Source: PSA
- Chickens come home to roost as Govt. turned blind eye to privacy threats
The Government pushed ahead with cuts to the Office of the Privacy Commissioner despite being warned the agency lacked the resources to protect New Zealanders from growing privacy threats.
Now with the ManageMyHealth breach exposing the health data of 127,000 New Zealanders, the Government must take responsibility for the consequences of its reckless funding decisions.
The Privacy Commissioner provides a critical safeguard and education function around data breaches. It told the incoming Government in no uncertain terms in late 2023 it had ‘insufficient funding’ to meet the challenges of rising complaints from individuals and organisations (see p5 of Briefing to Incoming Minister 4 December 2023).
He told the new Minister ‘While we respond effectively to address the privacy concerns these organisations create, our current resourcing limits our ability to uplift privacy capability and understanding across the economy’.
“The Government was explicitly warned – it knew the Privacy Commissioner was already stretched thin, yet it still forced through a 6.5 percent funding cut to pay for tax cuts for landlords,” said Fleur Fitzsimons, National Secretary for the Public Service Association Te Pūkenga Here Tikanga Mahi.
The warning was repeated in its latest Annual Report, with the Office saying funding had fallen in real terms and was below the level needed to meet its increased responsibilities as complaints continued to increase sharply (see p14).
“Cuts have consequences – we’re seeing that across the public sector.
“In this case the cut was imposed on an agency that was already at breaking point. The Government must accept some of the blame for the ManageMyHealth breach as it prioritised tax breaks for landlords ahead of properly resourcing the agency at the frontline of protecting New Zealanders’ private health and other sensitive information.
“The Commissioner’s own website today warns that ‘There is high demand right now for our services. We’re working hard, but there might be delays in progressing your complaint or enquiry.’ That’s the reality of an agency pushed beyond its limits and starved of the funding it needs to do its job.
“The Office can’t provide the specialist advice agencies need to protect data because of funding cuts. They can’t educate organisations about their privacy obligations. They can’t investigate complaints in a timely way.
“It goes deeper than that too. The Privacy Commissioner has been crystal clear in briefings to the Government and their last three Annual Reports that a review of the Privacy Act is urgent.
“Our legal framework hasn’t caught up with AI, biometrics and new risks to children’s privacy from social media. This work is now critical.
“The Government needs to stop burying its head in the sand. It must apologise for these reckless cuts, restore funding immediately, and commit to a comprehensive review of the Privacy Act.
“Otherwise we’ll see more breaches like ManageMyHealth. The Government can’t keep cutting agencies to the bone and then act surprised when things go wrong. New Zealanders deserve better.”
