General policy statement

The New Zealand public has been subject to a number of privacy breaches by various government agencies. In order to prevent breaches of this magnitude it is important that the Privacy Commissioner is able to undertake investigations to identify gaps in process and maintenance and bring the agencies into compliance with the Privacy Act 1993 (the Act). The ability of the Commissioner to issue compliance notices and demand information-handling audits across the public and private sectors is the only way to ensure that private information of New Zealanders held by agencies is not misused or breached by the public sector or by outside entities.

This Bill will provide the Privacy Commissioner with powers that are required for the Commissioner to function effectively and this was echoed in the Law Commission’s recommendations to the Government in its Review of the Privacy Act 1993, published in 2011, when it said “At the moment, enforcement of the Privacy Act is complaints-driven. People can complain to the Privacy Commissioner about breaches of their privacy rights under the Act. But the Commissioner has only limited powers to take action about breaches of the Act on her own initiative. Such a system is often not well suited to addressing underlying systemic problems”.

Clause by clause analysis

Clause 1 is the Title clause.

Clause 2 is the commencement clause. It provides that the Bill comes into force on the day after the date on which it receives the Royal assent.

Clause 3 provides that the Bill amends the Privacy Act 1993 (the principal Act).

Clause 4 is the purpose clause.

Clause 5 inserts new section 13(1)(ab).

Clause 6 inserts new section 92A.