Source: Privacy Commissioner
The Office of the Privacy Commissioner has issued a compliance notice to the Reserve Bank of New Zealand. This compliance notice relates to a weakness in one of the Agencys third-party systems and some of the Agencys processes identified as the result of a notifiable privacy breach reported to the Office on 9 January 2021. This compliance notice requires the Reserve Bank to take specified steps by certain dates in order to comply with information privacy principle 5 (storage and security of personal information). Background to the compliance notice
In December 2020 the Reserve Bank of New Zealand was the victim of a cyber-attack, which raised the possibility of systemic weaknesses in the RBNZ systems and processes for protecting personal information. As a result, RBNZ instigated an internal and external review to identify any shortcomings in their operations.