Latest news with #MichaelWebster
Scoop
3 days ago
- Scoop
Privacy Commissioner Announces New Rules For Biometrics
New Zealand now has new privacy rules for the automated use of biometrics - rules that aim to protect New Zealander's sensitive personal data, while allowing agencies to innovate. Biometric processing is the use of technologies, like facial recognition technology, to collect and process people's biometric information to identify them or learn more about them. The Privacy Commissioner has issued a Biometric Processing Privacy Code that will create specific privacy rules for agencies (businesses and organisations) using biometrics and give New Zealanders confidence about the use of their sensitive personal information. Privacy Commissioner Michael Webster says "Biometrics are some of our most sensitive information. It is not just information about us, it is us. The very thing that makes biometrics risky, their uniqueness, also makes them useful. The aim of the new rules is to allow for beneficial uses of biometrics while minimising the risks for people's privacy and society as a whole." The Code, which is now law made under the Privacy Act, will help make sure agencies implementing biometric technologies are doing it safely and in a way that is proportionate. "It's important that agencies can innovate while keeping New Zealanders safe from privacy risks; this Code will do that" says Commissioner Webster. "The final Code has the force of law. It has the same legal status as the Information Privacy Principles in the Privacy Act - it just replaces them for when agencies use biometric information in automated processes." Advertisement - scroll to continue reading The Code comes into force on 3 November 2025, but agencies already using biometrics have until 3 August 2026, 12 months from today's announcement, to align themselves with the new rules. "We understand the Code may require some changes to agencies' processes and policies for them to be compliant, like creating new notifications, training staff, or changing their technical systems, and we wanted to give them enough time to make these happen," says Mr Webster. In addition to the usual requirements from the Privacy Act, the Code strengthens and clarifies the requirements on agencies to: - assess the effectiveness and proportionality of using biometrics - is it fit for the circumstances - adopt safeguards to reduce privacy risk - tell people a biometric system is in use, before or when their biometric information is collected. The Code also limits some particularly intrusive uses of biometric technologies like using them to predict people's emotions or infer information like ethnicity or sex, or other information protected under the Human Rights Act. "Biometrics can have major benefits, including convenience, efficiency, and security. However, it can also create significant privacy risks, including surveillance and profiling, lack of transparency and control, and accuracy, bias, and discrimination," says Mr Webster. Most comparable jurisdictions have additional protections for sensitive information like biometric information. In New Zealand, the Privacy Act regulates the use of personal information (and therefore biometric information), but the Code now provides clear privacy rules around using biometric technologies. "Having biometric-specific guardrails will help agencies deploy these tools safely, using the right tool for the job and protecting people's privacy rights as they do it," says Mr Webster. Guidance is also being issued to support the Code. The guidance is very detailed and explains how we see the Code working in practice. It also sets out examples so agencies planning to use biometrics can better understand their obligations. "Our guidance is a starting point; agencies still need to do their own thinking and seek advice to understand their own situation and how they are using or plan to use biometrics. "Biometrics should only be used if they are necessary, effective and proportionate; the key thing to make sure of is that the benefits outweigh the privacy risks," says Mr Webster.
RNZ News
3 days ago
- Business
- RNZ News
Stronger rules planned for use of biometric data
File pic Photo: 123RF New rules have been introduced to govern how agencies can use people's biometric data, like facial recognition , fingerprints and iris scanning. The biometric privacy processing code will come into force in November, although agencies already using biometric technology will have until August 2026 to comply. Privacy Commissioner Michael Webster said agencies would need to weigh up the effectiveness and appropriateness of their biometrics use, put privacy safeguards in place and let people know when their biometric information was being collected. He said the use of biometric data was increasing in New Zealand but should only be used if it was necessary, effective and proportionate. "Because of its sensitivity - it is the most sensitive personal information - we thought it was timely to create some stronger and clearer rules about the use of biometric technology," he said. "We want New Zealanders to use technology well and in a privacy protective way to get both the benefit of new technology but to do it in a way that ensures that New Zealanders feel that their personal information, that their privacy, is being protected and respected." Businesses using biometric technology would have to comply with the Privacy Act and would be barred from some "particularly intrusive" uses of biometric technologies, like using them to predict people's emotions or infer information like ethnicity or sex, or other information protected under the Human Rights Act, Webster said. He said agencies introducing biometric technology would also need to assess the impact on Māori . "We know from research done before that there are concerns around bias and misidentification with the use of some biometric technologies, facial recognition technologies," he said. The code also set out specific rules for children, he said. "The code itself makes it clear that children need to have special attention paid to them in terms of the collection and stewardship and management of their personal information," he said. Webster said many people would be aware of the Foodstuffs North Island had been trialling facial recognition technology (FRT) in supermarkets . An Office of the Privacy Commissioner inquiry earlier this year found it raised privacy concerns, like the unnecessary or unfair collection of a customer's information, misidentification, technical bias and its ability to be used for surveillance. Webster said the business had taken strong steps to protect privacy and would likely meet the new code, although further improvements might be needed. "I think one of the things that Foodstuffs North Island will have to do is again assess the way it's running the use of FRT," he said. He said the code would not cover the health sector, which would continue to be governed by the health code. It also excluded people's use of entertainment devices or personal health devices like virtual reality headsets or Fitbits. Webster said the commission had prepared detailed guidance for public sector agencies, businesses and organisations. "We've tried to anticipate the sorts of questions that they might have, and written guidance to support them and ensure that if they do decide to use biometric technology, it is governed under the a way that is lawful," he said. Sign up for Ngā Pitopito Kōrero , a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
RNZ News
3 days ago
- Business
- RNZ News
Stricter rules for using facial recognition
The final biometrics code, which governs how technology such as facial recognition, is collected and used, has just been released by the Office of the Privacy Commissioner. The Code, which is now law under the Privacy Act, aims to ensure agencies implementing biometric technologies are doing it safely and in a way that is proportionate. Facial recognition technology has come under increased scrutiny in recent years - particularly its use in retail stores. Retailers say with workers and other customers facing high rates of verbal and physical abuse from repeat offenders the technology is a necessary crime-prevention tool. Foodstuffs North Island recently trialled the technology - however the results suggested hundreds of shoppers a year could be misidentified. The Privacy Commissioner's review then made a range of recommendations to improve the system. Facial recognition also has a history of being less accurate the darker the skin of a person, though some algorithms are better than others, and the technology is improving. A Maori Reference Panel set up at the end of 2024 told the commissioner it opposed the use of facial recognition use in supermarkets. The Privacy Commissioner is Michael Webster, and Retail NZ chief executive is Carolyn Young. To embed this content on your own webpage, cut and paste the following: See terms of use.
Otago Daily Times
4 days ago
- Otago Daily Times
Deadline to deal with unlawful photos missed again
Police lack an overall digital evidence handling system, and, so far, the funding to get one. Photo: RNZ Police have again missed a deadline to make certain they are not handling photos of people unlawfully. They had till the end of June this year to find a way to detect and delete all unlawfully collected material in their systems. An update showed they told Privacy Commissioner Michael Webster in March they would miss the deadline. Police were also meant to come up with a failsafe way to not use the photos in any way until they find and delete them all, but had not managed to do that either. RNZ in 2020 first exposed how police for years were wrongly collecting photos and fingerprints from the public, particularly young Māori. Webster said he was still deciding what to do next. "Not meeting the final requirements means the police has not complied fully with the notice," he said in a statement. "The commissioner is currently considering next steps ... including seeking further information to inform those next steps." Police lack an overall digital evidence handling system and, so far, the funding to get one. Police have been approached for comment.
Scoop
15-07-2025
- Scoop
Privacy Commissioner Says Better Passwords Will Help Fight Hackers
Privacy Commissioner Michael Webster says New Zealanders need to improve how they're using passwords. His warning comes because he's concerned about the increased risk of privacy breaches caused by privacy spraying. That's where hackers find one password and then try it on other accounts to see if it will work to open those as well. People recycling passwords for multiple accounts are falling victim. "Our strong suggestion is for people to have a different password for each account they have. Making a password unique means if one account is hacked then there's no chance it can also be used to open other accounts and create even more damage", Mr Webster says. "Having unique passwords is a great way to make a hacker's job far harder." There are several other things people can do to help protect their personal information. Using a password manager to store all your passwords is a good fix and there are many different options, many of which are free. People can also use long and strong passwords and change them immediately if they've been hacked. Turning on two-factor identification is another good layer of protection. "Having your information breached on one account is bad enough, but by using a dedicated password and adding extra security steps you can help prevent hackers accessing other accounts and causing even more harm. Personal information has value, so the more protection you have in place the better. Any step people can take to deter hackers is a good step to take and unique passwords are an excellent start."
