NZ Engine

Source: Police investigating after shots fired at Hastings house

Date:  28 March 2025 Source:  Office of the Minister of Conservation

The High Court recently decided it was unlawful for the Department of Conservation – Te Papa Atawhai to authorise the New Zealand Transport Agency – Waka Kotahi under section 53 of the Wildlife Act to harm protected wildlife species while building the Mt Messenger highway.

“As permission was also granted under another section of the Act, the court’s decision doesn’t affect this highway’s ongoing construction. It will not affect Fast Track projects either,” Mr Potaka says.

“However, the decision could delay other projects DOC has given permission for or are still coming through the pipeline under section 53 of the Act – such as building new solar and wind farms, plantation forests, and powerline maintenance that are essential for supporting our growing economy. It also affects other important conservation work, like pest control.

“The Government intends to promptly change the law to enable these important activities to go ahead lawfully, including the building of houses and roads for example, as they have in the past with safeguards for wildlife. These amendments will provide certainty for existing projects,” Mr Potaka says.

“While developers are absolutely expected to make the best possible effort to protect our precious wildlife when getting on with their mahi, they should have confidence they won’t be prosecuted if their projects incidentally kill protected wildlife despite having previous authorisation and complying with the conditions set.

“It’s important Aotearoa New Zealand’s wildlife continues to be protected and that species can thrive as we support a strong and growing economy. The Government still expects responsible developers to seek permission for the activities they undertake – for example, seeking to relocate animals before doing any construction work – to protect populations and support the ongoing viability of species.”

Contact

Source: Police investigating after shots fired at Hastings house

Date:  28 March 2025

Ngāi Tahu and DOC first released takahē on Ngāi Tahu tribal property Greenstone Station in 2023 to establish a new wild population.

The predation is not unexpected says DOC Takahē Recovery Operations Manager Deidre Vercoe, but this apparent cluster of deaths over a five-week period is being taken very seriously as it shows even one stoat can do a lot of damage.

“DNA analysis and necropsy results point to a stoat, and we have since spotted a likely culprit multiple times on a camera in the area.

“A fifth takahē with an unknown cause of death could also have been a victim.

“Stoats can be extremely trap shy and take some time to catch, so more takahē deaths could become a reality.”

Takahē monitoring has been increased, extra traps have been installed, a stoat detection dog is on site, baited trail cameras are in use and the existing trapping network is being rebaited more often.

“Until New Zealand is predator free, any new wild site for takahē will have a level of predation threat. This is the reality our native birds face daily on the mainland,” says Deidre.

“Current predator control tools make a big difference to species survival, but this scenario highlights the challenges.

“Thankfully, the overall takahē population is increasing, so, with the support of our Treaty partner, we can continue to take bold steps to learn more about new wild sites that could support takahē to thrive.”

A population of 20-30 takahē has been living in the Greenstone for more than 18 months now and the health and productivity of the birds has exceeded expectations, with two active breeding seasons indicating the Greenstone Valley is a promising wild site.

The total number of takahē nationwide is more than 500 and more homes are needed for the growing population. More than half live at wild sites where stoats are present.

Ngāi Tahu representative on the Takahē Recovery Group, Gail Thompson says these recent deaths highlight that, despite their large size, sturdy beaks and claws, takahē remain vulnerable to introduced predators wherever they are in the wild.

“This reinforces the importance of continuing to find new wild habitats for our taonga species while also collectively striving for a predator-free Aotearoa New Zealand,” says Gail.”

Ngāi Tahu and Takahē Recovery, supported by National Partner Fulton Hogan, remain committed to maintaining a population of takahē in the Greenstone and wider Whakatipu. Efforts to establish a population of up to 80 takahē this year in the nearby Rees Valley began in February, with a second release due in the Rees in April and a third planned for Spring.

Contact

Source: Police investigating after shots fired at Hastings house

Date:  28 March 2025 Source:  Office of Minister for Hunting and Fishing

“Longer permits, automatic reminders and better navigation are part of a significant upgrade that will make life easier for 34,000 hunters that hunt on open conservation land,” Minister Meager says.

“The underlying technology of the current hunting permit system is outdated and in need of an update, and is being improved based on the direct feedback of hunters. This upgrade will support more hunters, both domestic and international, getting out and doing what they love.

“This substantial upgrade to the permitting system will make it more reliable and easier to navigate on mobile devices, making it easier to obtain permits on the go. Hunting permits will now be valid for 12 months, an increase on the current four-month period. Hunters will also receive reminders 14 days before their permits are due to expire so they can easily obtain a new permit. 

“The upgraded system will also make selecting hunting areas easier. Instead of the 54 hunting areas that hunters currently choose from, the system will be simplified so hunters choose from eight regions, four in the North Island and four in the South Island/Stewart Island. All existing hunting areas within the broader region will automatically be included on the permit, and hunters can also select all hunting areas within New Zealand at the press of a single button.

“These may be simple changes, but they reflect a government which is committed to making it easier for New Zealanders to go hunting and fishing on conservation land, and are willing to listen to the feedback of the hunting community to do so.”

This new system will be launched by the Department in Conservation in May.

Contact

Source: Police investigating after shots fired at Hastings house

Date:  27 March 2025

The two Waitaha geckos were first discovered and marked in 1967 and 1969 by late Herpetologist Tony Whitaker. His detailed record-keeping allowed Department of Conservation staff to accurately date their ages.

DOC Biodiversity Ranger Kaitlyn Leeds says the geckos were found during a five-yearly species monitoring visit to Motunau Island.

“We were all blown away to find two of the original marked lizards! We found “Antoinette” (named in honour of Tony Whitaker) first and dated her at 64 years plus and then found the second one called “Brucie-Baby” (Tony’s nickname for his co-worker and conservation legend, Bruce Thomas) and dated her at 60.”

The age record for the Waitaha gecko was previously 53 years with a gecko found on the same island in 2015. Dating geckos on Motunau Island is only possible due to Tony Whitaker individually marking 133 geckos with unique “toe-clip identification” when he started lizard monitoring between 1965 and 1967.

“We no longer toe clip these lizards but it did give us an opportunity to learn how long individual geckos can live for. It’s just amazing they’ve existed on this postage stamp of an island since before the moon landing” says Biodiversity Ranger Allanah Purdie who was also on the island for the visit.

Marieke Lettink, who is a Herpetologist and has been going out to the island for twenty years, says the geckos really buck the trend globally living for such a long time and it was a career highlight to find these two.

“They really are remarkable. I didn’t hold out any expectations that we would find two of Tony’s old mates still living. In global terms, these native geckos are just so unique. We know of no other species of gecko living so long – the average around the world for gecko is only a decade.”

Kaitlyn Leeds says Antoinette and Brucie-Baby look pretty good for their age.

“They do look a bit skinnier with looser skin but to be honest, you wouldn’t know they were 60+ years old! Interestingly, female geckos, like female humans tend to live longer than males. It’s also got a lot to do with being in a cool climate on a predator free island. Maybe it’s also their lifestyle”, she laughs, “lapping up the salty air! But in all seriousness, it does make you think about the impacts of predation and comparative longevity for our reptiles on mainland NZ.”

Waitaha geckos are classified as at risk and in decline. They are mostly found in lowland Canterbury, usually in rocky places that provide warmth and refuge from predators.

Allanah Purdie says she feels privileged to be able to study the geckos.

“These geckos are such an important part of our native landscape. We have such unique species in New Zealand, and these two are now world record holders. I’m hoping that we find Antoinette and Brucie-Baby when we do our next visit to the island in five years. Who knows how long these two will live for.”

Contact

Source:

By Michael Webster, Privacy Commissioner

Originally published on the New Zealand Herald 3 October 2024.

One of the greatest risks to privacy in the workplace could be sitting next to you – or it could even be you.

Employee browsing or the unauthorised access and misuse of personal information is one of the most common privacy breaches. I also believe it’s one of the least understood or reported on, as required by the Privacy Act.

New Zealand is a small place and there’s a good chance a familiar name will crop up in a database or on a file at work and it can prove very tempting to have a look.

However, a sneaky peek isn’t a harmless case of nosiness; it’s inappropriate and can be a breach of the principles underpinning the Privacy Act. In the cases I see it can have potentially serious consequences such as harassment and blackmail.

In one example, a person in a position of power looked up the details of a colleague’s partner then used their position to repeatedly sexually harass them via text message. The victim felt intimidated, scared, and fearful in their own home so contacted our Office.

In some circumstances employees look up information and then pass it on for the explicit purpose of causing harm – for example, finding the address of someone who owns expensive assets to be targeted for a burglary.

In other examples they do it because they think they’re helping a friend when they’re acting illegally. Like the employee working for a counsellor who had a friend in a custody dispute with their ex-partner. The employee looked up information about the wellbeing of their friend’s ex-partner and shared it with their friend who then used it in their custody dispute hearing.

Sometimes the temptation to ‘just have a quick look’ is a powerful force but employees need to be stronger. One story I’ve see was from a clinic doing STI and HIV testing. A new employee was being trained and decided to look up their own records while their trainer was in the room with them. That’s fine, it’s their information. However, when the trainer left the room, the new employee took the opportunity to look up the names of their ex-partner, current partner, and best friend – all in breach of the Privacy Act.

The Privacy Act protects the personal information of all New Zealanders, which means that as well as employees not snooping, we need managers and owners to be informing their staff that it’s wrong to snoop, and to act when it’s found out.

There’s a lot of information about us held in various databases, including contact details, bank accounts and financial records, and copies of identity documents. This material needs to be protected from internal threats from staff as well as external threats from third parties.

Employers have a responsibility to secure databases and to limit access only to the staff that need that information to do their job. Employers also have a responsibility to recognise the potential for serious harm if staff are misusing their access privileges.

The bottom line is organisations have an obligation to prevent their employees from inappropriately accessing and/or disclosing customer information. 

Building privacy safeguards into your databases enables you to have access controls in place to protect personal information, ideally supported by audit logs so you can monitor who’s doing what and follow up on any unusual activity.

Significant personal information is held in various databases across New Zealand. A good example is around driver licences and car registration details. Businesses and organisations like insurance providers, vehicle importers, or sellers can be granted access to the motor vehicle register for lawful purposes. However, when staff at those types of agencies access the database for their own reasons or interests then it’s a problem, which often leads to employee dismissal as well as the agency needing to report a privacy breach.

Businesses have an obligation to ensure their staff have privacy training and a general awareness about the risks of employee browsing. They also need to take steps to make sure staff know they can only access information for work purposes.

This can be reinforced by having clear policies about employee browsing in your agency’s code of conduct, including consequences for being caught inappropriately accessing personal information about customers and clients.

Staff access to personal information comes with serious accountabilities about appropriate and lawful behaviour. We all need to treat it with respect. Organisations need to ensure there are consequences for employee browsing and treat any breaches of trust as serious compliance incidents.

Back

Source:

The health sector reports more serious privacy breaches than any other area even though under-reporting continues to occur. Frustratingly, many of those breaches occurred when the underlying issue had been, or should have been, identified and acted on earlier. We explain why more internal privacy breach reporting is needed in the health sector and ways to avoid privacy breaches from occurring.

The Office of the Privacy Commissioner’s last Insights Report (1 December 2020 to 30 November 2021) revealed 85 serious privacy breaches were notified by the Health Care and Social Assistance industry last year – the top contender, and far above second placed Public Administration on 53.  This number almost certainly represents an under-estimate due to the continued under-reporting of serious harm breaches.

Unfortunately, many serious harm breaches occur because previous internal errors weren’t deemed serious enough to be properly secured, for example, where a previous incident wasn’t identified as a privacy breach, or the outcome of the breach wasn’t considered serious enough to result in further action.

TAKE ACTION

Health agencies will be familiar with the need to identify, report, and review adverse events and “near misses”, as well as other accidents or incidents that occur in the workplace.  The same applies for privacy. Identifying, reporting, and reviewing privacy breaches, and acting when individual or systemic issues are identified, are vital to ensuring that a strong privacy culture exists. Personal information must be treated with careful respect.

Breaches are not just external

A common misconception is that a privacy breach only occurs where personal information is inadvertently shared to, or inappropriately accessed by, someone external to the agency.  That is not the case. Accidently sending personal information to the wrong clinician or someone’s payslip to a fellow staff member is a privacy breach. Browsing patient records or looking up the records for friends or family members may be HR or professional conduct issues, but they are also privacy breaches.  Health records that are lost or accidently destroyed – again, these are privacy breaches. Access to personal information should be restricted to only those need to see the information. This protects the person whose information you hold in trust, your staff, and your organisation.  Trust is hard won and easily lost.

Not just sensitive information

Another common misconception is that is it only ‘sensitive’ information that matters.  Again, that is not the case.  All personal information, whether it is of a ‘sensitive’ nature or not, requires legal protection.  For example, it is a privacy breach regardless of whether test results sent to the wrong address are a simple and unremarkable blood count or disclose the existence of an STI or underlying medical condition.

Not just ‘notifiable’

While the above examples may not all be at the level that they need to be reported to the Office of the Privacy Commissioner – you may be lucky and the breach may be quickly contained with no risk of harm to the patient – they do all need to be reported to your privacy officer and recorded and reviewed as a privacy breach. 

Just like “near misses” in the Health and Safety at Work regime, they all tell you something about your privacy systems, and the changes needed to ensure the information you are entrusted with is appropriately protected.  

HUMAN ERROR

More than 60 per cent of privacy breaches last year were due to ‘human error’.  Agencies are responsible for ensuring their systems are fit for purpose and that the personal information they hold is protected by reasonable security safeguards.

Email hygiene

Poor email hygiene is a common cause of privacy breaches.

One example we were made aware of involved an email containing detailed health information about a group of patients, which was intended to be sent internally to the staff of a medical provider. A typing error in the ‘TO’ field resulted in a member of the public receiving these patients’ medical records. Having their sensitive personal information exposed in this way caused considerable emotional harm to a number of these patients.

Respect the people whose information you’re sending by double-checking who you’re sending it to. Go a step further and use a delayed send option on your email to avoid any hasty mistakes. Always use the BCC field when emailing groups of recipients.  If you are emailing sensitive material, encrypt the material. If you do this, the password (phrase or code) should be sent by some method other than email so that the wrong person doesn’t receive both.

Confirm Contact Details

Ensure you confirm patient contact details before sending out their personal information.  Check that the address or email is still current.  If you’re enrolling a new patient or emailing a patient for the first time send out an email just to confirm the correct address.

Explaining your processes to your patients is not only good practice, but also demonstrates you are trustworthy.  It helps ensure information is accurate and reduces the risk of a data breach.

One case notified to our Office was about a patient who told their GP about being abused in the past. The GP referred the patient to counselling to help work through the issues stemming from that abuse.

The GP’s office followed up this referral by sending a letter to the patient’s house. Due to human error in the office’s internal processes the envelope containing the letter did not have the patient’s name on it, or a return address. It also had the incorrect street number, meaning that it was sent to a neighbour’s house instead of the patient’s house.

Not knowing who the letter was addressed to or who it was from, the neighbour opened the letter, inadvertently finding out about the patient’s abuse history.

Inadvertent disclosures

Our Office receives numerous notifications of healthcare staff either accidentally dropping patient documents or leaving the information in public view. Being busy caring for patients isn’t an excuse and making changes to your systems and practices now can make a big difference.

• Where is patient information recorded or displayed in your organisation? Think whiteboards, run sheets, patient lists, computer screens, medical records. Can these be seen or accessed by others? If you have paper run sheets, are these collected and destroyed at the end of the shift?
• Do you use portable storage devices such as USBs? Should you? If you do, are they encrypted? 
• If you are transporting paper records, how do you make sure they are secure? Can they be seen in transit?

This article first appeared in NZ Doctor – Rata Aotearoa magazine.

Back

Source:

Key themes of this analysis: An evidence-based approach to pandemic data sharing COVID-19 – a serious threat to public health and how Te Tiriti o Waitangi and tikanga Māori can influence the discretion to share Māori data Detailed case notes on the High Court decisions plus our submissions to the reviews are available here.

The right to privacy remains fundamental in the government’s pandemic response. When asked whether we have to choose between a good pandemic response or having privacy, New Zealand’s former Privacy Commissioner John Edwards responded in a media interview:

“We should be saying, I reject that, I want both. I want to contribute to the management of the pandemic and I will give up freedoms to do so on the condition that my privacy is respected as we do so. Those pressures to frame the need to give up rights in ways that simplify, I think, need to be resisted constantly.”

The Privacy Act and the Health Information Privacy Code contain a process for pandemic decision-making to make sure that personal information, including health information, is able to be used as necessary for the pandemic response, while ensuring that people’s privacy is protected.

After two consecutive High Court judicial review decisions in November and December 2021, the Director-General of Health modified his decision about the release of data of unvaccinated Māori in the North Island/ Te Ika a Māui to the Whānau Ora Commissioning Agency – the data being subsequently released with clear conditions.

As an independent intervenor in the proceedings, the Privacy Commissioner provided specialist insight into aspects of privacy, personal information, and the Health Information Privacy Code.

The judicial review resulted in two consecutive decisions from Her Honour Justice Gwyn and include the first (and second) judicial consideration in Aotearoa New Zealand of the “serious threat to public health” exception under rule 11 of the Code.

Further information about the judicial review plus the Privacy Commissioner’s submissions is available here in our online case note and court decisions section.

The Privacy Commissioner welcomes the Court’s decisions as they give guidance about the scheme of the Privacy Act and the Code, discretionary decision-making about releasing data where there is a serious threat to public health, and how te Tiriti o Waitangi and tikanga Māori respectively influence the exercise of this discretion.  

The judge’s analysis is consistent with our Office’s view on the application of the Code and the Act. The Court has agreed with the Privacy Commissioner’s approach that the purpose of the Privacy Act is concerned with both the protection and use of personal information: it is a “how to”, not a “don’t do”.

The “serious threat to public health” exception is highly relevant in the government’s pandemic decision making and an important component of the privacy framework. The Court agreed with the Commissioner’s submissions that urgent decision-making within a tight timeframe cannot be a “counsel of perfection” before information is disclosed in response to an evident threat to public health. The Court required the Ministry to reconsider its response to the requests for vaccination data based on an evidence-based assessment.

The Act and Code empower appropriate sharing of personal information under the information privacy principles (including health information under the Code rules) where necessary in specific circumstances such as the pandemic.

This case is a reminder that neither the Act nor the Code necessarily pose insurmountable barriers to disclosing and using personal information in the public interest – especially if necessary to respond to a public health emergency. The Code requires proportionate and evidence-based assessments when deciding whether to rely on rule 11(2) to disclose specific health information. Government decisions about disclosing sensitive information like vaccination data that is necessary for the pandemic response should refer to relevant public health advice to make an objective and evidence-based assessment.

At the heart of these proceedings are government decisions about the use of Māori data in responding to the pandemic and mitigating the serious public health risk and specific risk to Māori. This raised important questions about the role of tikanga Māori in the Ministry’s decision-making process with tikanga evidence before the Court, from Dr Carwyn Jones and Lady Tureiti Haroumi Moxon that the highly prized taonga of health has primacy in the pandemic context:

There is taonga in life and health. If there is taonga in data, then that taonga must give way to life and health. Providing the contact details of unvaccinated Māori provides the best chance of respecting the taonga of their life and health.

The Court also examined the Ministry’s discretion to disclose Māori data in terms of its expressed commitment to exercise its powers in relation to the vaccine rollout in accordance with Te Tiriti o Waitangi.

The Office of the Privacy Commissioner takes account of cultural perspectives on privacy under section 21(c) of the Act). Te Tiriti o Waitangi/Treaty of Waitangi is considered a founding document and the text(s) and the principles of partnership, active protection and equity help guide the work of the Office of the Privacy Commissioner. The Court’s discussion of te Tiriti o Waitangi, tikanga Māori and Māori data sovereignty respectively will further help to inform our Office’s approach.

Te Ao Māori, Covid-19

Back

Source:

Technology developments can be challenging to privacy laws. We all know our phones are powerhouses of data collection, and that our data is the key asset for big tech. But we don’t always know what data is being collected, nor how it is being used.

Recently in Australia the Federal Court found that Google misrepresented how Android OS collected, stored and used personally identifiable location data. As the Australian Competition and Consumer Commission Chair Rod Sims said, “This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court’s decision sends a strong message to Google and others that big businesses must not mislead their customers.” Privacy and consumer laws can bite back.

While we know phones are collecting our data, other new technologies and practices are pushing the boundaries of how we expect our personal information to be treated. One of the key functions of the Privacy Commissioner is to monitor and examine the impact that technology has on privacy. The Privacy Commissioner recently discussed this connection between technology and privacy for a chapter in a book celebrating 60 years of IT Professionals in NZ.

The development of privacy is often traced back to the seminal article in 1890 by Warren and Brandeis. Core to the writing of the article was their concern that the ‘recent invention’ of the photographic camera would destroy privacy among Boston socialites:

Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops” …The press is overstepping in every direction the obvious bounds of propriety and of decency.

By the 1970s New Zealand society was producing a large and continuous flow of information, which was only managed through the use of computers. This radically changed the concept of individual privacy, raising legitimate concerns that an individual’s personal affairs were moving out of their control. This concern was focused in New Zealand on the Wanganui Computer, a mainframe computer on which Police, Justice and Transport shared information, raising the spectre of “Big Brother”. The legal response was to pass a very proscriptive and restrictive law called the Wanganui Computer Centre Act 1976, to ensure that the system made no unwarranted intrusion upon the privacy of individuals.

Technology has again changed considerably since the 1970s, and the place of privacy in our society is also changing.

One of the real shifts that we have seen is a move away from a binary concept of privacy, being it’s either private or it’s not. The old common law concept is that if it is in the public domain then it can’t be private; if you are walking down the street you have no expectation of privacy. That has been reflected in our data protection laws, and the Privacy Act has a number of exceptions to the restrictions of information, including being publicly available information.

But some of the new technologies, such as biometrics, really challenge that. Is your face publicly available information just because you happen to be wearing it when you are out in the street? Is that enough to say that you no longer have any right or expectation that those very unique facial measurements that distinguish you from everybody else can’t be harvested and put to use for a range of benign or malign purposes? These are interesting questions.

In Challenging technologies: Perspectives from the Privacy Commissioner the Commissioner discusses privacy as a public good, the NZ COVID tracer app, the concept of open data, anonymisation and differential privacy, Māori approaches to privacy, cultural and international perspectives, and the role of IT professionals. The book celebrates 60 years of technology in New Zealand.

This book is available in paper or digital versions:

Paperback here

Ebook on Kindle, Apple Books, Kobo, Booktopia, Barnes & Noble, Google Play Books, Scribd, Smashwords

You can also read it online here: https://history.itp.nz/

Edwards, J. & Bennett, L. (2021) Challenging Technologies: Perspectives from the Privacy Commissioner. In J. Toland (Ed.), From Yesterday to Tomorrow: 60 Years of Tech in New Zealand, IT Professionals New Zealand

Back