The Green Party is proposing to give the Privacy Commissioner the power to seek serious financial penalties for major privacy breaches.
"New Zealanders rightly expect their most sensitive information to be protected, but right now a company can lose your most private information and walk away without paying a cent," says Green Party Co-leader Marama Davidson.
The Green Party proposal would give the Privacy Commissioner the power to apply, via the courts, for civil pecuniary penalties for a serious privacy breach of up to:
- $500,000 for breaches by individuals; and
- $10 million for corporates; or
- Three times the value of any commercial gain arising from the breach; or
- 10 per cent of the turnover of the entity in each accounting period in which the breach occurred.
This matches the maximum penalties for contraventions of the Commerce Act and is broadly proportionate to Australia's penalties for privacy breaches. The courts would determine whether a breach is serious, as in Australia.
"Serious privacy breaches are climbing with the Privacy Commissioner reporting a 43 per cent increase in declared serious breaches in a single year. Behind every one of those numbers is a person whose information has been exposed."
"There's clearly a need to close the gap that lets companies treat New Zealanders' data as an afterthought. The Manage My Health hack laid it bare. People trusted Manage My Health and Te Whatu Ora with their health information and that trust was broken."
"Across the Tasman, the Australian Privacy Commissioner can seek penalties for serious breaches while ours cannot. The most our Commissioner can do is fine an agency up to ten thousand dollars for failing to report a breach or failing to cooperate with an investigation."
"The financial penalties the Greens are proposing match what already applies. These penalties match what already applies under the Commerce Act, and they are broadly in line with Australia, bringing privacy protection up to where it should already be."
"Penalties paid to the Crown are not ringfenced, but they could go towards properly resourcing the Office of the Privacy Commissioner so it can do the job New Zealanders need it to do."
"Your private information belongs to you, and the law should treat it that way. The Green Party will make sure the companies and agencies holding your data have a real reason to keep it safe," says Davidson.
