The New Zealand Privacy Act 2020 comes into effect 1 December 2020, putting new obligations on businesses. Information and Data Security Expert Michelle van Straalen says most are not aware of or prepared for the changes and will be in breach of the law come 1 December 2020.
Under the Privacy Act 2020, all New Zealand businesses who collect, store or use personal information about their employees and/or customers will be required to comply with new legal obligations.
Businesses will; be required to report serious data breaches to both the people affected and the Office of the Privacy Commissioner; are prohibited from destroying any personal information held by their business to avoid providing it if someone requests it; and, need to ensure their service providers meet new privacy laws if they are based overseas (e.g. Cloud Software).
Information and Data Security Expert Michelle van Straalen, Director of The Information Privacy Company, says most New Zealand businesses are unaware of their obligations and will be in breach of the new law.
“It’s fair to say, most clients we’re speaking to are unaware about their obligations and the relevance of this law to their business and systems,” says Michelle.
“Whether it’s customer details or staff files, most businesses keep private information on file, so they need to ensure they understand and comply with the new rules. The more sensitive the information, the more measures they’ll need to take to protect it.”
Van Straalen stresses that businesses need to review their systems and work through data and information scenarios to ensure processes are in place, and policies are watertight and compliant.
“How they safeguard personal information depends on the sorts of information they collect. This includes talking to staff, updating policy and processes, disposing of personal information when they have finished with it, and appointing an information privacy officer,” she says.
“Plus, if they use an overseas-based service provider, like cloud software, they should be asking the provider how they’re meeting New Zealand’s privacy laws.”
“Breaches and careless handling of private information can cost businesses heavily, so we’re encouraging them to take it seriously, be proactive and prepare now to avoid penalty.
The Information Privacy Company is a New Zealand based business specialising in information and data security. We help businesses and agencies to understand your obligations under New Zealand Privacy Law. To find out more about services on offer, contact The Information Privacy Company HERE