Would a 'right to erasure' make cyberattacks less damaging? New Zealand's privacy regulator thinks so

A "right to erasure" under Australian and New Zealand privacy laws could have curbed the harm caused by Latitude Financial's March cyberattack, according to New Zealand's privacy commissioner Michael Webster.  

Webster was speaking at the IAPP ANZ Summit in Sydney on Wednesday, six months after the New Zealand Office of the Privacy Commissioner and the Office of the Australian Information Commissioner announced a joint probe into the worst data breach in New Zealand's history. 

The probe remains ongoing, Webster said, but if a right to erasure had been in place at the time of the cyberattack, he says it would have "ensured Latitude was only holding personal information as long as it needed."

Customers would have had the right to require Latitude Financial delete their personal information.

Webster's comments come at a critical time in Australian privacy-law discussions, with the government agreeing in principle in September to a raft of proposals, including a right to erasure.