Hacks surge, but human error still the prime cause of NZ privacy breaches

Hacks surge, but human error still the prime cause of NZ privacy breaches

Reports of hacking leading to a privacy breach increase markedly in 2019

Privacy Commissioner John Edwards

Privacy Commissioner John Edwards

Credit: Supplied

The Office of the Privacy Commissioner's annual report shows reported private sector breaches overtaking the public sector for the first time -- and human error is the major cause of breaches.

However, reported hacks resulting in a breach of privacy increased markedly in 2019, up from six in 2018 to 43 in the year ended 30 June.

Currently the breach notification regime is voluntary, but compulsory breach notification is on the way and is expected to increase the number of reported breaches significantly, the report said.

"We receive voluntary breach notifications from a variety of public and private sector agencies," it said.

"We encourage this because we can guide agencies on how they should respond to breaches, and how they can stop them from happening again."

The notifications also help identify common privacy issues and risks and lessons learned from these breaches are used in developing education resources.

This year agencies reported 222 breaches (see chart below). Ninety-five of those were from public agencies and the other 127 from private agencies.

"Because breach reporting is voluntary, there is no way of knowing what proportion of all the breaches that occur are reported to our office," the report noted.

Human error - including mistakes using email, posting to websites and loss or theft of documents or devices - was the most common cause of privacy breaches.

The Privacy Bill now before Parliament will make it mandatory for agencies to notify the Commissioner of significant privacy breaches. 

Key charts from the Privacy Commissioner's annual report.Credit: Supplied
Key charts from the Privacy Commissioner's annual report.

2019 may also be remembered as the year in which the importance of online privacy finally became mainstream, the report said.

"In the digital privacy space, the fallout from Facebook’s Cambridge Analytica scandal, and social media platforms hosting disturbing videos of terrorist violence, were among incidents that brought an unparalleled level of public and regulatory scrutiny upon the practices of big tech companies," the report said.

The new Privacy Bill will also have an extra-territorial effect, meaning privacy obligations will explicitly apply to agencies conducting business in New Zealand, whether or not they have a physical presence here.

The Privacy Commissioner is currently looking into a change in Trade Me's terms and conditions for the use of private data, allowing it to target advertising.

Privacy commissioner John Edwards told Stuff yesterday he intended to seek further information from the online marketplace on what appeared to be a proposal for the unauthorised use of customer information.

"We will then evaluate the options available," Edwards said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyhackingprivacy commissionerJohn Edwards



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments