ILANZ, In-House Lawyers Association of New Zealand


Lessons learned from a data breach - RBNZ

Lessons learned from a data breach - RBNZ

RBNZ reported a data breach to the Privacy Commissioner in January 2021 following a breach of a third party file sharing software used by RBNZ to share and store information. This was a major crisis at the time for the RBNZ and the Legal team were heavily involved in the breach response. 

Subsequently, RBNZ was the first agency to be issued a compliance notice by the Office of the Privacy Commissioner under the Privacy Act 2020. The breach response involved identifying personal information potentially breached, notifying the Privacy Commissioner, engaging external counsel and appointing KPMG to undertake an incident assessment.

In this session, our panel will speak to crisis management, stresses and strains, and share lessons learned from the incident response. They will also cover the importance of staff training on privacy across the organisation, and opportunities to uplift cyber security. 



Diana Voerman-Tam is a Senior Legal Counsel at the Reserve Bank of New Zealand, and has been with the RBNZ since February 2020. Diana is a pragmatic and relationship-focussed advisor. She provides legal advice across the whole range of the RBNZ’s functions, including the adoption of new foundational legislation and the regulation of banks, insurers, and non-bank deposit takers.

Diana has a background in both the public sector and private practice. Prior to joining the RBNZ, she was an Associate at Dentons Kensington Swan, including secondments to Waka Kotahi (NZTA) and Hineuru Iwi Trust. Diana holds Bachelors of Laws and Commerce, and a Master’s in Economics.



Nick McBride 

Nick started his career at the Christchurch Community Law Centre. He spent 6.5 years at the Ministry of Economic Development in policy and legal roles before joining RBNZ in 2004 to establish a corporate legal function. In 2013 he was promoted to General Counsel. The Legal Services Directorate has grown to a team of nine lawyers. During his role as General Counsel he has also managed the risk, audit, governance and procurement functions. He has been a part of many significant changes at the RBNZ, including of the expansion of its regulatory function to cover insurance and non-bank deposit taking, and the implementation of new governing legislation in 2021. The 2021 changes included the establishment of a new governing board and monetary policy committee in place of the previous single decision-maker model. Upcoming changes at the RBNZ include the implementation of a depositor compensation scheme.



Hayden Wilson 

Hayden leads the Wellington dispute resolution team, specialising in public, regulatory, and commercial litigation. He is the Chair of Dentons Kensington Swan (New Zealand) and plays a key role in the firm’s relationships with government agencies. He is a member of the Global Board of Dentons, the world’s largest global law firm, made up of 30 individuals from across the global business of 20,000+ professionals.

A dispute resolution expert, Hayden is internationally recognised as a leading advocate and as a highly skilled mediator. He has extensive experience helping organisations resolve complex commercial and public law issues.

As a specialist in privacy law, Hayden regularly works with clients to navigate complex issues of privacy compliance and to assist them with responding to privacy, data breach events, access requests, complaints and investigations.

Hayden helps both public and private sector clients to manage a wide range of public law issues, including managing and reviewing risk, advising on privacy and information law, human rights obligations and regulatory issues.

Hayden trained as a mediator through the Resolution Institute in New Zealand, at the Straus Institute for Dispute Resolution at Pepperdine University in California and at Harvard University.