We published a case note in March 2019 about a law firm that demanded $19,000 from a former client for the cost of providing the client with his information. After investigating the complaint, the Privacy Commissioner concluded the cost of a USB stick was a reasonable cost, not the $19,000 charge. We wrote about that case here.

We’ll be saying it for the rest of this year because we want everyone to be aware and ready for it when it happens: The new Privacy Act 2020 is coming into effect on 1 December 2020.

International transfers of personal data are under the spotlight again following a recent decision of the European Court of Justice that reviewed the legal means of transferring personal data from the EU to the United States: Data Protection Commissioner v Facebook Ireland and Max Schrems (Case C-311/18; 16 July 2020).

When is information your personal information? Does it include references to other people that just happen to be on a file with your name on it? These are the questions that the Human Rights Review Tribunal, and High Court of New Zealand have considered in the recent decisions in Taylor v Chief Executive of the Department of Corrections ([2018] NZHRRT 35 and Taylor v Chief Executive of the Department of Corrections [2020] NZHC 383.

The parents of a profoundly disabled boy took a case to the Human Rights Review Tribunal [2020 HRRT 13] on their son's behalf in relation to the provision and accuracy of his health information while he was in the custody of IDEA Services.

An Auckland Powershop customer did the right thing by checking her credit report after the company said she was in arrears, even though she was up to date with her payments.

The Human Rights Review Tribunal [2020 HRRT 16] awarded $50,000 to an ACC claimant after it was found to have breached the Privacy Act by destroying his file.

A former nurse who waited five years to lodge a privacy complaint with the Privacy Commissioner had her request for judgement rejected by the Human Rights Review Tribunal (HRRT) in March 2020.[1]