LIANZA STANDING COMMITTEE ON FREEDOM OF INFORMATION

LIANZA STANDING COMMITTEE ON FREEDOM OF INFORMATION

The LIANZA Standing Committee on Freedom of Information is working on a framework of position statements and an update of the LIANZA Privacy Statement. Read our Freedom of Expression Draft Discussion Document

LIANZA PRIVACY STATEMENT

The LIANZA Privacy Statement was written in December 2013

It covers information related to:

  1. Personal Information
  2. Purposes for collecting the information
  3. How personal information is managed
  4. Disclosure

UPDATE TO THE PRIVACY ACT

Information professionals should also be aware of a potential update to New Zealand privacy laws that involves protection of people’s private data.  A Privacy Bill that will repeal and replace the Privacy Act 1993 is currently with a select committee of the New Zealand Parliament. This was recommended by the Law Commission's 2011 review of the Act. Its key purpose is to promote people's confidence that their personal information is secure and will be treated properly.

One of the key changes to the Privacy Act is a mandatory data breach notification. This will force public and private sector agencies to notify affected individuals, and the Privacy Commissioner, if they experience a data breach which poses a risk of harm. Failure to report could incur a fine of up to $10,000.

The most common types of data breaches are typically for:

  • Contact information
  • Financial details
  • Identity information
  • Health information.

Breaches can occur through cyber-attacks or negligence. For example a cyber-attacker or hacker steals personal details about your library customers. The new bill states that we must notify individuals when this breach of privacy has occurred.

HOW SHOULD WE PREPARE

Assuming the legislation is enacted in July we need to ensure that the LIANZA Privacy Statement is up to date to incorporate guidance on this new law.

These are some areas to consider in preparation for the new law, and may need incorporating into the LIANZA Privacy Statement:

  • Should staff be trained to understand the legal requirements, how to identify, prevent and minimise data breaches
  • Should you be reviewing your technology and where data is stored (eg printers are a new area for breaches as they are often less protected).
  • Do you need to refresh your incident privacy breach response plan, data policies and procedures, and vendor management processes (update contracts)
  • Do you need to analyse your data security and fix any security risks
  • Privacy by design - design in up front. Privacy impact assessments
  • Consider a test breach response plan, experts on speed dial, and draft notifications and communications - don’t wait until it’s too late to prevent or minimise data breaches

Read this article for more background information:  “All companies to report privacy breaches under new bill but no big penalties if firms own up”.

LIANZA STANDING COMMITTEE ON FREEDOM OF INFORMATION

  • Louise LaHatte, Auckland Libraries
  • Stephanie Colling, Auckland Libraries
  • Alyson Baker, Nelson Public Libraries
  • Kim Gutchlag, National Library of New Zealand