A legal loophole that allows jilted ex-lovers to post naked photos of their former partners online should be closed, the Law Commission says.

The commission this afternoon tabled in Parliament its final report on privacy laws, which has been almost five years in the making.

The report includes more than 140 recommendations, many of which are technical in nature. However, a series of key reforms is also suggested.

Among them:

* Stronger powers for the Privacy Commissioner, including to order a privacy audit of any agency or to issue a notice requiring action over privacy breaches.

* Requirements for agencies to check for proper protections before sending personal information overseas.

* A new regime to control information-sharing between Government agencies.

* Streamlining of the privacy complaints process.

* A requirement for mandatory reporting to people affected by any serious breach of their privacy.

* A nationwide "do not call" register to be made mandatory to stop unwanted telemarketing.

* Better protection against the publication of personal information online that causes significant distress.

The Law Commission said there was concern over cases where people posted naked photographs of their ex-partners online without their consent.

At the moment, the person uploading such photographs could claim the protection of the Privacy Act, which allowed information to be collected or held in connection with personal or domestic affairs.

"The Law Commission recommends that this exemption should not apply if the collection, use or disclosure of information would be 'highly offensive','' Law Commissioner John Burrows said.

Privacy Commissioner Marie Shroff highlighted the "loophole" as one of three urgent priorities for action. The Law Commission's recommended changes would mean that if offensive material was posted online, "there will be consequences".

"You can't claim that just because the girl happened to be my ex-partner, I can put up online photographs of her in the shower," Shroff said.

"I think in today's environment, that kind of sanction is going to be quite important to try to get the message out there to individual people ... that you've got to take responsibility for your own information and you've got to take responsibility for what you put online.

"We do get a number of complaints about it and sometimes people don't realise that they can complain to us about it. ... This happens relatively frequently."

Shroff welcomed the proposals to boost her powers, saying the ability to issue compliance notices would streamline complaints.

"A compliance notice is urgently needed to get the people taking their stewardship of that information seriously," Shroff said.

A proposal to enforce mandatory reporting of privacy breaches may be more controversial, however.

Burrows said there had been some very high-profile cases of data breaches internationally, and some significant breaches had also occurred in New Zealand.

"Such breaches can put members of the public at risk from identity theft and other threats," Burrows said.

Laptop computers had been hacked and memory sticks with personal information about large numbers of people had been lost. People had a right to know if their information had been seriously compromised in such incidents, Burrows said.

"Then they can take measures to protect themselves such as cancelling credit cards, or can at least prepare themselves for any consequences of the breach," he said.

But Business New Zealand chief executive Phil O'Reilly has previously questioned the extent of the problem and suggested other options such as education and self-regulation rather than legal sanctions.

Commenting after it was revealed that hackers had accessed personal and potentially credit card details of more than 235,000 Sony users in New Zealand, O'Reilly said compulsory reporting here would be "a very heavy-duty thing to do".

The Law Commission report will now be considered by the Government, which will respond in due course.

- © Fairfax NZ News