Reading time: 6 minutes

Customers value businesses that take their privacy seriously and maintain secure systems to handle their personal information. If there is a privacy breach in your business, you could lose customer trust. In the worst-case scenario, you could face legal consequences. As an employer, you should duly consider how you protect privacy in your business and how it can improve. This article will offer 10 privacy tips for your business.

1. Prioritise Security

Depending on whether you store your customers’ personal information digitally or physically, you must ensure there are adequate security measures in place. Generally, do what is reasonable according to your circumstances. For example, you should keep sensitive information under lock and key, and implement a strong password policy.

Many small businesses that operate online may think that they would not be the target of cyber-attacks because they are small. Unfortunately, malicious actors will target any system they think is weak, regardless of what the system is protecting. Without doubt, you must treat privacy security seriously.

2. Listen to Your Privacy Officer

For businesses that deal with personal information, a privacy officer is essential under NZ privacy law. Indeed, it is their job to manage privacy matters at your business and ensure you have effective privacy procedures in place. 

For instance, your privacy officer needs to:

  • be familiar with the Privacy Act’s principles, and ensure compliance;
  • assess your business’s privacy risks and mitigate them;
  • deal with privacy complaints;
  • have a plan for handling privacy breaches;
  • handle information access requests; and
  • liaise with the Privacy Commissioner.

It must be remembered that personal information includes email addresses and phone numbers.

3. Be Transparent With Your Customers

Transparency and being clear with customers about how their personal information is managed is a key part of your legal privacy responsibilities. For example, this includes telling customers:

  • that you collect their personal information;
  • why and how you are collecting their personal data;
  • how you protect their information;
  • what you are using their personal data for;
  • when they can access and correct their personal information; and
  • who you share their information with, and why.

4. Work Together With Your Staff

Spotting privacy breaches will be much easier if your staff know how to identify them and what their responsibilities are regarding protecting customer privacy. Equally important, you must also protect the privacy of your employees. With this purpose in mind, it is important to educate employees to ensure they know how to recognise suspicious emails, and are careful about who they send personal information to. For instance, an employee may send an email containing personal information to the wrong person. Generally, one way to avoid this is to ensure your staff double-check the information they are sending and who it is being sent to.

5. Only Collect What You Need

According to New Zealand law, you must only collect the personal information necessary to fulfil a legitimate business purpose. For example, you might need a physical address for delivery. Accordingly, privacy breaches can be reduced by only taking necessary information, as there is a smaller volume of data that can be leaked. Thus, you should ensure any personal information you use is accurate and up to date.

6. Develop a Response Plan

The best way to avoid a privacy breach is to implement preventative measures. Therefore, it is crucial to develop a plan for what happens if a privacy breach occurs in your business. Working with your privacy officer and staff, you should develop an incident response plan for handling privacy breaches at your business which details each person’s responsibilities.

In some circumstances, you may be concerned a privacy breach is likely to cause serious harm. In this scenario, you must report the breach to the Privacy Commissioner.

7. Draft an Effective Privacy Statement & Privacy Policy

A privacy statement is a brief paragraph letting your customers know that you collect their personal information and why. Within this statement, it is a good idea to include a link to your more detailed privacy policy.

8. Seek Help or Advice

Physical security measures are relatively straightforward. However, digital databases can be more complicated. If you are not from a cybersecurity background, it’s a good idea to seek help from professionals. For instance, a trusted IT service provider that has experience with protecting sensitive information can help you manage digital databases. Accordingly, if you need to ensure your security measures meet the appropriate legal standard, you should seek legal advice.

9. Do a Privacy Impact Assessment on New Projects

A privacy impact assessment is an analytical tool that assesses how a new project or system will impact privacy in your business. Accordingly, the completion of the privacy impact assessment means you can be confident that your privacy measures are up to date. This means nothing new will jeopardise how you protect privacy in your business.

10. Dispose of Personal Information Safely

You should only retain personal information whilst it fulfils its purpose. Accordingly, you should dispose of the information or remove identifying features when it is no longer needed. The way to achieve this varies, for instance, you could go remove names and contact details from documents, or wipe your hard drive.

Key Takeaways

It is likely your business will deal with personal information, and it is important to implement appropriate measures to safely deal with that information. If not, you could lose customer trust and face costly legal penalties. If you would like more information or help with privacy at your business, contact LegalVision’s New Zealand privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a privacy breach?

A privacy breach refers to when personal information at your business has been compromised in some way. Either an unauthorised person has access to sensitive information, or something is stopping you from access, such as a denial-of-service attack.

What does a privacy officer do?

A privacy officer is a person in charge of making sure your business complies with its privacy law obligations. This person helps your business develop systems for protecting personal information and will advise you on how to mitigate security risks.

How can I protect digital information in my small business?

The best way to protect digital information in your small business will depend on your unique situation and what options you have available. Generally, you should ensure that you have strong passwords and encrypt any private information.

Do I need a privacy policy?

If you handle personal information, you need to let customers know how you do that. A privacy policy can be useful for providing the necessary detail in this and limiting your liability.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards