• Categories

  • Archives

    « Home

    New Zealand Privacy Commissioner: Annual report shows privacy concerns on the rise

    The New Zealand Privacy Commissioner Marie Shroff has released an annual report (pdf) (here’s a highlights page) about the state of privacy issues in the country. Some important points from the report:

    • Our nationwide public opinion survey showed that concern about personal information and privacy issues has grown or remained high, especially in relation to the internet and business.
    • We received 6,632 enquiries from members of the public and organisations seeking our advice on personal information and privacy matters. This was more than 1,200 up on 2007/08.
    • 806 privacy complaints were received, up from 662 in the previous year.
    • Health information privacy continues to raise significant issues, for instance electronic health records, newborn metabolic screening and expansion of the DNA database used for criminal investigations.

    The commissioner also noted results from a survey on the use of portable storage devices (PSDs), considered important because of the rise in their use as well as the high-profile problems internationally with data privacy being breached through the loss or theft of such devices.

    PSDs include USB sticks, cell phones, BlackBerries, iPhones, iPods, MP3 players, PDAs (personal digital assistants) and netbooks. They are used for a variety of purposes, including: to take work home or information to meetings; as temporary file storage or backup; or to transfer sometimes sensitive bulk data between organisations. They are small, lightweight and can store vast amounts of information. PSDs are easy to use and easy to lose. Surveying PSD use provides an indicative snapshot of how agencies are protecting data. […]

    Our survey of the 42 main government agencies showed PSDs were widely used but that there were real gaps in security procedures and practices. […]

    Just nine of the agencies made PSD encryption mandatory, while 43 percent did not provide encryption solutions of any sort. Sixty-two percent kept a PSD register but only 22 percent said they would be able to track transfers of data to PSDs.

    Although the survey found 75 percent of the government agencies had policies to restrict or control the use of PSDs, we are not yet confident that those policies are of a good standard, followed in practice or are well known by staff. […]

    It was particularly concerning that some of the agencies with poorer practices were flagship departments that hold the personal details of millions of New Zealanders. I am forced to the conclusion that personal information about New Zealanders is not being treated with the same care and respect as other sorts of ‘classified’ or ‘sensitive’ information.

    Leave a Reply