Your browser is not supported

Our website does not support the browser you are using. For a better browsing experience update to a compatible browser like the latest browsers from Chrome, Firefox and Safari.

First Privacy Act compliance notice successfully closed

The Privacy Commissioner has today announced the closure of its first compliance notice, issued to the Reserve Bank of New Zealand – Te Pūtea Matua in September 2021.

The Privacy Commissioner has today announced the closure of its first compliance notice, issued to the Reserve Bank of New Zealand – Te Pūtea Matua in September 2021.

This followed the Reserve Bank’s response to the December 2020 cyber-attack and independent review of the incident by KPMG.

“When an agency has had a significant privacy breach, compliance notices are one of our core tools for providing them with a clear roadmap to improving their privacy practices,” says Privacy Commissioner Michael Webster.

“In this case, our compliance notice outlined improvements the Reserve Bank needed to make to ensure the safety and security of the personal information in its care, building on the KMPG report. The RBNZ has made every change recommended and more, and we are closing this compliance notice confident that all identified areas of concern have been addressed.” 

The Privacy Commissioner can issue compliance notices to organisations or businesses that are not meeting their obligations under the Privacy Act. It details the changes the agency needs to make to its activities in order to comply with the Privacy Act. Refusing to comply with a compliance notice is an offence under the Privacy Act.

Reserve Bank Governor Adrian Orr says, “This is an important milestone and a credit to all the RBNZ staff and stakeholders who’ve worked together to deliver our business services improvement programme which we started shortly after the data breach incident.

“At Te Pūtea Matua we remain committed to our ongoing programme of education and training while continuing to improve our systems and processes supporting the protection and storage of information.

“I would like to again thank the OPC for its support throughout this incident and the collaborative approach they have taken to their investigation and our remedial actions.”

“The Reserve Bank did everything right in responding to this breach,” says Mr Webster. “They notified us immediately, they worked with us throughout the process, and they have taken on board the improvements we advised through our compliance notice. We’re heartened by their willingness to learn from this situation and the safeguards and continuous improvement processes they have put in place.”

More information

Media contact

OPC
Anastasia Turnbull
Manager Communications and Engagement 
Phone: 021 509 735
Email: [email protected]

RBNZ
Oliver Bates
Manager, External Stakeholders
DDI: +64 4 474 8627
Email: [email protected]