Reading time: 5 minutes

Every business that handles personal information needs to comply with privacy laws, namely the Privacy Act. This Act is New Zealand’s primary law that regulates and protects the privacy of its citizens. It sets out standards for how you deal with personal information, including information:

  • collection;
  • use;
  • security;
  • storage;
  • access; and
  • disclosure.

There are also additional standards that apply to certain kinds of personal information, such as personal health information. The law also requires that every business has a privacy officer and reports any privacy breaches that are likely to cause serious harm. Your obligations under the law can be a lot to keep track of, especially for small businesses. However, there can be serious consequences for businesses that do not keep up with their privacy obligations. Therefore, it is crucial that you seek legal help when you need it. For some guidance, this article will go through four questions for you to ask a lawyer about complying with New Zealand privacy laws.

1. Is the Personal Information I Hold Secure Enough?

The Privacy Act mandates various principles that cover how your business handles personal information. One of those covers the way you store any personal information and its level of security. The law requires that you ensure there are safeguards in place to protect against any personal information:

  • loss;
  • misuse; or
  • disclosure.

The intensity of these safeguards must be reasonable according to the circumstances. 

What a ‘reasonable’ standard is can be hard to gauge, especially if you operate online. It will vary according to context, depending on:

  • the sensitivity of any personal information you hold;
  • what you use the personal information for;
  • what security measures you have access to, and how these impede your business’ functioning; and
  • the consequences for affected individuals if there is a privacy breach.

A lawyer with experience in information privacy can look at the unique circumstances of your business and the kind of personal information it deals with. Based on legal precedent and industry best practice, they can advise you on what a ‘reasonable’ standard would look like for your business.

2. Does My Business Comply With the New Privacy Act?

From 1 December 2020, the updated Privacy Act came into effect. This update aims to regulate the changing way that personal information can spread now and the speed at which this can happen. At this point, if you have not looked into what your business needs to do to comply with the new Act, you need to do so promptly. The new Act has introduced new criminal offences and mandatory privacy breach reporting, among other things.

If you are unsure about how these new requirements will apply to your business, a lawyer can help you. They can go through the new changes with you and recommend procedures to implement at your business to comply with the new law.

3. What Should I Do to Avoid Liability in a Privacy Breach?

If there is a privacy breach within your business, this can have disastrous consequences for you and your customers. Depending on the nature of the information lost, your reputation can take a hit for failing to adequately protect customer information. You may also face legal penalties, such as those that the Privacy Commission imposes and civil proceedings.

For example, your business may save credit card details for customers’ ease of access in future purchases. However, if you lose this personal information in a breach, your customers may face cases of identity theft and fraud. Your customers may then pursue legal action against your business.

Therefore, it is important that you have a comprehensive and effective plan for dealing with a privacy breach. A lawyer can look over your plan and help fill in the gaps to meet your requirements under the Privacy Act. They can also help to reduce any factors that would damage your case in any civil action.

4. What Does My Privacy Policy Need to Cover?

New Zealand privacy laws require that your business tells people when you collect their personal information, and:

  • what information you collect, and how;
  • your intended uses for that personal information;
  • whether any laws apply to this collection;
  • who has access to their information;
  • whether they can choose not to give you personal information;
  • the consequences of this choice;
  • that they have the right to access and correct their information; and
  • your contact details.

Many businesses do this with a privacy policy or similar. You need to cater your privacy policy to suit your business so that you comply with all that the law requires.

A lawyer can draft an appropriate privacy policy that fulfils your needs and meets the law’s requirements.

Key Takeaways

The law has specific requirements about how you handle your individuals’ personal information. Your customers will also value a business that cares about their privacy and meets their security expectations. A lawyer can help you make sure your business is complying with New Zealand privacy laws and implement effective privacy procedures within your business. If you would like more information or help with your business’ privacy obligations, contact LegalVision’s data, privacy and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is personal information?

Personal information is any information about an identifiable individual. If you can use the information to identify a living person, then this is personal information. Examples include names and addresses.

Who does the Privacy Act apply to?

The Privacy Act applies to any organisation that deals with the personal information of New Zealand citizens. It calls these organisations agencies. Individuals can also be an agency when dealing with personal information for business purposes.

Does my business need a privacy policy?

New Zealand privacy laws require that you tell your customers how you deal with their personal information. Many businesses and websites do this with a privacy policy. 

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards