Privacy Commissioner Calls for Greater Penalties for Data Breaches

The Privacy Commissioner, Michael Webster, has called for higher penalties for data breaches at the National Cyber Security Summit in Wellington.

Webster expressed concern over the current level of privacy maturity and cyber security practice in businesses and other organisations.

The maximum fine for non-compliance with a compliance order is currently $10,000, which Webster believes is not enough to motivate organizations to comply with legislation that protects data.

A recent survey by Kordia showed that one in five businesses have no plan to deal with a cyber-attack, and 60% of individuals surveyed by Talbot Mills Research believe the current level of fines in the NZ Privacy Act is not high enough.

Webster recommends a civil penalty regime for major non-compliance, specific amendments to make the Privacy Act fit-for-purpose in the digital age, and stronger requirements for automated decision making and agencies demonstrating how they meet privacy requirements.