Source: Privacy Commissioner
The Privacy Commissioner has today issued a compliance notice to the Reserve Bank of New Zealand, triggered by a cyber-attack in December 2020. This is the first time the Privacy Commissioner has issued a compliance notice since receiving these new powers in the Privacy Act 2020. Privacy Commissioner John Edwards says, The cyber-attack was a significant breach of one of the Banks security systems and raised the possibility of systemic weakness in the Banks systems and processes for protecting personal information.
As part of the investigation into the breach the Bank engaged KPMG to undertake an independent review of its systems and processes. The review revealed multiple areas of non-compliance with Privacy Principle 5. Mr Edwards says, We are heartened by the speed and thoroughness of the Banks response.