Understanding Compliance Notices under the Privacy Bill
Explore the powers of the Privacy Commissioner, complaint investigations, enforceable compliance notices, and the process involved in issuing and appealing compliance notices. Learn about the criteria for issuing notices and the implications of not complying with them.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Compliance notices under the Privacy Bill OR CAVE CANEM
What happens now? The current powers of the Commissioner
The current powers of the Commissioner
Complaint investigations Own motion inquiries Recommendations Referral to the Director of Human Rights Proceedings Naming policy Statutory powers to demand information (offence to fail to provide without reasonable cause) Can take evidence on oath
Serious breaches that the agency is unwilling to address Systemic or repeat breaches where no progress made Have to use a middle person in the enforcement process additional time and resources => Enforceable compliance notice
Sections 124 - 135 When the Commissioner can issue a compliance notice (124) What the Commissioner has to consider before issuing (125) Process for issuing (125) Form and service (126) What agency has to do after receiving (127) Variation or cancellation (128) Normal powers to obtain information (129) Enforcement of compliance notice if no action taken (130) Appeals against compliance notices or variation/cancellation decisions (131) Interim order suspending notice pending appeal (132) Remedies, costs and enforcement (133)
When will the Commissioner issue a notice? Question: Routine use? Or save compliance notices for special cases?
When will the Commissioner issue a notice? Discretionary nothing to stop it being routine as long as process observed When there s something to be fixed and agency isn t voluntarily fixing it (or not acting fast enough) Where the agency s actions are causing or may cause harm particularly if that harm is serious
What type of breach can lead to notice?
What type of breach can lead to notice? Any breach of the Act Including breach of privacy principle/Code rule Breach of provisions of an approved information sharing agreement or an information matching agreement Wrongful failure to notify individual of data breach (or publicly notify) Breach of a public register privacy principle
Mandatory relevant considerations Another means under Privacy Act or another Act for handling it? Seriousness Likelihood of repeat Number of people affected Whether agency has been co-operative Likely costs to agency of complying To extent Commissioner considers factor relevant and information about that factor is readily available to Commissioner
Process Agency must have reasonable opportunity to comment needs to be told In writing What breach is (with stat provision) summarise conclusions about factors Specify steps that Commissioner considers need to be made to remedy breach, inc conditions Dates by which agency must remedy
Form of final notice Similar to draft requirements are set out in 126 Discretionary as to whether includes steps necessary to remedy, conditions, or dates Must tell agency of right of appeal
Question: what happens if you think the Commissioner has got the facts or the law wrong?
Options if you get a notice Must take steps to comply asap Unless Apply to vary or cancel (persuade Commissioner that info needs to be amended, that you ve complied, or that all/part is no longer needed) Appeal against all/part of notice or decision about variation/cancellation ------- substantive/procedural/factual/legal/challenge to discretion Appeal must be lodged within 15 working days of issue/receipt Apply for interim order suspending compliance notice pending appeal (Chairperson of Tribunal decides)
Enforcement Commissioner can take enforcement proceedings in Tribunal If agency has ignored the notice, far less ability to object to enforcement ONLY ground is that agency believes the notice has been fully complied with Tribunal must not look at how notice was issued must not look at merits of the notice Remedies are discretionary, but chances are high that will order you to comply
Remedies Not an excuse that was unintentional or not negligent Or that has partially fixed the problem unless no further reasonable steps to take Order to comply by date specified by Tribunal Order that agency perform any act specified in order by date specified in order (eg reporting to Commissioner on progress) Confirm, cancel, modify notice (or variation decision) Costs as Tribunal sees fit
Summary Forceful new powers systemic or cavalier breaches Checks and balances on exercise of power to issue Still a strong role for voluntary action voluntary compliance means there is no notice Also practical options if agency disagrees with Commissioner
Thanks! Now it s time for afternoon tea Katrine Evans, Hayman Lawyers k.evans@haymanlawyers.co.nz