Privacy Week: Sensitive information stored online can hurt you

Techday NZ

11-05-2025

Have you ever stopped to think about how much of your personal information is stored online?
You might be surprised to know that a considerable amount of your most sensitive information is has been filed away in the cloud by the companies and government departments you deal with your medical records, private conversations you've had with others, financial information, purchases you've made and more.
This kind of data is routinely accessed by cybercriminals. In fact, it's possible some of your sensitive data is available on the dark web right now.
It all comes down to what information you share with organisations and how they protect it. Do they take their role as guardian of your data seriously?
The sad reality is, we live in a country where many businesses don't. And even the companies that do take cyber security seriously can't guarantee your data will be safe from a cyber-attack.
As Privacy Week 2025 begins, it's a good reminder for you to be careful with the information you share, and who you share it with.
The truth is, in the modern world you often have no choice but to share personal information. You may be able to limit what you share on social media or the number of online accounts you sign up to, but it's a lot more difficult to control how organisations store your essential records like your medical data or financial information.
Privacy Week should really be less about individuals, and more about business leaders considering the data they hold and what they are doing to ensure it's protected.
The personal impact of a cyber breach
When personal data is leaked, depending how sensitive the information is, it can cause significant harm to victims. However, cybercriminals don't care about the damaged caused to individuals. For them, personal data is a valuable bargaining chip to force the companies they hack into paying an extortion demand.
In February this year Genea Fertility in Australia was breached with up to 700GB of data stolen and listed on the dark web.
It was reported that contact details, Medicare card numbers, medical histories, test results, and medications were compromised, although Genea is yet to confirm this.
Genea's silence has only deepened the anxiety, adding stress and turmoil to what is already a deeply personal and emotional fertility journey.
There are also growing international trends of cybercriminals blackmailing individuals. This can profoundly impact wellbeing and have harrowing consequences. Take the case of Swedish psychotherapy provider Vastaamo whose databases containing confidential mental health information were breached in 2020.
When the company refused to pay the ransom demand, the hacker emailed thousands of patients asking for 200 Euros and threatening to publicly share their personal details.
At least one suicide has been linked to the case, a devasting outcome of what can happen when private data is weaponised.
It's about the stick
So, what's going to get New Zealand businesses to take cyber security seriously? I think it's more about the stick than the carrot.
In 2016, company directors became personally liable for health and safety negligence. This prompted a significant rise in due diligence and New Zealanders were better protected at work.
Protecting personal data should be treated in the same regard as health and safety.
At the very least, we need to look at the fines the government can issue to businesses hit by cyber-attacks.
Currently in New Zealand, the maximum fine that can be issued is $10,000, and that's for not disclosing a data breach to the Privacy Commissioner. Compare that to Australia where their maximum fine for serious interference with privacy is $50 million.
That's an incentive that would really get business leaders to take their responsibility seriously.
What can individuals do?
New Zealand legislation won't change overnight, but we should continue to put pressure on organisations collecting data to uphold our privacy.
However, protecting yourself online can help you avoid, or better manage your affairs, if your personal or financial details are breached.
Here are four basic tips: Never save your credit card details
Sure, it's nice to have your credit card details saved into your browser, but it's not worth the risk. If your device or the shopping site is compromised, a hacker can easily steal your credentials and fraudulently charge your cards. Always use multi-factor authentication (MFA)
Having to get your phone out each time you log in to an important app or website to verify yourself is a hassle, but it's one of the best ways to lock hackers out.
It is easy to ignore device updates to your phone or computer, but you should install them as soon as they're available. Secure your most used apps.
There are a range of built-in privacy tools from WhatsApp, Facebook, and Google that allow you to review and tighten your security settings. Be sure to do this! You might be surprised how much information can be scraped from public profiles. Only share what you need to.
Limit what information you share online, whether that be on social media or through surveys, online forms, competitions or other mechanisms companies use to collect personal data. Only share what is necessary.
My parting advice is to remember your private data is valuable, especially to cybercriminals.