Channel weighs in on NZ data breach notification laws

Channel weighs in on NZ data breach notification laws

Legislation expected as part of changes to the Privacy Act now being drafted by the Ministry of Justice

Data breach notification is widely expected to become mandatory in New Zealand, positioning the channel as subject matter experts across the country.

As part of changes to the Privacy Act now being drafted by the Ministry of Justice, Privacy Commissioner John Edwards has recommended fines of up to $100,000 in the case of an individual and up to $1 million in the case of a body corporate being breached.

Despite the direction of travel being clear in New Zealand, barriers still remain, with government approval still required.

Should the expected green light occur however, the finer details of a potentially complex law will need to be ironed out as the country aligns legislations with the rest of the world.

On the presumption that approval will be granted, the channel will be the first responders, fighting on the front line line as Kiwi organisations grapple with the law changes.

Security, and all it encompasses, continues to dominate the agenda of executives in organisations up and down the country, with trusted third-party advisors sought to help navigate through the murky waters of legislation.

“New Zealand has lagged behind our major trading partners in this area and the announcement by the Privacy Commissioner shows that the issue of data security is taken very seriously,” Origin founder and CEO, Michael Russell, told Reseller News.

“We welcome this announcement. It’s good news for consumers, the public and businesses that work with organisations that hold their data – and isn’t that just about every business these days?”

According to Russell - drawing on 20 years of technology expertise in New Zealand - organisations across the country will now be held to a higher standard of transparency, alongside being accountable for the robustness of IT systems.

“Businesses should be doing everything that they can to keep information secure, whether it be data protection, securing IP and customer information or preventing access to systems,” Russell advised.

“These are all highly valuable commodities and the onus is on all businesses to prevent, detect and disclose breaches. It’s part of good governance and risk management and something that every organisation should be devoting a lot of board and management time to.”

For Russell, organisations can ill afford to treat data security as an “IT business”, insisting that the threat now represents a business risk issue, warranting a dedicated allocation of resources to manage and mitigate.

“Information security will be an area of heightened focus for organisations,” he added. “It’s an increasingly specialist area and one where we’ll start to see an uplift in outsourcing activity as companies begin to realise the time and cost to do it well, and the risks involved in attempting to manage it without specialist dedicated resource.”

The latest push for change from the Privacy Commissioner comes 18 months after a huge hack of Yahoo email accounts, a service then used by Spark locally, impacting more than 130,000 Kiwi users.

During the breach - which exposed more than five million user accounts - Edwards insisted that the hack “exemplified the international nature of privacy”, before hammering home the importance of reform through mandatory breach notification laws.

“This is an inevitable move as we increasingly became part of a global, digital economy,” SecureCom director of sales and marketing, Greg Mikkelsen, told Reseller News.

This has just taken effect in Australia and MBIE have been signalling for some time that New Zealand will follow Australia with regards to mandatory reporting of breaches.

“It’s also important for investor and business confidence that we are known for having a transparent regime.”

In surveying the current state of the market, Mikkelsen said most customers are aware that some type of mandatory reporting is on the cards, with cyber security continuing to be a high level agenda for board and executives.

“We have seen a lift in companies wanting to train their staff in cyber awareness training and we expect that to continue for the foreseeable future,” he added.

NZ vs. rest of the world

As reported by Reseller News, the Privacy Commissioner warned the new government that the country's competitive trade advantage with Europe is at risk because current privacy laws have fallen behind international standards.

As a result, further reforms were now required urgently.

“If this happens then the upside is that New Zealand will have caught up with the rest of the world,” Duo co-founder and director, Kendra Ross, told Reseller News.

Read more on the next page...

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Datacomdimension dataOriginPlan BCCLduoComputer Conceptssecurecom


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments