Skip to content
LegalVision New Zealand

5 Privacy Considerations for NZ Franchisors

Avatar photo

By Emma Lindblom

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn

In Short

  • Ensure franchise-wide privacy policies are clear and updated regularly.

  • Develop an incident response plan for privacy breaches.

  • Appoint a privacy officer to meet privacy law obligations.

Tips for Businesses
Franchisors should create clear privacy policies, implement breach response plans, and appoint a dedicated privacy officer. Regular training on email security and privacy law is essential. When handling personal data, ensure your franchisees follow strict guidelines for protecting customer information and comply with New Zealand privacy law.

Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

When considering franchisor privacy obligations, the key issues reflect that of most businesses. Indeed, every organisation that handles personal information in New Zealand needs to observe our privacy law when doing so. Personal information includes any identifying information, such as:

  • names;
  • email addresses;
  • physical addresses;
  • phone numbers; or
  • images.

Your franchised business needs to comply with these requirements just like any other business would when dealing with personal information from your franchisees and customers. In fact, you may have greater privacy concerns because of the needed connectivity between you and your franchisees. This is especially true when engaging with eCommerce and social media. You need to ensure you implement strong privacy protections across your network so that you can improve your security and avoid legal penalties. For some guidance, this article will outline five privacy considerations for New Zealand franchisors.

Strong Franchise-Wide Policies

When you franchise, you will develop procedures and policies that your franchisees will use across their business, and a privacy policy should be one of them. Ensure someone with privacy law experience drafts your privacy policy and include it in your operations manual. Implement clear guidelines that are easily understandable by anyone across your franchise. Ensure you keep employees updated on any changes to the policy to avoid misunderstandings.

For example, you may use a trusted cloud server for storing personal information in your franchise. Include policies for how your franchisees should access the particular cloud server for their business and what procedures they need to observe to protect their privacy effectively.

Publish an easily accessible version of your privacy policy on your franchise’s website as well, to tell your customers how your franchisees:

  • collect their information, and why;
  • use their information;
  • secure and store their information; and
  • share their personal information, and who with.

Look into how privacy law affects your franchise to know what information you need to include in your privacy policy. You may find a cybersecurity policy useful as well, particularly when operating online.

For example, the law implies specific requirements for how you handle privacy access requests. Develop a standardised guideline for how your franchises should respond to such requests to meet these requirements.

Planning For Privacy Breaches

When implementing a franchisor privacy plan, it is important to plan for a breach. If you do not have a plan for handling privacy breaches within your franchise, you could face devastating consequences. You may lose customer trust for failing to protect their personal information, and you could face legal penalties.

Therefore, it is essential to develop a standard incident response plan for dealing with privacy breaches that all members of your franchise can follow. Your plan should include steps for:

  • containing a breach;
  • assessing a breach’s damage;
  • notifying affected parties and the Privacy Commission when appropriate; and
  • preventing future breaches of a similar nature.

You also need to expend effort into developing breach prevention measures across your franchise. Maintain an adequate security standard for your franchisees to follow when protecting personal information.

For example, you may use data tracking to collate customers’ purchase preferences across your franchise. If you de-identify this data, this minimises the amount of personal information you can lose in a breach, therefore mitigating some risk.

Continue reading this article below the form

Protecting Email Privacy

A great way to communicate franchisor privacy updates is by email. An email will be one of the prime ways you communicate with your franchisees and general communication across your franchise. This is also one of the most common avenues for a privacy breach due to simple mistakes and deliberate interference.

Therefore, you need to take adequate precautions to develop secure email handling. Use protected email servers and up to date authentication measures. In training, educate both your franchisees and their staff about recognising suspicious emails and maintaining diligence about who they send their emails to.

For example, take steps to reduce human error when sending emails, such as sending emails to the wrong person. Advise franchisees about things like pop-up boxes confirming the correct recipient for emails and document security when sharing in mass emails.

Privacy Officers

Every organisation in New Zealand that deals with personal information needs to have a privacy officer to meet their privacy law obligations. When considering franchisor privacy, contemplate how you will have a privacy officer within your franchise. Options include a:

  • privacy officer within each franchisee’s business;
  • privacy officer that works for the whole franchise;
  • consulting officer that you only engage whenever there are privacy concerns; or 
  • privacy team that handles privacy procedures across the franchise.

Evaluate the privacy needs of your franchise, and consider what the best placement of a privacy officer would be within your network. 

Working With Overseas Parties

Your franchise may operate in multiple countries, which means you need to consider the privacy laws of those countries as well. You may partner with businesses that operate overseas and share New Zealand citizens’ personal information with them.

When you do so, you need to comply with New Zealand privacy law’s requirements for sharing such data with foreign parties. You need to ensure you protect this personal information with the same standard as New Zealand law. This may be through the law itself or your contractual requirements with these foreign parties. 

Key Takeaways

Just like any other business, your franchise needs to comply with New Zealand privacy law. Therefore, you need to implement franchise-wide privacy policies, evaluate potential privacy risks within your network, and handle them accordingly. If you would like more information or help with privacy concerns within your franchise, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

Does my business need a privacy officer?

The Privacy Act requires that every agency dealing with personal information has someone who acts as a privacy officer. This could be a standalone role or as a part of a staff member’s overall duties.

What is a privacy breach?

A privacy breach is when someone or something has compromised the personal information you hold at your business. This could include unauthorised access to said personal information or barring you from accessing the information yourself.

Register for our free webinars

Responsible AI Use: Practical Tips For Businesses

Online
Learn how your business can manage AI’s legal risks effectively. Register for our free webinar.
Register Now

Redundancies and Restructuring: Understanding Your Employer Obligations

Online
Understand your obligations during redundancies and restructuring to protect your business. Register for our free webinar.
Register Now

Tips to Help Your Business Avoid Going to Court

Online
Learn how to resolve disputes efficiently and avoid costly court battles. Register for our free webinar.
Register Now

Supercharging Your Brand: How to Protect Your Brand And Drive Growth

Online
Build a stronger brand by protecting and using your trade marks effectively. Register for our free webinar.
Register Now
See more webinars >
Emma Lindblom

Emma Lindblom

Read all articles by Emma

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

10 Privacy Tips for Your NZ Business

5 Business Privacy Mistakes to Avoid

How to Respond to a Privacy Access Request

3 Reasons To Limit The Customer Data You Collect

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards