New Zealand: Introduced Privacy Bill including cybersecurity regulation (Bill No.34-3)

On 19 March 2018, the Privacy Bill (No.34-3), which includes provisions for cybersecurity regulation, was introduced to parliament. The Bill mandates that agencies covered by the Bill to report data breaches. Specifically, the cybersecurity regulations, which are outlined in part 6 of the privacy Bill, delineate the procedures for handling notifiable privacy breaches and compliance notices. A notifiable privacy breach is a privacy breach that it is reasonable to believe has caused serious harm to an affected individual or is likely to do so. In assessing serious harm, agencies must consider actions taken to mitigate the risk, the sensitivity of the personal information involved (e.g., health records), the potential harm to individuals, the identity of the party obtaining the information (if known), whether security measures and any other relevant factors protect the information.