The Privacy Act 1993 sets out the framework for the protection of personal information in New Zealand
The provisions related to security log monitoring in New Zealand's Privacy Act 1993 can be found in several sections of the act, including:
* Section 27, "Data security," which requires entities to take all reasonable steps to protect personal information from unauthorized access, use, disclosure, alteration, or destruction.
* Section 28, "Notification of security breaches," which requires entities to notify the Privacy Commissioner and affected individuals if there has been a serious breach of the entity's security of personal information that is likely to give rise to a real risk of serious harm to an individual.
* Section 29, "Agreements with data processors," which requires entities to include provisions in agreements with third-party data processors to ensure that the processors will maintain the same level of protection for personal information as the entity itself is required to maintain.
These provisions in the Privacy Act 1993 are intended to ensure that entities implement appropriate security measures to protect personal information, including security log monitoring, and that they respond appropriately if there is a serious breach of security.
It is important to note that the provisions related to security log monitoring in the Privacy Act 1993 are guidelines and not specific requirements. Entities are expected to implement security measures that are appropriate to their particular circumstances and the sensitivity of the personal information they handle. The provisions of the Privacy Act 1993 are enforced by the Privacy Commissioner, who has the power to investigate complaints and to enforce the provisions of the act through enforcement notices, binding policy statements, and other measures.