Skip to main content
You are here: News


The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.


FTC Hearings on Competition and Consumer Protection in the 21st Century Continue with Discussion of the FTC’s Role in a Changing World

What:The Federal Trade Commission will host the 11th session of its Hearings on Competition and Consumer Protection in the 21st Century.
When:Monday, March 25, 9:00 a.m. - 5:15 p.m., and Tuesday, March 26, 9:00 a.m. - 4:45 p.m.
Where:FTC Headquarters
600 Pennsylvania Avenue, NW, Washington, DC 20580
Room 432
The event is free and open to the public, but seating is limited. You are not guaranteed a seat, and seating is on a first-come-first-served basis.
Who:The hearing will feature introductory remarks by Federal Trade Commission Chairman Joe Simons on March 25 and further remarks by FTC Commissioners Noah Joshua Phillips and Christine S. Wilson on March 26. There is a distinguished set of panelists, including competition, consumer protection, and privacy officials from around the world.
Webcast:The hearing will be webcast. The webcast link will be on the event page on the day of the workshop.
Twitter:The hearing will be tweeted live from the FTC’s Twitter page (@FTC) using #FTCHearings.

Federal Trade Commission, United States
Source: Press Release Feed
22 Mar 2019, 11:00pm AEDT

Breach Case 10: Twink is NOT a redaction tool

An agency reported a recent data breach to us and it has given our office another example of how some attempts at redaction are bound to fail.

In this instance, Twink (or some other brand of white-out fluid or tape) was used to cover a person’s name in a document. The person who received the information simply scratched off the whiteout material. While this might make for an amusing anecdote, this case had serious implications for the safety of three people and managing the situation will certainly be costly.

Attempts at redaction are famously fraught with failures. Sometimes when software is used, not all the necessary steps taken. And remember when a black felt tip marker pen was commonly used on a paper copy and the recipient could simply hold the paper up to the light? Now you can now even use a scanner to separate the shades and get an idea of the possible text despite the black out.

If you cannot find official guidance on what process you should follow to redact information from a document, there is ample guidance available on the Internet - such as here.

The US National Security Agency’s Redacting with Confidence came out in 2005 but it still offers a relevant explanation of the kinds of data you need to consider in a digital document.

When redacting information, the most important step is to get someone else to check what you have done. That check needs to be about two things - that you have redacted all the information you should have (because it is easy to overlook a vital piece of information) and that the process has been effective.

We regularly get data breach notifications and will share the lessons learned from these. If you want to know more about how to handle data breaches, please check out our Data Safety Toolkit.

Image credit: Redacted document via Percipient

Office of the Privacy Commissioner, New Zealand
Source: Blog
22 Mar 2019, 2:30pm AEDT

Genetic informants are watching you

Our laws around DNA are out of date. They were written in 1995 and amended in 2003 and 2009. But science keeps moving swiftly on, and DNA is being used in ways which were never imagined. Society has also moved on and there are concerns our current laws do not adequately recognise concerns about privacy, human rights, and tikanga Māori.

For example, DNA samples from crime scenes can now be analysed to infer the physical characteristics of suspects, like ethnicity and sex. But will this lead to ethnic profiling and stigma? Should people of the same ethnicity as a suspect be forced to provide samples to eliminate themselves as suspects?

Law Commission review

Last week the Law Commission - Te Aka Matua o te Ture - gave a presentation on its review of the current law on the use of DNA in Police investigations as part of the Office of the Privacy Commissioner’s PrivacyLive speaker series. The Law Commission’s review on the subject is an impressive and thoughtful piece of work. It raises compelling questions, and it wants your feedback.

There can be a perception that this is only an issue for criminals, that if you have nothing to fear, you have nothing to hide. DNA has been used to solve many high profile cases and has also freed people wrongfully convicted of crimes. Television shows like CSI have also shown how awesome DNA is at catching the bad guys. 

What about familial searching? If DNA does not match any profiles on the DNA profile, a near match may be found with a family member who is already on a databank, making this person a “genetic informer”. This means some of your family genetics may already be held by the state. But should family members have to provide DNA to help find suspects, or to eliminate themselves as one?

DNA databank

The Institute of Environmental Science and Research (ESR) operates the DNA Profile Databank on behalf of Police. There are now about 189,000 profiles from individual people in the databank. Should we just have a universal DNA databank for every citizen? This is a provocative question which caused a bit of a stir when the Law Commission raised the idea at the end of last year.

One argument in favour of a national DNA databank is that this will be fairer and will reduce the ethnic disparities in the current repository, which has a disproportionate amount of DNA of Maori. It could also be used for research. 

When and where and how should DNA be collected? Should this be changed? Should the Police be able to collect DNA wherever it is found (like in the Simpsons episode Who killed Mr Burns?). Should certain conditions be met first?

These are only some of the questions raised about the way DNA can be used. The Law Commission wants your feedback, and you can make a submission here. The deadline is 31 March 2019.

Image credit: Police barrier tape via Pixabay

Office of the Privacy Commissioner, New Zealand
Source: Blog
22 Mar 2019, 2:21pm AEDT

Privacy in the news (15-21 March 2019)

Welcome to our latest weekly round-up of privacy stories.

PM joins world leaders calling for tech giant accountability

Prime Minister Jacinda Ardern has joined other world leaders calling for technology giants such as Facebook and Google to take accountability for the content they facilitate. Read more here.

Christchurch attacks: 'Predictable risk' in Facebook livestreaming feature

Privacy Commissioner John Edwards is calling on Facebook to give the names of anyone who shared the livestream of the mosque shootings to Police.

The livestream appeared and spread quickly on Facebook on the day. The company said it removed 1.5 million copies of the video in the 24 hours after the attack. Read more here.

Privacy Commissioner urges crackdown on harmful livestreams

The Privacy Commissioner is criticising Facebook for failing to stop the gunman from livestreaming the mass shooting of worshippers at two mosques in Christchurch. John Edwards says he's raised questions about livestreaming before with Facebook - given its "enormous potential for harm" Read more here.

International data protection commissioners share livestreaming privacy concerns

The executive committee of the International Conference of Data Protection and Privacy Commissioners says it shares the privacy and dignity concerns highlighted by Privacy Commissioner John Edwards, arising from the live-streaming and distribution of the video of the attack. Read the statement here.

NZ must follow German example and hit Facebook, Google with $80m fines

The removal of millions of videos from Facebook and YouTube within 24 hours of the Christchurch terrorist attack illustrates the difficulty in moderating content on the site.

Neither Facebook nor YouTube have given any indication that they will suspend live-streaming until their systems can better ensure that the videos uploaded respect the decency and censorship laws, not only of New Zealand but elsewhere in the world. Read more here.

Killer's livestream: Facebook reveals viewer numbers, responds to critics

Facebook says only a handful of people watched the alleged Christchurch shooter's 17-minute livestream at the time - but acknowledges that stamping out copies is an ongoing effort.

"In the time that it was actually live, fewer than 200 people viewed it," the social network's vice president for global policy Monika Bickert told the Herald. Read more here.

How social media’s business model helped the Christchurch massacre go viral

The ability of Internet users to spread a video of last week’s slaughter in New Zealand marked a triumph - however appalling - of human ingenuity over computerized systems designed to block troubling images of violence and hate. Read more here.

Christchurch attacks: Inside YouTube's struggles to shut down video

As a grisly video recorded by the alleged perpetrator of last week's bloody massacres at two Christchurch mosques played out on YouTube and other social media, Neal Mohan, 5,950km away in San Bruno, California, had the sinking realisation that his company was going to be overwhelmed - again. Read more here.

How you can help keep stop hate content on social media

The Christchurch mosque attacks have shown how easy it is for horrific content to spread via social media. If you've seen something pop up that you don't think should be there, here's how to take action. Read more here.

'This is creepy': In LA, scooters become the next data privacy fight

The next big political fight over data privacy may center on an unlikely piece of technology: The scooters currently flying around streets and scattered on sidewalks in cities across the country. Read more here.

Image credit: Bonapartian gull via John James Audubon's Birds of America

Office of the Privacy Commissioner, New Zealand
Source: Blog
22 Mar 2019, 11:41am AEDT

FTC and CFPB Report on 2018 Activities to Combat Illegal Debt Collection Practices

Agencies provide annual summary of work to combat illegal debt collection practices

The Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (Bureau or CFPB) reported on their 2018 activities to combat illegal debt collection practices. The annual report to Congress on the administration of the Fair Debt Collection Practices Act (FDCPA) highlights both agencies’ efforts to stop unlawful debt collection practices, including robust law enforcement, education and public outreach, and policy initiatives.

In the report, the FTC states that it filed or resolved a total of seven cases against 52 defendants, and obtained more than $58.9 million in judgments. The FTC also banned 32 companies and individuals that engaged in serious and repeated law violations from ever working in debt collection again. The FTC continued its aggressive efforts to curb egregious debt collection practices, including initiating or resolving four actions involving phantom debt collections. The FTC returned $853,715 to consumers who lost money to two phantom debt collection operations previously stopped by the FTC. In 2018, the FTC also:

  • Initiated or resolved three other actions, in addition to the phantom debt cases, to protect consumers from unlawful debt collections practices;
  • Deployed educational materials through multiple channels and formats to inform consumers about their rights and educate debt collectors about their responsibilities under the FDCPA and FTC Act;
  • Collaborated with an informal network of about 16,000 community-based organizations and national groups as part of its outreach efforts;
  • Distributed 13.4 million print publications to various organizations, businesses, and government agencies;
  • Logged more than 60 million views of its business and consumer education websites, with more than 592,000 views of the consumer videos on the FTC’s channel at, and over 280,000 email subscribers to its consumer blogs;
  • Supplied more than 24,000 copies of a fotonovela (graphic novel) on debt collection, developed for Spanish speakers, to raise awareness about scams targeting the Latino community;
  • Logged more than 4.7 million page views on its Business Center that houses business education resources; and
  • Issued a new Staff Perspective discussing the various financial issues that military servicemembers face, including the unique challenges that can arise in the debt collection context.

In the report, the Bureau states its intent to issue a Notice of Proposed Rulemaking on debt collection that will address issues ranging from communication practices to consumer disclosures. The Bureau highlights in the report that it handled approximately 81,500 debt collection complaints related to first-party (creditors collecting on their own debts) and third-party collections. Debt collection is among the most prevalent topics of consumer complaints about financial products or services received by the Bureau. In 2018, the Bureau engaged in six public enforcement actions arising from alleged FDCPA violations. The Bureau brought an action that resulted in an $800,000 civil penalty. It also accepted a judgment in favor of the defendant in a second case. Four other FDCPA cases remain in active litigation. In 2018, the Bureau also:

  • Filed briefs as amicus curiae in two cases arising under the FDCPA – one in the Supreme Court and one in federal court of appeals;
  • Identified one or more violations of the FDCPA through its supervisory examinations;
  • Conducted a number of non-public investigations of companies to determine whether they engaged in collection practices that violated the FDCPA or the Dodd-Frank Act (DFA);
  • Provided consumer debt collection educational materials, which have consistently remained among the most-viewed categories in “Ask CFPB,” an interactive online consumer education tool;
  • Trained, as of the end of 2018, over 26,535 staff and volunteers in social service organizations on Your Money Your Goals – a financial empowerment toolkit;
  • Continuously operated the 21-day email course called “Get a Handle on Debt Boot Camp,” a program to get periodic messages about steps to manage debt effectively, which attracted 19,294 sign-ups since launching in November 2017;
  • Offered five sample letters that consumers may use when they interact with debt collectors, which have now been downloaded more than 607,000 times as of December 2018;
  • Offered print publications on financial topics including debt collections, such as the bilingual brochure “Know Your Rights When a Debt Collector Calls”; and
  • Continued research projects and market monitoring and outreach activities to improve its understanding of the debt collection market, and to better understand the benefits, costs and impacts of potential rules, including a report on collecting telecommunication debt, which have aided in the ongoing development of a potential debt collection rule.

The FTC and the Bureau share enforcement responsibilities under the FDCPA. Last month, the agencies reauthorized their memorandum of understanding that continues coordination between the agencies in enforcement, sharing of supervisory information and consumer complaints, and collaboration on consumer education.

The FTC and the Bureau remain vigilant in their efforts to monitor the debt collection industry and stop unlawful conduct that harms both consumers and legitimate businesses. The CFPB’s annual report to Congress on the FDCPA, as required by the Dodd-Frank Wall Street Reform and Consumer Protection Act, includes information provided by the FTC in its letter to the CFPB.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
20 Mar 2019, 11:00pm AEDT

FTC Will Reschedule Roundtable with State Attorneys General

The Federal Trade Commission is rescheduling a Roundtable with the State Attorneys General, which originally had been planned for March 25 as part of the agency’s Hearings Initiative, due to logistical issues. A new date and further details for the session will be announced as soon as they become available.

The Federal Trade Commission develops policy initiatives on issues that affect competition, consumers, and the U.S. economy. Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
20 Mar 2019, 11:00pm AEDT

Global investigation finds organizations need to improve privacy practices

Results from the 2018 international privacy sweep conducted by the Global Privacy Enforcement Network (GPEN) highlight a need for organizations around the world to improve their privacy practices. The investigation examined how well respondents have implemented accountability policies and procedures for how they handle personal information. Specifically, most of the organizations surveyed need to better audit their handling of personal information, respond to privacy complaints, and train their employees.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
9 Mar 2019, 7:00am AEDT

Commissioner launches PrivacyRight program for BC's private sector

BC Information and Privacy Commissioner Michael McEvoy has launched a new initiative called PrivacyRight to assist private organizations with understanding their obligations under the Personal Information Protection Act (PIPA). The Commissioner kicked off the program this morning at a breakfast event hosted by the Greater Victoria Chamber of Commerce.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
8 Mar 2019, 7:00am AEDT

Commissioner to launch new education program for private sector

On Thursday, March 7, 2019 at 8:00am, Information and Privacy Commissioner Michael McEvoy will launch PrivacyRight, a new education program for the private sector, at a breakfast event with the Greater Victoria Chamber of Commerce.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
7 Mar 2019, 7:00am AEDT

Privacy Commissioner Releases Study Report on Implementation of Privacy Management Programme by Data Users

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
5 Mar 2019, 11:00am AEDT

Anniversary of Notifiable Data Breaches scheme

One year on from its introduction in February 2018, the Notifiable Data Breaches scheme is driving increased awareness and action on personal information security, Australian Information Commissioner and Privacy Commissioner Angelene Falk said today.

Office of the Australian Information Commissioner
Source: News - OAIC
22 Feb 2019, 12:25am AEDT

Privacy Commissioner Publishes Investigation Report on the Incident of Intrusion into Hong Kong Broadband Network’s Customer Database

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
21 Feb 2019, 11:00am AEDT

How secure is your dating profile?

Love may be a game of chance, but you shouldn’t gamble with your personal information. 

Keep your dating profile secure with these tips to protect your personal information, and stop hackers from making you unlucky in love.

Office of the Australian Information Commissioner
Source: News - OAIC
13 Feb 2019, 11:43pm AEDT

Notifiable Data Breaches for October – December 2018

The latest quarterly report from the Office of the Australian Information Commissioner (OAIC) shows 262 data breaches involving personal information were notified between October and December 2018.

Office of the Australian Information Commissioner
Source: News - OAIC
6 Feb 2019, 10:30pm AEDT

Data Breach Notifications and ICT-related Complaints at Record Highs in 2018 Data Security as Key Concern Privacy Commissioner Advocates Data Ethics and Privacy Management Accountability to Build Mutual Trust and Respect Complementing Compliance with Law

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
31 Jan 2019, 11:00am AEDT