Stephen Bell reports:
A recent amendment to privacy law — the Privacy (Cross-Border Information) Amendment Act – aims at meeting conditions set by the European Union on the privacy of personal information sent to or through New Zealand. However, the Privacy Commissioner’s office acknowledges there are still holes in the protection of personal information that is originated here and leaves our shores.
This not only poses a problem with data sent to an identifiable overseas country; there is a potentially larger challenge for data processed in the cloud. Here it is often not possible to identify the jurisdiction in which the computers that process the data are situated.
And look — they’re concerned about Third Party, too:
Section 10 of the Privacy Act in its present form covers some of the situations. For example, where a company in New Zealand sends data to an affiliated company overseas, it is still protected by the principles of the Act covering misuse, availability to the subject and opportunity for correction; but where data is sent overseas to an unrelated third party or into the cloud there is no guaranteed protection under the Act, says assistant privacy commissioner Blair Stewart.
Read more on Computerworld (NZ)