Chris Keall reports:
The Reserve Bank has suffered the ignominy of being the first organisation to be hit by a compliance notice under the new Privacy Act, which came into force in December last year.
Privacy Commissioner John Edwards says an independent review carried out by KPMG after a December 2020 cyber attack “revealed multiple areas of non-compliance with Privacy Principle 5.”
Principle 5 of the new Privacy Act states that organisations “must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information”.
Read more on New Zealand Herald. The breach in this case was the Accellion file transfer breach.