Plain language law

New Zealand law explained for everyone

Telecommunications (Interception Capability and Security) Act 2013

Network security - Disclosure

47: Areas of specified security interest

You could also call this:

"Important parts of a network that need extra security to keep customer information safe"

Illustration for Telecommunications (Interception Capability and Security) Act 2013

When we talk about areas of specified security interest, we mean certain parts of a network. You need to know what these areas are to understand how security works. These areas include network operations centres and lawful interception equipment. You should understand that these areas also include parts of the network that manage or store information about customers. This information can be things like passwords or usernames. It also includes areas where a lot of customer data is stored or passes through. The Governor-General can make changes to these areas by Order in Council. The Minister responsible for the Government Communications Security Bureau must recommend these changes. The Minister must talk to network operators before making these recommendations. The Minister can only recommend changes if they are necessary to keep up with new technology or to address security risks. They must also consider any big changes in how networks are designed. There are specific definitions for some of the terms used in this section, like authentication credentials and privileged users. If you want to know more about how these regulations are published, you can check out Part 3 of the Legislation Act 2019. This will give you more information about the process. You can also look at the definitions to understand the terms better.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=DLM5178085.

Topics:
Money and consumer rights > Consumer protectionBusiness > Industry rules
Previous

46: Network operators' duty to engage in good faith, or

"Network operators must work honestly with the government to keep networks secure"

Next

48: Network operator must notify Director, or

"Tell the Director about security changes to keep everyone safe"

Part 3Network security
Disclosure

47Areas of specified security interest

  1. In this section and section 48, an area of specified security interest, in relation to a network operator, means—

  2. network operations centres:
    1. lawful interception equipment or operations:
      1. any part of a public telecommunications network that manages or stores—
        1. aggregated information about a significant number of customers:
          1. aggregated authentication credentials of a significant number of customers:
            1. administrative (privileged user) authentication credentials:
            2. any place in a public telecommunications network where data belonging to a customer or end user aggregates in large volumes, being either data in transit or stored data:
              1. any area prescribed under subsection (2).

                1. The Governor-General may, by Order in Council, on the recommendation of the Minister responsible for the Government Communications Security Bureau, make regulations—

                2. amending or removing an area of specified security interest listed in subsection (1):
                  1. prescribing additional areas of specified security interest.

                    1. The Minister must not recommend the making of regulations under subsection (2) unless—

                    2. the Minister has consulted network operators registered under Part 4; and
                      1. the Minister is satisfied that the regulations are necessary or desirable to—
                        1. keep up to date with changes in technology; or
                          1. address changes in the way that networks are being used that may give rise to a security risk; or
                            1. address any significant changes in architectural approach to the design of a public telecommunications network.

                            2. In this section,—

                              administrative (privileged user) authentication credentials means the authentication credentials of a privileged user

                                authentication credentials means any information (for example, passwords or usernames) used to ascertain the identity of a user, process, or device

                                  privileged user means a person who has authorisations that enable the person to, among other things, alter, bypass, or circumvent network security protections.

                                  1. Regulations under this section are secondary legislation (see Part 3 of the Legislation Act 2019 for publication requirements).

                                  Notes
                                  • Section 47(5): inserted, on , by section 3 of the Secondary Legislation Act 2021 (2021 No 7).