Le Privacy Commissioner de Nouvelle-Zélande vient de publier son rapport annuel 2010-2011 dans lequel il met l'accent sur les points suivants:
Equipping the Privacy Commissioner for the 21st century
We worked with the Law Commission during the year on its review of the Privacy Act. The Commission's package of recommendations will help to power up privacy law for the 21st century.
In particular, the Law Commission has recognised that we need some additional legal tools to be effective, particularly in the digital age. There are a growing number of issues that cannot be properly addressed through a complaints system alone. People cannot complain if they do not realise what is happening with their information - and, increasingly, government and business practices fly below people's radar. Also, a complaints system can only be driven by problems after they occur. It is becoming more and more important to find out what is happening before things go wrong.
So, for example, the Law Commission has suggested we should be able to order agencies to comply with the law and to release information to requesters, and that we should be able to audit or to order agencies to self-audit their systems. We think these are tools that would streamline how we can deal with the issues that are of most importance for New Zealanders' privacy. Mandatory notification of privacy breaches would help people to protect themselves when things go wrong, as well as bringing careless companies to heel. And a statutory "do not call" scheme would give people greater choices over whether their information is used for marketing.
We look forward to seeing the Government's response in early 2012 to the Law Commission's recommendations.
Another year, another set of technology challenges
As usual, we have kept a close eye on developments in the field of information and communications technology ("ICT") during the year.
We released a survey in May on how agencies make international disclosures and use offshore ICT: http://privacy.org.nz/assets/Files/Media-Releases/Overseas-ICT-Survey.pdf. Fifty major public and private sector organisations answered the survey, most of whom hold large amounts of personal information. We are using the survey results to work towards guidance on how to manage privacy as part of cloud computing.
We also conducted a survey on social networking, together with our partners in the Asia Pacific Privacy Authorities forum. The results will be released in December.
Security challenges and new privacy questions continue to raise their heads, even for big ICT firms. For example, this year saw Sony repeatedly become the target of hackers. Apple and Google were called before Senate committees in the United States to explain how their products use geolocation features. Facebook and LinkedIn fielded questions from their users (as well as regulators) about unilateral changes to their privacy settings. And web services that require users to use their real name are sparking debate over when it is acceptable for people to transact anonymously or pseudonymously, both online and offline.
The News of the World phone accessing scandal led to serious questions being asked in several jurisdictions about media behaviour - and about people's own awareness of how to secure their private communications. It also raised issues about how to deal with "blagging" (impersonation of others to get information).
Managing identity continues to be a field of significant interest, particularly for government and major businesses. For instance, we have close contact with the New Zealand i-government initiative. The new regulations to combat money laundering also involve the need for businesses to be certain that people are who they say they are. And biometric technologies continue to get more reliable, more ubiquitous, and smarter.
Data collection, data mining and data regulation - getting the balance right
It is a common saying that ‘information is power' but, these days, it is probably even more correct to say that ‘information is money'. Many of the current challenges to privacy arise because of the cash value that personal information has.
This is not to say that making a profit from personal information is necessarily bad. On the contrary, many legitimate businesses (including credit reporters, online service providers and targeted marketing enterprises) play a major part in our economy and in the way our society operates. However, it is increasingly important for all those businesses to get privacy right in everything they do. As the regulator in the area, we have to play a major part in making sure that the benefits of information collection and use are balanced with proper respect for the people behind the information.
We have nearly completed work on possible reforms to the Credit Reporting Privacy Code. We issued a consultation draft in May and held public hearings about the possibility of permitting more comprehensive information to be stored and used on credit reports.
The changes to the Code would include more stringent safeguards such as providing a credit freezing facility and better information to the public. By the time this Annual Report is published, we will have issued the Code amendments.
Parliament has also passed a law (the Courts and Criminal Matters Bill) permitting outstanding court fines to be added to credit reports. This will also add to the variety of information available on credit reports.
Collection of information into large databases was also highlighted this year when New Zealand Post conducted its second Lifestyle Survey, inviting people to complete a detailed questionnaire in exchange for a chance to win a prize. The information that people submitted was added to a database, and mined to produce lists that businesses with particular marketing niches could rent. This is only one of an increasing number of examples of collection and use of "big data" by business and government - this is an area that we will be paying close attention to in the years to come.
Changing how government agencies share information
A major aspect of the Law Commission's review of the Privacy Act was to recommend a new method by which government agencies could share personal information.
Instead of having to pass primary legislation if agencies wish to share information in a way that might breach the privacy principles, the recommendation is that an Order in Council can approve information sharing agreements between government agencies.
The recommendation is finely balanced to try to make sure that conditions for public trust in government and privacy are maintained, as well as making sure that justified information sharing can be done efficiently. It includes major safeguards including full consultation with my Office before an agreement can go to Cabinet, the ability for me to publish reports with my view about an agreement, the ability for agreements to be disallowed, and also for them to be regularly reviewed.(Source: Privacy Commissioner, Annual Report 2011, p. 13-15)
- THE PRIVACY COMMISSIONER, Annual Report 2011, Wellington, The Privacy Commissioner, 2011.