Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy as a Stakeholder Interest in New Zealand: Transparency in Corporate Governance Practices Associate Professor Gehan Gunasekara Asian Privacy Scholars.

Published byWesley Fane Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy as a Stakeholder Interest in New Zealand: Transparency in Corporate Governance Practices Associate Professor Gehan Gunasekara Asian Privacy Scholars."— Presentation transcript:

1 Privacy as a Stakeholder Interest in New Zealand: Transparency in Corporate Governance Practices Associate Professor Gehan Gunasekara Asian Privacy Scholars Network Conference Hong Kong 9 July2013

2 Introduction Privacy public issue in NZ –E.g. ACC, WINZ breaches, IRD Business vulnerable –E.g. UMR poll (2012) 82% concerned at misuse of personal information (PI) by business –88% thought businesses misusing PI should be “punished” KPMG report into ACC recommends public reporting of privacy performance Paper argues corporate governance enables same for companies through stakeholder recognition Examines value given to privacy versus other interests, performance & best practice

3 Paper outline Methodology Stakeholder principle and privacy as a right or interest Corporate governance guidelines in NZ & Australia Analysis of governance documents & privacy as stakeholder interest Legal issue raised from content of documents Overseas companies performance Conclusions/recommendations on best practice

4 Methodology review of governance documents –the statistical occurrence of the words “privacy” and “confidential” and related terms such as the Privacy Act –Context in which occur Data Set: (1) NZX and, for comparison (2) NYSE (New York Stock Exchange) Time frame: November 2012- January 2013 Some exclusions, e.g. non-company issuers such as income funds & trusts 130 companies – NZ incorporated (105) + overseas incorporated (25). Comparisons between subsets

5 Methodology cont’d NYSE comparative snapshot: –Random selection of 10 securities out of 3258 –Further random selection of 18 from Consumer sector c.f. all 18 companies in equivalent NZ category

6 Privacy as stakeholder interest Stakeholder principle in management theory = broad principle informing governance Stakeholder includes any group/individual who may be affected/harmed Economic significance of PI E.g. Facebook, Google E.g. outsourcing/cloud computing Potential harms such as identity theft, hacking

7 Difficulty with management theory “interests” versus legal “rights” & “remedies” For privacy both interests & rights relevant E.g. consumer trust important Privacy Act 1993 (OECD model) requirements –Transparency and accountability requirements –Complaints and remedies Section 14(a) Commissioner to balance competing interests Principles-based approach enables bridge between legal/management theories

8 CollectionStorage/Disclosure/ UseDisposal Information privacy principles (IPPs) cover entire spectrum The Information Life Cycle

9 Management theory cont’d Motivation: brand image & reputation c.f. legal sanction Two converge with privacy: transparency is a requirement and accountability as legal consequence Law Commission Review (NZ): –Audit power to Commissioner –Compliance orders for systemic breaches

10 Corporate Governance Guidelines NZX Listing Rules: Corporate Governance Best Practice Code: –Non-prescriptive re ethics code requirements –No specific mention of privacy but receipt of corporate information and conflicts of interest mentioned –Catch-all “compliance with applicable laws, regulations and rules”

11 Corporate Governance Guidelines ASX Corporate Governance Code: More prescriptive e.g. recommendation 3.1: –Measure to protect company’s integrity –Measures to comply legally –Accountability measure for reporting and investigating breaches –Specific mention of privacy policy as example of responsibility to individual Suggests measures followed to promote compliance with legislation & whether local or Australian standards followed

12 Analysis of governance documents Annual reports Codes of ethics (or codes of conduct) Board charters Corporate governance codes or guidelines Corporate social responsibility reports (CSR) (also sometimes labelled sustainability reports)

13 Privacy as stakeholder interest: (all categories) Total number of Companies Companies recognising “Privacy” interests Companies recognising “Confidentiality” interests Number% % Overall14030218762 NZX NZ Companies 10516156360 NZX Overseas Companies 256241456 NYSE Companies 1088010100

14 Analysis Relative importance given to privacy and confidentiality Overseas NZX & NYSE did better across board

15 Types of governance documents Annual reports: shareholder constituency Corporate social responsibility reports (CSR): aimed at community Codes of ethics/conduct: aimed at consumers, employees and community and most useful –54% of NZ listed entities had publicly accessible codes

16 Codes of ethics and privacy

17 Annual reports Both privacy & confidentiality minority interests A few referred to specific policies for protecting privacy/Privacy Act compliance –Link between ideals and achievement by employees/management –Future privacy audits can focus on employee training –Accountability (KPIs) for non-compliance Privacy policies largely omitted from all governance documents Kircaldie & Stains Ltd was standout as referred to Global Reporting Initiative (GRI) and number of complaints regarding privacy and data loss

18 Corporate Social Responsibility Reports (CSR) Only 4% of NZX had publicly accessible CSR C.f. 24% overseas NZX and 50% for the NYSE Tended to give equal prominence to privacy and confidentiality: –NZX  25% for both –NYSE  60% for both

19 NZ Codes of Ethics Ranged from cryptic to detailed E.g. Kathmandu Holdings Ltd’s Principle 7: “Privacy, Intellectual Property and Advantage” PI and business information treated alongside one another Link to employee fiduciary duties useful but danger of information overload Several vague on applicable privacy laws

20 NZ Codes of Ethics cont’d Skycity Entertainment Group Ltd –referred to Privacy Act compliance programme –Clearly differentiated privacy and confidentiality Others less impressive: –An aged care business referred to confidential information and PI being protected by Privacy Act and requests for PI by third parties –Privacy principles cover information life-cycle and give access to individuals of own PI hence reference to requests by third parties confusing –Note: one of the reasons access to PI can be denied is information supplied by third parties in confidence

21 Privacy/confidentiality distinction Confidentiality protects wider range of interests than privacy Can be protected in multiple ways: –Contract –Equitable action for breach of confidence PI definition: "information about an identifiable individual” wider than confidential information Aimed at mischiefs such as aggregation, accessibility of everyday information and harms such as vulnerability, spill over risks etc

22 Privacy/confidentiality distinction cont’d Two concepts intermingled. E.g.: –Nuplex Industries Ltd: “It is vital that we protect the privacy of Nuplex’s confidential information.” –Pumpkin Patch Ltd’s similar but then states:“Employees must not use confidential information for unauthorised purposes. They must also take reasonable care to protect confidential information against loss, theft, unauthorised access, alteration, or misuse.” –These are essentially requirements of the IPPs –Telecom Corporation of New Zealand Ltd also mixed concepts

23 Privacy/confidentiality distinction cont’d A simple example to demonstrate distinction in everyday application Best practice: –treat privacy and confidentiality as distinct concepts –Aspects can be duplicated but under separate headings

24 Overseas Companies on NZX Examples of best practice: –Annual reports linking/referencing governance documents –Elaboration of how compliance achieved: e.g. Downer EDI Ltd’s Standards of Business Conduct refers to privacy policy, information life-cycle and examples of good/bad practice –Confidentiality and privacy treated separately, e.g. Downer EDI Ltd –Pacific Brand’s refers to privacy policy on intranet and advises contact with legal team when necessary

25 Overseas Companies cont’d Telstra Corporation’s CSR: Telstra Clear Bigger Picture 2012: Sustainability Report 2012 –section on “Privacy protection” –Clear goal plus statement of how achieved AND how breaches dealt with –Link to privacy policy –Incidents in 2012, systemic changes as result –Voluntary notification to privacy authorities listed

26 Sector comparisons: Consumer Sector (NZ) c.f. Consumer Durables/Non-durables (USA)

27 Sector comparisons cont’d

28 Conclusions…. Privacy protection afforded lesser status to confidential information (except CSR) Approximately half of the NZX companies had accessible codes of ethics but only a fifth of these dealt with privacy Content often vague/confusing Australian companies on NZX generally exemplary NYSE companies also superior in privacy coverage Privacy protection as management discipline

Download ppt "Privacy as a Stakeholder Interest in New Zealand: Transparency in Corporate Governance Practices Associate Professor Gehan Gunasekara Asian Privacy Scholars."

Similar presentations

What is Corporate Governance?

What is Corporate Governance?
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
CODE OF ETHICS South Australian Public Sector Public Sector Act, 2009.

CODE OF ETHICS South Australian Public Sector Public Sector Act, 2009.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
1 PRACTISING CORPORATE GOVERNANCE IN HONG KONG Speech to American Chamber of Commerce in Hong Kong, 12 December 2003 By Paul M Y Chow, Chief Executive.

1 PRACTISING CORPORATE GOVERNANCE IN HONG KONG Speech to American Chamber of Commerce in Hong Kong, 12 December 2003 By Paul M Y Chow, Chief Executive.
Measurement and Accountability: Why Bother? Johanne Gélinas Partner, Sustainability & Climate Change CSIN 2 nd National Conference - Accountability Through.

Measurement and Accountability: Why Bother? Johanne Gélinas Partner, Sustainability & Climate Change CSIN 2 nd National Conference - Accountability Through.
Standards of Integrity and Conduct A code of conduct issued by the State Services Commissioner.

Standards of Integrity and Conduct A code of conduct issued by the State Services Commissioner.
1 New Zealand Captive Insurance Legislation – the future 11 May 2007 116127906.

1 New Zealand Captive Insurance Legislation – the future 11 May
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Marlan S. Bustos 26 April 2006 My Internship Experience July 5, 2005–September 29, 2005.

Marlan S. Bustos 26 April 2006 My Internship Experience July 5, 2005–September 29, 2005.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR
Purpose of the Standards

Purpose of the Standards
Year 11 R and S Ethics Great Ethical Thinkers. Codes of Ethics in Society.

Year 11 R and S Ethics Great Ethical Thinkers. Codes of Ethics in Society.

Similar presentations

Ads by Google