Online security a work in progress


As published in Hawke's Bay Today. Canny View by Nick Stewart, Authorised Financial Adviser.

In an increasingly online world, we are sharing and disclosing more and more online, and that information is being held digitally.

New Zealand's attempt to reform it's Privacy Act and make security breaches public has yet to make it through Parliament, though the reform was first proposed in 2014.

According to the Cabinet's Cyber Policy Office director, Paul Ash: "Even without specific legislation to report cyber breaches of customer data, companies still have clear ground rules for being careful."

This article is a reflection on my recent participation in Cyber Week 2017 - an annual Cybersecurity Conference held at Tel Aviv University, Israel.

The Prime Minister's office in NZ led a delegation for this conference, and I was invited to attend, along with 24 others from business and government sectors around NZ and Australia. It was too rare an opportunity to miss.

I will give an overview of the importance of privacy, outlining key findings from the
2016 New Zealand privacy survey, and discuss whether New Zealand is falling behind the rest of the world and what the proposed reform may do.

Privacy means the capacity to protect your private information. Privacy is important to ensure people feel secure in this digital world and hence, privacy is recognised as a human right by law in NZ.

This law is the Privacy Act 1993, and it contains various privacy standards, with which "offices" (ie, organisations and businesses) in NZ must comply.

Inability to comply with privacy standards can prompt censure by the Privacy Commissioner and also reputational harm and loss of clients.

The rapidly changing digital and technology conditions have changed the role of personal data, with an increasing number of public and private bodies accessing a huge amount of customer/client data every day.

The potential for an organisation to suffer a major data breach is increasing, and organisations can't afford to overlook these risks.

The NZ Privacy Commission's recent privacy survey 2016 revealed these key trends:

• Two-thirds of New Zealanders are concerned about an individual's privacy and the protection of their personal information

• Just under half of the respondents were more concerned about issues with their privacy than they were a few years earlier

• A large majority of respondents were concerned about identity theft, credit card and banking details, businesses sharing personal information and security of personal information

NZ has seen frequent examples in the news of leaks and data breaches.

A month ago, Yahoo revealed that a data breach that happened in 2013 affected all 3 billion user accounts, tripling the number originally reported.

Spark NZ, which dropped Yahoo last year as its service provider for Xtra Mail, said the data breach impacted every Xtra email that existed in 2013.

While NZ appears not to be rushing into Privacy Act reform, the Australian Senate recently passed legislation to create a mandatory cyber breach notification scheme, the Data Notification Law (DNL), by February 2018.

The DNL is intended to protect and provide notice to individuals at risk of harm
from a data breach, so they can promptly take appropriate action to protect themselves.

In NZ, it is not compulsory to report a data breach, but that is expected to change with the Privacy Act update.

The Government has indicated that a mandatory requirement to report data breaches is going to be part of the changes made in a new Privacy Act.

NZ also established the national Computer Emergency Response Team (CERT) in April 2017 as a public-facing central point for anything cyber-security-related.

It has increased the Government's visibility of data breach issues and the threat they pose to NZ companies. The Government expects to see voluntary reporting increase over time, which will provide a better picture of the nation's cyber-security, to improve our position.

• Nick Stewart is an authorised financial adviser and executive director of Stewart Financial Group. Stewart Group is a Hawke's Bay-owned and operated independent financial planning firm based in Hastings. The advice given here is general and does not constitute specific advice to any person.

• The views expressed in this article are those of Stewart Financial Group Ltd. The disclosure statement for Stewart Group is available free of charge by contacting us on 0800 878 961. This article contains class advice only and does not consider objectives or situation of any particular investor. It should not be construed as a solicitation to buy or sell any financial product or to engage in or refrain from engaging in any transaction. We recommend that you consider the appropriateness of information to your situation.