Here we are in 2020, lurching into what is sometimes referred to as the fourth industrial revolution – the age of data. Many businesses in New Zealand were already struggling with the ramifications of this revolution. And then came covid-19.
The pandemic and our government’s response to it have exposed even more sharply a skills deficit both in government organisations and the private sector. As data increasingly drives industry, commerce and public security, it has become obvious that organisations need to lift their game, particularly in the area of information governance.
We have seen a good example of this deficit in the implementation of the government’s covid-tracing efforts earlier this year. Businesses all over the country were collecting unnecessarily large amounts of personal data such as physical address and date of birth, when all they needed was a name and contact number. This kind of data collection is in contravention to the existing Privacy Act, and such breaches will be open to potential fines after 1 December, when a new Privacy Act comes into force in New Zealand.
The new Act reflects many aspects of the GDPR that was introduced in Europe in 2018. Amongst other provisions, the Act gives the independent Privacy Commissioner significantly enhanced powers to investigate and fine organisations for breaching the Commissioner’s compliance orders. Although the maximum fine of $10,000 may seem low by international standards, the cost to organisations will inevitably be much greater because they will need to undertake skills training for many staff, not to mention overhauling systems and processes to ensure compliance. And the Commissioner will not be working alone – multi-national corporations will be subject to investigations by multiple privacy authorities across multiple jurisdictions.
To prepare for such a scenario, companies can no longer rely on their lawyers for their privacy and security governance. Every large organisation and even some SMEs will need a dedicated data protection officer (DPO) on staff.
The aim of the University of Auckland’s new Postgraduate Certificate in Information Governance and Postgraduate Diploma in Information Governance programmes is to equip its students for just such a role. They will learn how to implement privacy rules and regulations in practice. They will also gain a good understanding of ethics, access to information, cyber-security, blockchain, AI and machine learning, as well as the ‘soft’ skills of communication, mediation, negotiation and dispute resolution.
Hence graduates will be able to confidently take on the role of DPO in the company they already work for, or step up to a new career.
Find out more about the Postgraduate Certificate and Postgraduate Diploma in Information Governance here:
Gehan Gunasekara is involved in developing and teaching courses in both the information governance postgraduate programmes offered from Quarter 2, 2021. Graduates of either programme may be eligible for further study in the Master of Information Governance programme, which is expected to be launched in 2023.