Reading time: 5 minutes

A privacy audit evaluates your existing privacy policies and procedures within your business. Indeed, it determines how compliant you are with the Privacy Act. This can help you determine whether you are meeting your privacy obligations to your customers. It also reviews the efficacy of your procedures for maintaining and protecting privacy. When you deal with personal information, you need to ensure you maintain an adequate standard for protecting it. A privacy audit is a valuable tool that can help you develop a process to keep your procedures up to date as privacy law changes. If you are considering whether you need a privacy audit, this article will provide four reasons why your business should complete one.

The Privacy Act Has Changed

The Privacy Act is New Zealand’s main structure for protecting its citizens’ privacy. From 1 December 2020, its updated requirements started applying to businesses. If you have not reviewed your privacy policies to see if they match these new requirements, you need to do so as soon as possible. These changes to the law include:

  • mandatory data breach reporting;
  • new overseas disclosure standards;
  • compliance notices;
  • enforceable access directions; and
  • new criminal offences.

If you do not comply with the new Privacy Act, you could face legal and financial penalties. You should conduct a privacy audit to determine whether you need to change anything within your business to meet your privacy obligations, and how you can implement those changes.

Easier To Prevent Than Fix

An effective privacy audit reviews your existing privacy practices and identifies potential privacy risks for your business. Once you have identified these risks, you can take steps to mitigate them. Therefore, you can make up for any vulnerabilities in your security systems.

It is easier to prevent problems once you identify them, rather than deal with the aftermath of an avoidable breach. For digital information, malicious third parties will take advantage of weak security systems. Therefore, you need to take steps to secure your own. To do that, you first need to identify its weak points.

For example, your privacy audit may identify risks in your information storage, such as outdated software and unencrypted data. Once you identify these vulnerabilities, you can update the software and encrypt important data. This will lessen the risk of a privacy breach and protect your data from third parties should it leak.

Avoid Legal and Reputational Penalties

One of the new changes the Privacy Act brings is giving the Privacy Commission more power to enforce its rules. It can do so with compliance notices. When an individual complains to the Privacy Commission about your business interfering with their privacy, the commission can investigate. If it finds that the complaint is valid, it can then issue you with a compliance notice telling you what you need to do to fix the problem and how long you have to do it.

The Privacy Commission can publish these notices, notifying the public that you have breached the Privacy Act. This will likely negatively affect customer trust and damage your business’ reputation. 

If you do not comply with a notice or engage in one of the other offences the Privacy Act lists, you can face fines up to $10,000. The Privacy Commission can also refer cases to the Human Rights Review Tribunal, where you could face further penalties.

Conducting a privacy audit means you can evaluate your compliance with the Privacy Act and identify areas that go against these obligations. If you can stop these practices before they devolve into conduct that breaches the law, you can avoid severe legal consequences.

For example, there are specific requirements for handling personal information access requests, which the Privacy Commission can enforce when appropriate. A privacy audit would identify weak points in your request-response process, meaning you can improve your practices. Not only does this help for meeting your legal requirements, but it also improves customer satisfaction when they ask for their information from you.

Gain an Outside Perspective From an Expert

Your privacy officer would likely be the person to spearhead a privacy audit of your business. They would look at existing documentation and codes of practice relating to privacy, as well as privacy management within your agency. They would also evaluate how your staff handle privacy and whether they need further training to meet the appropriate standard.

However, it may be an excellent opportunity to gain an experienced perspective on privacy within your business when you conduct a privacy audit. Asking a privacy lawyer to audit your business means that you can receive privacy advice tailored to your needs. This can be especially useful if you deal with large amounts of complex personal information. It also provides an external viewpoint that may identify weaknesses that you would not have noticed.

Key Takeaways

A privacy audit reviews your existing privacy policy practices and identifies where you may be falling short of your privacy obligations. This means you can fix these problems and mitigate privacy risks as you find them once you have completed the audit. If you would like more information or help with your privacy audit, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out a form on this page.

Frequently Asked Questions

What is a privacy audit?

A privacy audit looks at your business’ existing privacy rules and procedures and evaluates whether they are up to the legal standard. It analyses your compliance with the Privacy Act as well as your data protection.

When should I conduct a privacy audit?

It is a good idea to conduct a privacy audit periodically to have an up to date evaluation of your business’ privacy processes. Since the Privacy Act has recently changed, it would be a good idea to conduct one soon.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards