In today’s digital landscape, information reigns supreme. As consumers, we often freely disclose our personal data multiple times a day, sometimes without even realising it. Yet, for businesses, safeguarding this information is a crucial responsibility—one that cannot be overlooked.
The Privacy Act 2020 supersedes the Privacy Act 1993 and dictates how organisations and businesses collect, store, utilise, and share personal information (personal information could be something as simple as a name and email address!). The new legislation emphasises proactive intervention and risk management by businesses while bolstering the authority of the Privacy Commissioner. Organisations must have a Privacy Officer to
- Ensure compliance with the Privacy Act
- Handle client complaints regarding privacy breaches
- Manage requests for personal information access or correction, and
- Liaise with the Office of the Privacy Commissioner.
In short, if you collect client information, here are more details for you to ensure lawful and responsible handling of personal data.
Key Changes:
- Mandatory Reporting of Privacy Breaches: It is now obligatory to report any data breach likely to cause harm to an individual (known as a notifiable breach) to both the Privacy Commissioner and the affected person. It’s important to note that not all breaches need to be reported. Utilise the online privacy breach notification tool and updated guidance to assess the severity of the breach.
- Compliance Notices: The Privacy Commissioner can issue compliance notices to businesses or organisations to initiate or halt activities to comply with the new legislation.
- Access Request Decisions: The Privacy Commissioner can direct agencies to provide individuals access to their personal information, enforceable through the Human Rights Tribunal.
- Strengthening Cross-Border Protections: New Zealand agencies must take reasonable measures to ensure personal information sent overseas is protected by comparable privacy standards. Additionally, when engaging overseas service providers, compliance with NZ privacy laws is mandatory.
- Introduction of New Criminal Offenses: It is now unlawful to mislead an agency in a manner affecting someone else’s information and to destroy documents containing personal information upon request. The penalty for such offenses can be a fine of up to $10,000.
- Empowering the Privacy Commissioner’s Information Gathering Authority: The Commissioner can shorten the timeframe for agencies to comply with investigations, with non-compliance penalties increased from $2,000 to $10,000.
The New Zealand Privacy Act 2020 is an important framework for upholding privacy law and digital protection in the modern era. It emphasises the importance for organisations to promote stringent standards of accountability and compliance. If you’re a business owner, a Privacy Officer, or anyone who has access to client or customer data and wish to learn more about The Act, the Privacy Commissioner website is full of helpful tools and resources.