

If you find a security problem in the Officer of the Privacy Commissioners website, Privacy Commissioner John Edwards wants you to tell him about it. Mr Edwards has launched his offices Vulnerability Disclosure Policy in time for the New Zealand Internet Task Force (NZITF) conference in Wellington today. A vulnerability disclosure policy demonstrates the commitment we have to security. The policy publicly commits our office to responding promptly when advised of any vulnerability, he said. A vulnerability disclosure policy encourages people who find vulnerabilities in the Office of the Privacy Commissioners website to report them responsibly. The policy also gives a reassurance that the Privacy Commissioner will not seek to prosecute people who find vulnerabilities and follow the policy in reporting those. Mr Edwards hopes publishing his offices policy will encourage other agencies to follow the NZITFs guidelines on responsible disclosure.

Source: Privacy Commissioner

Concern about social media use was one of the three themes raised by experts and agencies working directly with children. The three key themes were:

– Social media is a major concern, and a combination of guidance and regulatory changes are needed to manage this risk to childrens privacy. – More guidance is needed to help professionals, parents and children better understand privacy risks. – Some regulatory changes could better protect childrens privacy, including changing the Privacy Act to include a right to be forgotten, introducing a requirement to consider the best interests of the child, or creating a code of practice. Privacy Commissioner Michael Webster said the sorts of concerns raised in the survey were well summed up by one respondent, “Young people dont have the capacity to make fully informed decisions about their digital footprint and the long-lasting implications of having an online presence.

Source: Privacy Commissioner

In April 2024, we released our report summarising the themes and messages we heard during our Children and Young Peoples Privacy project. Read the short report. Read the full report. About the project
In September 2023 we launched the Children and Young Peoples Privacy project, which looked at how childrens privacy is being protected and ultimately considered whether the rules protecting childrens privacy rights are working. There are some unique challenges and opportunities that relate to the privacy of children and young people as they interact with health and education services and the online world. To understand these challenges, in late 2023 we consulted with government agencies, professionals who work with children (teachers, doctors, nurses, etc), and non-governmental organisations who advocate for children and young people. We asked them for their thoughts on how to improve childrens privacy in New Zealand.

Source: Privacy Commissioner

The Office of the Privacy Commissioner has developed draft rules for the use of biometric technologies and is now asking what people think of those. Biometrics is the automated processing of physical and behavioural characteristics (face scans, fingerprint scans, voice recordings) that can be used to identify individuals or work out things about them. New Zealand doesnt currently have special rules for biometric technologies. Privacy Commissioner Michael Webster says, The Privacy Act 2020 regulates the use of personal information in New Zealand (and therefore biometrics), but we think biometrics need special protections especially in specific circumstances. Biometrics are fundamental to who a person is; theyre a very special type of personal information, says Mr Webster. Biometrics can be used to surveil and monitor large numbers of people or identify people on a watchlist and some of their uses are so highly intrusive that they shouldnt be used lightly.

Source: Privacy Commissioner

Privacy Commissioner Michael Webster has today started his Inquiry into Foodstuffs North Islands trial of facial recognition technology (FRT) in 25 of its supermarkets. The Inquiry is designed to monitor the way stores are running the trial to ensure that it is compliant with the Privacy Act. It will also inform the Commissioners assessment of the effectiveness of the use of FRT in reducing harmful behaviour in Foodstuffs North Island supermarkets once the trial is completed. Privacy Commissioner Michael Webster says: At the end of the six-month trial I will be assessing the evidence that the use of FRT is justified. Has it made a practical and statistically significant difference to the incidence of retail crime in Foodstuffs North Island supermarkets relative to other less intrusive options?

Using facial recognition technology to reduce harmful behaviour in supermarkets raises significant privacy risks and the trial is itself not without risk.

Source: Privacy Commissioner

13 Mar 2024, 12:00Organisations must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse, or disclosure of personal information. The research referred to is Internet NZ’s Internet Insights 2023 report, which was released late February this year.ENDSFor more information contact:
Lloyd Quartermaine | Senior Communications Adviser, Office of the Privacy Commissioner
Email: media@privacy.org.nz, Tel: +64 021 959 050