NZ: Reserve Bank hit with compliance notice from Privacy Commissioner over data breach

Chris Keall reports:

The Reserve Bank has suffered the ignominy of being the first organisation to be hit by a compliance notice under the new Privacy Act, which came into force in December last year.

Privacy Commissioner John Edwards says an independent review carried out by KPMG after a December 2020 cyber attack “revealed multiple areas of non-compliance with Privacy Principle 5.”

Principle 5 of the new Privacy Act states that organisations “must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information”.

Read more on New Zealand Herald. The breach in this case was the Accellion file transfer breach.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
Romanian prisoner hacks prison IT system in plot made for a Netflix movie
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt

Related: