“Privacy Commissioners have tried to get higher penalties and stricter regulation and have failed, so I thought maybe if we can get enough people to sign a petition, then it comes from the people of New Zealand which our government should serve,” she said.
“Maybe that makes a difference.”
Feldtmann, like the Deputy Privacy Commissioner, pointed to penalties in Australia, which were significantly increased in late 2022.
For serious breaches and for each contravention, a court can impose a maximum A$50 million ($58m), or three times the benefit derived from what happened, or 30% of a business’ annual turnover.
In New Zealand, there is no express penalty for a privacy breach.
The $10,000 fines can be issued for:
- A business or organisation that fails to change its behaviour after being issued with a compliance notice;
- Misleading a business or organisation to access someone else’s personal information;
- A business or organisation destroying personal information after it has been requested to avoid handing it over;
- Failing to notify the Privacy Commissioner of a breach.
“They’re just not enough,” Feldtmann said.
“I think they’re just too low to be encouraging people to do better, they are hindering organisations from doing better because the penalty is cheaper than actually implementing some better security and privacy measures,” she said.
“I always look at it and then I look at what the rest of the world is doing, the European Union is the gold standard.
“We’re in the Five Eyes and you look at what the others do and then you look at we have and it’s almost like we don’t really deserve to be in the Five Eyes, at least in that cyber security space and privacy space,” she said.
The petition is on Parliament’s website.
- RNZ
