Writing in the IITP Techblog Amy Ryburn says Australia has stolen a march on New Zealand when it comes to mandatory data breach reporting.
Ryburn's post is a readable run through the main issues.
She then says:
The introduction of a mandatory breach reporting regime, and broader privacy law reform, has been on the cards in New Zealand for a long time.... While there seems to be political will from both sides of the aisle, the process of introducing those reforms has not moved quickly.
She goes on, in lawyerly fashion, to worry about the wording of Australia's rules compared with the version New Zealand is working on. Having the two align makes sense, especially now that many IT operations straddle the two countries.
New Zealand has been tardy getting its own regime in place. We have regulatory guidelines that encourage reporting, but this is not mandatory. This leaves us out of step with many trading partners and could be a barrier to some forms of investment.
Fixing it should be a priority.