Data Protection Litigation in New Zealand: Processes and Outcomes

This article examines the first 14 years of New Zealand's experience with regulating data protection from the standpoint of the processes for resolving disputes that are available to complainants. The Privacy Act 1993 applies to both the private and public sectors and provides a "one size fits all" regime unlike those of other jurisdictions. The extent to which it provides effective remedies may be studied through the reported case law of the dedicated tribunal that hears privacy complaints.The article examines the decisions of this tribunal and the few instances where further appeals have occurred. It also includes a statistical analysis of the nature of defendants (how many were from the public as opposed to the private sector), which information privacy principles were litigated the most, the remedies obtained and the range and average amount of compensation awarded. In addition an assessment is made as to the extent to which parties were legally represented and the effect this had on outcomes for them.The success of a country's privacy law depends on its ability to provide real remedies in concrete instances affecting real people. The article assesses the success or otherwise of the New Zealand regime in achieving this and in particular the merits of a system of dispute resolution that largely avoids recourse to the courts. The article finds that legal issues and technicalities have played a major part in litigation before the tribunal and that these have been a hurdle for litigants

Upping the Ante: New Actors and the Evolving Nature of Privacy Act Jurisprudence in New Zealand

This article examines emerging trends in New Zealand's Privacy Act 1993 (the Act) litigation emanating from the Human Rights Review Tribunal (the Tribunal), which adjudicates cases brought under the Act. The Tribunal can award a range of remedies including damages, injunctions and declarations but in recent years it has also developed other remedies, such as training orders, aimed at remedying systemic privacy failures within agencies. The legitimacy of these is assessed against the backdrop of legislative lethargy in implementing parallel recommendations for law reform aimed at similar mischiefs. The article surveys all cases brought before the Tribunal (in its privacy jurisdiction) over a ten-year period from 2007 until 2016 inclusive. Brief comparison is made with Tribunal awards for discrimination under its non-privacy jurisdiction. The article also examines the reasons for a significant increase in the average amount of damages in recent years, especially in the Tribunals' privacy jurisdiction. Contributing factors to this include the changing nature of the types of dispute and the defendants involved as well as the discretion afforded to the Tribunal. Whilst the Tribunal has significantly modified its approach, other significant influences have included a recent increase in the number of private sector defendants. The Tribunal's substantive jurisprudence as to the nature of the obligations contained in the Act's privacy principles has also continued to evolve thereby vindicating New Zealand's principles-based data privacy regime

Managing health information in New Zealand: An analysis of the health information privacy principles

The New Zealand Health Information Service has recently established a national health register. At the heart of this development are three national databases. These applications and their functions are presented. Other initiatives currently being explored are also discussed. The paper contends that these initiatives under the guise of advancing the nation\u27s health may instead be infringing the privacy of the nation\u27s citizens. An analysis of New Zealand\u27s privacy legislation to the development of such a centralized health system is detailed. The paper concludes by considering the possibility of hidden agendas despite the provisions of the nation\u27s privacy rules