The Office of the Privacy Commissioner (OPC) has published a report with insights into the mandatory privacy breach reporting one year on.
There is still a long way to go
On 1 December 2020 the Privacy Act came into effect, making it mandatory to notify the OPC of serious privacy breaches. In their new report the OPC gives us insights in the results from the past year. These insights show that New Zealand is on the right path, integrating the new Act into their lives, but also that there is still a long way to go.
For example, only in 44% of the serious breach notifications have been made within the expected timeframe, which is less than half of the cases. The OPC urges in their report that you should not wait with informing them about the privacy breach. A notifiable breach should be reported within 72 hours after becoming aware of it. This way the OPC can support you to reduce potential harm to the affected individuals.
More than 25% of the reported serious privacy breaches are caused by an email error
Another remarkable insight in their report is regarding the cause of the privacy breaches. In 62% of all cases the cause of the serious breach was human error. A human error according to the OPC is “an unintended action by an individual directly resulting in a privacy breach, e.g. inadvertent disclosure caused by sending a document containing personal information to the incorrect recipient.”
The most common type of human error causing privacy breaches is email error and the OPC reveils that more than 25% of the reported serious privacy breaches are caused by an email error. These are big numbers and it is important to emphasize that this type of error is one of the errors that’s the amongst the easiest to prevent.
So what can you do?
Double check your email before you send it
Make sure you have a good system in place when sending emails. Never rush sending an email and always be careful when you include personal information in your email. Double check the attachments and recipients. Moreover, use the BBC field when you’re sending the email to multiple recipients to prevent you from passing on someone’s details to others without consent.
The OPC states in their report that they are prepared to take further enforcement action if agencies repeatedly experience privacy breaches caused by email error.
How The Information Privacy Company can help
Do you need help creating systems to prevent privacy breaches? Or are you unsure whether your company is ready for take the right action whenever a breach occurs? Don’t hesitate to contact The Information Privacy Company. Our services include an initial audit of your organisation’s privacy law readiness. During this audit we will review you existing systems and policies, assess your readiness and supply some recommendations to implement where needed.
If you would like to know what other insights the OPC states in her report, you can read the full report here: https://www.privacy.org.nz/ass...