Privacy Advisor

NEW ZEALAND—Privacy Reflections/Predictions for 2014

February 11, 2014

By Souella Cumming

The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.

It’s not just a public-sector issue

While it’s been the public sector that has made the headlines in New Zealand over the past two years—Accident Compensation Corporation, Ministry of Social Development and the Earthquake Commission, to name just a few—local and international events show that the corporate sector is not immune. Continued technology developments, cost-reduction initiatives and changes to business operating models place pressure on traditional/business-as-usual approaches to protecting personal information for both public- and private-sector entities. All organisations need to find new, smarter ways of working with customer information that keeps it safe while minimising the compliance burden.

Legislative change required but running hard to keep pace

The recent (information sharing) and pending changes to privacy legislation in New Zealand aim to address some of these issues (compulsory privacy breach notification and greater powers for the Office of the Privacy Commission to audit and require compliance). But will the change come quickly enough? And will it keep pace with the challenges of big data, global information sharing, unauthorised disclosures (Snowden, Assange).

Is education the key?

In a time when the boundaries between public and personal information is increasingly blurred, organisations and individuals still have a limited understanding of privacy requirements—both the principles of protecting information and the impact on trust and reputation in business and government. Attitudes to accessing and sharing information also vary markedly, and ethical dilemmas abound. Over the past 15 years there has been an increased emphasis on financial literacy in education: Is the time right to focus on privacy education in schools and business? Will a more informed public demand more of the organisations they entrust with their personal information?

Expectations of enhanced compliance and greater assurance?

One of the benefits of the high-profile breaches is the increased public awareness about the safety of the information they entrust to public- and private-sector organisations. Public awareness is helping to fuel the call for international standards, better understanding about the risks posed in collecting, using, storing and disclosing information and assurance that information is protected from inappropriate use/disclosure. Public- and private-sector organisations need to respond to these expectations and find enhanced ways of providing confidence to their customers and stakeholders.

We know the problems, but finding the right solution(s) is an increasing challenge. It’s not just about legislation, or business systems, accessibility of Big Data, security, attitudes to information-sharing, or ethics or culture—it’s the combination of these things that make solutions complex.

So, no shortage of opportunities for individuals, private-sector businesses and public-sector agencies to tackle—welcome to 2014!

Souella Cumming is a partner in KPMG’s Advisory Practice. She leads KPMG New Zealand’s Government Services and Privacy Advisory Services. Contact Souella at