Consultant petition pushes higher privacy breach penalties in New Zealand

Petition challenges current privacy enforcement settings

Feldtmann, who is based in Whanganui, said current penalty settings do not create sufficient financial consequences for organisations that mishandle personal information. “Because $10,000 for one organisation, if you make millions, the fact that it’s up to $10,000 and not proportionate, on annual turnover or things like that, it really just is not adequate,” she said, as reported by RNZ. Under the Privacy Act, the Office of the Privacy Commissioner can issue fines of up to $10,000 for a limited set of offences. These include failing to comply with a compliance notice, misleading an organisation to obtain someone else’s personal information, destroying requested information to avoid release, and not notifying the commissioner of a notifiable breach. “They’re just not enough. I think they’re just too low to be encouraging people to do better; they are hindering organisations from doing better because the penalty is cheaper than actually implementing some better security and privacy measures,” Feldtmann said.