This year New Zealand will see the biggest change to our Privacy laws in over 25 years.
The Privacy Bill, which amends the Privacy Act 1993, passed through Parliament on 30 June 2020. That means changes are coming! They will come into effect on 1 December 2020.
Will your business be ready and compliant with the new regulations?
What Is The Privacy Act 1993 For?
The Privacy Act 1993 governs how individuals, organisations and businesses collect, use, disclose, store and give access to personal information.
This Act was simple to adhere to when the regulations came into effect almost three decades ago. Now, with the digital world dominating every aspect of your modern lives, it is no surprise that an almost 30-year-old Act surrounding personal information needs some amendments!
The core purpose of the Privacy Act is not changing. It is still a piece of legislation that is designed to protect people and their personal information.
The ever increasing problem of cyber threats, numerous data breaches from high profile organisations, and international law like the GDPR have highlighted the need for greater focus in this area. So, the update to the Act makes sure personal information is kept safe even with the use of new technology and new ways of doing business.
The changes impact every business that collects, stores and uses personal information about their employees and/or customers. This includes New Zealand businesses that have overseas team members and use international service providers.
It is your responsibility to ensure that every facet of your business is meeting NZ privacy laws, particularly with the specific aspects that are being updated:
- Reporting Data Breaches
- International Data Protection
- Strengthening cross border protections
- Greater information-gathering power for the Privacy Commission
- New Criminal offences – fines up to $10,000
What Your Business Needs To Do
Check your processes to ensure that your business is going to be fully compliant with the original Act and these new amendments.
Here are the steps you need to take:
- Make sure all personal information is stored securely, both physically and online. If you use any overseas service providers, ensure their security standards are compliant with NZ privacy laws.
- Only hold the personal information for the relevant timeframe and ensure it is securely disposed of when no longer required.
- Appoint a Privacy Officer – this person needs to be familiar with the Privacy Act and what it means for your business. They are also responsible for dealing with any privacy issues, should they arise.
- Speak with your team about what to do if a data breach occurs. Advise them of the process for who to alert and how to handle the situation.
- Review your Privacy Statement to ensure it is up to date. If you don’t currently have a Privacy Statement, then you need to make sure you have one in place.
- Complying with these upcoming changes to the Privacy Act 2020 should be a priority for your business. Data breaches can be costly from a financial perspective but are also costly to your company’s reputation.
We’re here to help you grow!