At a glance.
- New Zealand's new privacy law goes into effect this December.
- Vancouver healthcare provider warns of scammers seeking personal data.
- Report: personal data on travelers to Thailand and Malaysia compromised.
New Zealand privacy bill advances.
New Zealand's new Privacy Bill passed its third reading in Parliament and received Royal Assent at the end of June. The law will go into effect on December 1st, the National Law Review reports. It will apply to all "agencies" (that is, individuals, businesses, and other organizations) doing business in New Zealand. It prescribes mandatory disclosure of data breaches that "pose a risk of harm, loss or damage to affected individuals," it restricts cross-border transfers of personal information to jurisdictions that afford privacy protections comparable to New Zealand's, and it gives the Privacy Commissioner more teeth for enforcement.
Mondaq summarizes the key elements of the law that compliance officers will want to bear in mind. A privacy breach is defined as "Any unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information; or an action that prevents the agency from accessing the information on either a temporary or permanent basis." When an agency is determining the likelihood of harm that rises to the level that would require notifying the Privacy Commissioner, that agency much consider, among other things:
- "Any action taken to reduce the risk of harm following the breach;
- "Whether the personal information is sensitive in nature;
- "The nature of the harm that may be caused to affected individuals;
- "The person or body that has obtained or may obtain personal information as a result of the breach (if known); and
- "Whether the personal information is protected by a security measure."
Scammers after personal information impersonate hospital personnel.
Vancouver Coastal Health has warned that some callers are misrepresenting themselves as representatives of Squamish General Hospital and asking victims to provide personal information over the phone. The scammers are after full name, Social Insurance Number, and date of birth.
Personal data belonging to travelers to Thailand and Malaysia may have been posted to dark web sites.
Researchers at Cyble say they've found what appear to be personal information about travelers to Thailand and Malaysia. They report that "a credible actor" has claimed to be in possession of data belonging to some 45 million travelers. The information that appears to be at risk (and the story is still developing) include: passenger ID, full name, mobile number, "passport details," address, gender, and flight details.