Back in 1993 personal computers were still novel, and the Eternal September of the internet was just beginning. In New Zealand, the Privacy Act 1993 anticipated as best it could a future where the free flow of information made individual privacy hard to protect.
The Act established that every NZ agency, public or private needed to assign a Privacy Officer responsible for the handling of personal information within the company.
A lot has changed since 1993
In the last 27 years, the IT world has changed enormously. Information security in particular has gone through major mind-shifts both in techniques and terminology, and also in the underlying thinking that we bring to it. As a result it can be a bewildering and intimidating field for an outsider to approach.
During the same period, the world's awareness of the importance of individual privacy as a human right has slowly increased. This awareness has followed behind a dizzying number of threats and breaches and challenges to privacy.
As awareness of a problem increases, legislation follows. 2018 saw the introduction by the EU of the General Data Protection Regulation (GDPR), and the signing in of the California Consumer Privacy Act (CCPA). That same year, NZ began the process of replacing the Privacy Act 1993.
The NZ bill has now passed its second reading and adds the requirement for companies to report data breaches, to respond to compliance notices, and gives the Privacy Commissioner more teeth to enforce privacy requirements. NZ companies will have to get serious about how they handle private information.
Privacy Officers, Technology and Security
Companies in NZ source their Privacy Officers from many departments - legal, accounting, compliance, operations.
They need to be able to understand their company's IT system such as:
- where the data is collected,
- where it's stored,
- where it is passed to third parties
- how it is secured at every stage of its life
There is a lot for them to do <phew>.
They need to be up to date with the current threat landscape. They need to be part of Incident Response planning and reviewing the Risk Register.
It isn't enough to invite them to the meetings (though that's a great start!) Your Privacy Officers need to be able to speak Information Security and feel comfortable asking challenging questions of IT teams.
Introducing: Information Security for Privacy Officers
SafeStack and Simply Privacy have partnered to develop a half-day workshop that introduces the fundamental concepts, tools, and practices of information security in 2020 from a Privacy Officer's perspective.
Emma from Simply Privacy has been practically involved in privacy for over 15 years, providing pragmatic advice to companies and their Privacy Officers. She already runs highly rated training workshops for Privacy Officers and she is an expert on the changing legal landscape of privacy. It would be hard to find a more qualified partner to bridge the divide.
When is it?
Thursday 9 April 2020, 9 - 12:30 pm
Where is it?
The Boardroom, Maritime Museum, Auckland
How much is it?
$425 per person + GST
How do I register?
Remember, Security works better with friends
If your company's Privacy Officer doesn't come from an IT background, go and say Hello! and get them to they sign up for our Auckland workshop, April 9.
When the big breach hits you'll be glad you are all speaking the same language.