Several New Zealand government agencies were impacted by a ransomware attack on Mercury IT, a 25-employee firm that serves dozens of public and private organizations in the country. New Zealand’s Ministry of Justice and Health New Zealand (Te Whatu Ora) have confirmed being impacted by the cyber incident.
New Zealand’s Stock Exchange was crippled by a DDoS cyber attack, lasting four days and forcing the government to activate the National Security System requiring government agencies to work together.
This article is based on a presentation made during the Data Privacy Asia 2016 conference held on 9-11 November 2016. Author Karen Ngan is a commercial law partner at Simpson Grierson (New Zealand) . She co–heads the firm's information and communications technology group and its data protection and privacy group. In this article she discusses some of the challenges with dealing with 21st century privacy issues under a Privacy Act that is over 20 years old. She also covers some of the measures or practices that have been taken to address some of these challenges.



