Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance notices under the Privacy Bill

Published byChester Berry Modified over 5 years ago

Similar presentations

Presentation on theme: "Compliance notices under the Privacy Bill"— Presentation transcript:

1 Compliance notices under the Privacy Bill
Or Cave Canem

2 What happens now? The current powers of the Commissioner

3 The current powers of the Commissioner

4 Complaint investigations
Own motion inquiries Recommendations Referral to the Director of Human Rights Proceedings Naming policy Statutory powers to demand information (offence to fail to provide without reasonable cause) Can take evidence on oath

5 What’s wrong with that?

6 Serious breaches that the agency is unwilling to address
Systemic or repeat breaches where no progress made Have to use a middle person in the enforcement process – additional time and resources => Enforceable compliance notice

7 Privacy Commissioner 2.0

8 Sections When the Commissioner can issue a compliance notice (124) What the Commissioner has to consider before issuing (125) Process for issuing (125) Form and service (126) What agency has to do after receiving (127) Variation or cancellation (128) Normal powers to obtain information (129) Enforcement of compliance notice if no action taken (130) Appeals against compliance notices or variation/cancellation decisions (131) Interim order suspending notice pending appeal (132) Remedies, costs and enforcement (133)

9 When will the Commissioner issue a notice?
Question: Routine use? Or save compliance notices for special cases?

10

11 When will the Commissioner issue a notice?
Discretionary – nothing to stop it being routine as long as process observed When there’s something to be fixed and agency isn’t voluntarily fixing it (or not acting fast enough) Where the agency’s actions are causing or may cause harm – particularly if that harm is serious

12 What type of breach can lead to notice?

13 What type of breach can lead to notice?
Any breach of the Act Including breach of privacy principle/Code rule Breach of provisions of an approved information sharing agreement … … or an information matching agreement Wrongful failure to notify individual of data breach (or publicly notify) Breach of a public register privacy principle

14 Mandatory relevant considerations
Another means under Privacy Act or another Act for handling it? Seriousness Likelihood of repeat Number of people affected Whether agency has been co-operative Likely costs to agency of complying To extent Commissioner considers factor relevant and information about that factor is readily available to Commissioner

15 Process Agency must have reasonable opportunity to comment – needs to be told In writing What breach is (with stat provision) summarise conclusions about factors Specify steps that Commissioner considers need to be made to remedy breach, inc conditions Dates by which agency must remedy

16 Form of final notice Similar to draft … requirements are set out in 126 Discretionary as to whether includes steps necessary to remedy, conditions, or dates Must tell agency of right of appeal

17 Options if you get a notice

18 Question: what happens if you think the Commissioner has got the facts or the law wrong?

19 Options if you get a notice
Must take steps to comply asap Unless Apply to vary or cancel (persuade Commissioner that info needs to be amended, that you’ve complied, or that all/part is no longer needed) Appeal against all/part of notice or decision about variation/cancellation substantive/procedural/factual/legal/challenge to discretion Appeal must be lodged within 15 working days of issue/receipt Apply for interim order suspending compliance notice pending appeal (Chairperson of Tribunal decides)

20 What not to do if you get a notice

21 Enforcement Commissioner can take enforcement proceedings in Tribunal
If agency has ignored the notice, far less ability to object to enforcement ONLY ground is that agency believes the notice has been fully complied with Tribunal must not look at how notice was issued … … must not look at merits of the notice Remedies are discretionary, but chances are high that will order you to comply

22 Remedies Not an excuse that was unintentional or not negligent
Or that has partially fixed the problem – unless no further reasonable steps to take Order to comply by date specified by Tribunal Order that agency perform any act specified in order by date specified in order (eg reporting to Commissioner on progress) Confirm, cancel, modify notice (or variation decision) Costs as Tribunal sees fit

23 Summary Forceful new powers – systemic or cavalier breaches
Checks and balances on exercise of power to issue Still a strong role for voluntary action – voluntary compliance means there is no notice Also practical options if agency disagrees with Commissioner

24

25

26 Thanks! Now it’s time for afternoon tea …
Katrine Evans, Hayman Lawyers

Download ppt "Compliance notices under the Privacy Bill"

Similar presentations

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
IER Workplace Issues 23 March 2010. Employment Act 2008 In force 6 April 2009 repealed Statutory Dispute Resolution Procedures Overview of main changes:

IER Workplace Issues 23 March Employment Act 2008 In force 6 April 2009 repealed Statutory Dispute Resolution Procedures Overview of main changes:
The Care Act 2014,The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 and Possible Offences Jeremy Allin.

The Care Act 2014,The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 and Possible Offences Jeremy Allin.
JUDICIAL REVIEW OF ADMINISTRATIVE DECISION-MAKING SEPTEMBER 30, 2013.

JUDICIAL REVIEW OF ADMINISTRATIVE DECISION-MAKING SEPTEMBER 30, 2013.
Lecturer: Miljen Matijašević Session 8, 7 May 2014.

Lecturer: Miljen Matijašević Session 8, 7 May 2014.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Andersonlloyd.co.nz Auckland, Christchurch, Dunedin, Queenstown 18 May 2015 Reform of Resource Consent Application Process Presenter Rachel Brooking.

Andersonlloyd.co.nz Auckland, Christchurch, Dunedin, Queenstown 18 May 2015 Reform of Resource Consent Application Process Presenter Rachel Brooking.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
DATA PROTECTION OFFICE

DATA PROTECTION OFFICE
Rule 10 - Suspension Suspension is done by the appointing authority or any other authority empowered to do so Suspension of a Govt. servant may be done.

Rule 10 - Suspension Suspension is done by the appointing authority or any other authority empowered to do so Suspension of a Govt. servant may be done.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Legal status of CMS circulars Paul Midlane. Confused? Performance based incentives for managed healthcare is not permitted CMS indaba cancelled Supporting.

Legal status of CMS circulars Paul Midlane. Confused? Performance based incentives for managed healthcare is not permitted CMS indaba cancelled Supporting.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Taking privacy cases through the Human Rights Review Tribunal Some observations on process and the roles of the Privacy Commissioner and the Director of.

Taking privacy cases through the Human Rights Review Tribunal Some observations on process and the roles of the Privacy Commissioner and the Director of.
ICAI Conference ‘Regulation – Achieving the Balance’ 25 November 2005.

ICAI Conference ‘Regulation – Achieving the Balance’ 25 November 2005.
Agency Drafts Statement of Scope 227.135 Governor Approves Statement of Scope 227.135(2) No Agency Drafts: Special Report for rules impacting housing 227.115.

Agency Drafts Statement of Scope Governor Approves Statement of Scope (2) No Agency Drafts: Special Report for rules impacting housing
Appeals to the Upper Tribunal Against a Traffic Commissioner’s decision (Goods Vehicle Operator’s Licence) Jared Dunbar BSc, MA, LLB Associate, Dyne Solicitors.

Appeals to the Upper Tribunal Against a Traffic Commissioner’s decision (Goods Vehicle Operator’s Licence) Jared Dunbar BSc, MA, LLB Associate, Dyne Solicitors.
Local Assessment of Code of Conduct Complaints. 2 Background  On 08 May 2008 – the local assessment of Code of Conduct complaints was implemented due.

Local Assessment of Code of Conduct Complaints. 2 Background  On 08 May 2008 – the local assessment of Code of Conduct complaints was implemented due.

Similar presentations

Ads by Google