First steps for a data protection commissioner: Some suggestions from New Zealand Katrine Evans...
-
Upload
maximilian-hampton -
Category
Documents
-
view
221 -
download
4
Transcript of First steps for a data protection commissioner: Some suggestions from New Zealand Katrine Evans...
First steps for a data protection commissioner:
Some suggestions from
New Zealand
Katrine Evans
Assistant Commissioner (Legal and Policy)
Kuala Lumpur, 9 February 2012
New Zealand Privacy Act
• 1993• Covers nearly all agencies that
hold personal information (public sector, non-profits eg charities, individuals) as well as private sector
• Codes of Practice governing health information, credit reporting agencies and telecommunications agencies
Personal Information
Information about a human being,
who is:
• Living
• Identifiable
Purpose is Key• Our Act focuses on purpose (not
consent)• Purpose must be lawful; necessary to
collect and use information; only relevant information collected; method of collection fair and not unreasonably intrusive; open with individual concerned
• Subsequent uses and disclosures within those purposes are acceptable
• If changing purpose, may need consent (unless needed for court, law enforcement, protecting safety)
Commissioner Functions
• Complaint investigation and (indirectly) enforcement
• Guidance material, education, advice for public and business
• Policy advice and comment on legislation
• Monitor technology developments
• Monitor data matching programmes
• Develop codes of practice
• International participation
Some ideas for setting up a DPA
Message #1Help agencies to get it right
Aim = Act should be “self-policing”
That is, agencies know how to get
it right so problems don’t arise or
are quickly fixed.
Privacy officers – key role
DPA can:• Educate agencies about why
they need privacy officers• Educate privacy officers about
the Act• Support privacy officers by
providing advice and information• Set up privacy officer networks
so they can support each other
User-friendly information
• Identify target audiences (you can’t help everyone immediately!)
• Short, plain language documents (eg checklists) – make it easy to get things right
• Partnerships with business or industry associations – develop and distribute material
• Have a free helpline for businesses and media to get basic information
Message #2Partnerships with other
commissioners
• Joint enforcement action
• Often can adapt or republish information that other commissioners have written
• Regional co-operation (APPA) – even as observer
• Privacy Awareness Week
Message #3Quick and effective
complaint resolution• Personal contact with parties – it’s
quicker and better on the phone
• Resolve things informally if possible
• Avoid being too “legal” in communications unless engaging in formal enforcement
• Identify common problems (eg within an industry) and deal with problem not just with separate complaints – aim is to change systems for the better to prevent problems arising
Contact
www.privacy.org.nz (RSS feeds and subscription service to free newsletters, case notes etc available)
[email protected] (also through LinkedIn)
Watch out for our Facebook page andTwitter feeds – coming soon!