Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Privacy Commissioner issues first compliance notice

Privacy Commissioner issues first compliance notice to Reserve Bank of New Zealand

The Privacy Commissioner has today issued a compliance notice to the Reserve Bank of New Zealand, triggered by a cyber-attack in December 2020.

This is the first time the Privacy Commissioner has issued a compliance notice since receiving these new powers in the Privacy Act 2020.

Privacy Commissioner John Edwards says, “The cyber-attack was a significant breach of one of the Bank’s security systems and raised the possibility of systemic weakness in the Bank’s systems and processes for protecting personal information.”

As part of the investigation into the breach the Bank engaged KPMG to undertake an independent review of its systems and processes. The review revealed multiple areas of non-compliance with Privacy Principle 5.

Mr Edwards says, “We are heartened by the speed and thoroughness of the Bank’s response. We were notified as soon as the cyber-attack was identified, and they have been constructive and open throughout the compliance investigation process. We are pleased to see the positive way they’ve dealt with the aftermath of the attack.”

The compliance notice issued today provides a template for the Bank to report on to the Privacy Commissioner, confirming the improvements to their policies and procedures aimed to make the systems more secure.

Reserve Bank Governor Adrian Orr says, “OPC’s findings are consistent with the findings and recommendations in the KPMG review. We accept these findings and take full responsibility for the shortfalls identified in our systems and processes.”

“We have a detailed programme of work underway to address these. This work started shortly after the data breach incident through our business services improvement programme (BSIP) which continues to be a key priority for us here at Te Pūtea Matua.

I would like to again thank the OPC for their support throughout this incident and the collaborative approach they have taken during their investigation.”

Mr Edwards says, “Our role as a regulator is to deliver better privacy outcomes for all New Zealanders, using the powers at our disposal. Where we identify issues that compromise the security of personal information, we will use our compliance powers to make sure that these risks are addressed. This compliance notice also provides a learning opportunity for the Bank, and for other agencies. We appreciate the maturity and openness the Bank have shown throughout this process, and hope that others, too, can learn from this situation.”

Mr Edwards says that the Privacy Act allows for the publication of compliance notices on a case-by-case basis if the Commissioner believes it is desirable to do so in the public interest.

“Publishing the full details of the compliance notice might compromise some of the ongoing efforts to fully rectify the matters that have been identified. However, I have decided it is necessary to publicly acknowledge the steps being taken by the Bank, to provide assurance to the public that these issues are being addressed.”


  • A compliance notice is a written notice from the Privacy Commissioner to a public or private sector agency that the agency is in breach of its statutory obligations under the Privacy Act.
  • The Privacy Act’s Principle 5 says agencies that hold personal information have to have reasonable security safeguards in place to protect personal privacy.

© Scoop Media

Business Headlines | Sci-Tech Headlines


Amazon: AWS To Open Data Centres In New Zealand

Today, Amazon Web Services (AWS), announced plans to open an infrastructure region in Aotearoa New Zealand in 2024. The new AWS Asia Pacific (Auckland) Region will consist of three Availability Zones (AZs) and join the existing 81 Availability Zones across 25 geographic AWS Regions at launch... More>>


BNZ: Consumer Card Spending Climbing Out Of Delta Lockdown

New data from Bank of New Zealand (BNZ) shows card spending is heading back towards pre-delta lockdown levels. Spending on BNZ credit, debit and Eftpos cards has bounced back over the last three weeks and is now 14 per cent below the pre-delta lockdown average... More>>

Reserve Bank: A least regrets approach to uncertainty

The Reserve Bank of New Zealand – Te Pūtea Matua makes decisions about official interest rates in a way that is robust in the face of uncertainty about the economy, Reserve Bank Assistant Governor Christian Hawkesby says in a speech published today*... More>>

Fonterra: Completes reset, announces annual results and long-term growth plan out to 2030

Fonterra Co-operative Group Limited today announced a strong set of results for the 2021 financial year, reflected in a final Farmgate Milk Price of $7.54, normalised earnings per share of 34 cents and a final dividend of 15 cents... More>>

Statistics: GDP rises in the June 2021 quarter

Gross domestic product (GDP) rose by 2.8 percent in the June 2021 quarter, following a 1.4 percent increase in the March 2021 quarter, Stats NZ said today. June 2021 quarter GDP was 4.3 percent higher when compared with the December 2019 quarter... More>>

Energy-from-waste: $350 Million Plant To Deliver Renewable Energy Considered

Investigations have begun into the viability of building an Energy-from-Waste plant that will safely convert 350,000 tonnes of waste, that would otherwise be dumped into South Island landfills annually, into renewable electricity... More>>