Reading time: 6 minutes

When considering franchisor privacy obligations, the key issues reflect that of most businesses. Indeed, every organisation that handles personal information in New Zealand needs to observe our privacy law when doing so. Personal information includes any identifying information, such as:

  • names;
  • email addresses;
  • physical addresses;
  • phone numbers; or
  • images.

Your franchised business needs to comply with these requirements just like any other business would when dealing with personal information from your franchisees and customers. In fact, you may have greater privacy concerns because of the needed connectivity between you and your franchisees. This is especially true when engaging with eCommerce and social media. You need to ensure you implement strong privacy protections across your network so that you can improve your security and avoid legal penalties. For some guidance, this article will outline five privacy considerations for New Zealand franchisors.

Strong Franchise-Wide Policies

When you franchise, you will develop procedures and policies that your franchisees will use across their business, and a privacy policy should be one of them. Ensure someone with privacy law experience drafts your privacy policy and include it in your operations manual. Implement clear guidelines that are easily understandable by anyone across your franchise. Ensure you keep employees updated on any changes to the policy to avoid misunderstandings.

For example, you may use a trusted cloud server for storing personal information in your franchise. Include policies for how your franchisees should access the particular cloud server for their business and what procedures they need to observe to protect their privacy effectively.

Publish an easily accessible version of your privacy policy on your franchise’s website as well, to tell your customers how your franchisees:

  • collect their information, and why;
  • use their information;
  • secure and store their information; and
  • share their personal information, and who with.

Look into how privacy law affects your franchise to know what information you need to include in your privacy policy. You may find a cybersecurity policy useful as well, particularly when operating online.

For example, the law implies specific requirements for how you handle privacy access requests. Develop a standardised guideline for how your franchises should respond to such requests to meet these requirements.

Planning For Privacy Breaches

When implementing a franchisor privacy plan, it is important to plan for a breach. If you do not have a plan for handling privacy breaches within your franchise, you could face devastating consequences. You may lose customer trust for failing to protect their personal information, and you could face legal penalties.

Therefore, it is essential to develop a standard incident response plan for dealing with privacy breaches that all members of your franchise can follow. Your plan should include steps for:

  • containing a breach;
  • assessing a breach’s damage;
  • notifying affected parties and the Privacy Commission when appropriate; and
  • preventing future breaches of a similar nature.

You also need to expend effort into developing breach prevention measures across your franchise. Maintain an adequate security standard for your franchisees to follow when protecting personal information.

For example, you may use data tracking to collate customers’ purchase preferences across your franchise. If you de-identify this data, this minimises the amount of personal information you can lose in a breach, therefore mitigating some risk.

Protecting Email Privacy

A great way to communicate franchisor privacy updates is by email. An email will be one of the prime ways you communicate with your franchisees and general communication across your franchise. This is also one of the most common avenues for a privacy breach due to simple mistakes and deliberate interference.

Therefore, you need to take adequate precautions to develop secure email handling. Use protected email servers and up to date authentication measures. In training, educate both your franchisees and their staff about recognising suspicious emails and maintaining diligence about who they send their emails to.

For example, take steps to reduce human error when sending emails, such as sending emails to the wrong person. Advise franchisees about things like pop-up boxes confirming the correct recipient for emails and document security when sharing in mass emails.

Privacy Officers

Every organisation in New Zealand that deals with personal information needs to have a privacy officer to meet their privacy law obligations. When considering franchisor privacy, contemplate how you will have a privacy officer within your franchise. Options include a:

  • privacy officer within each franchisee’s business;
  • privacy officer that works for the whole franchise;
  • consulting officer that you only engage whenever there are privacy concerns; or 
  • privacy team that handles privacy procedures across the franchise.

Evaluate the privacy needs of your franchise, and consider what the best placement of a privacy officer would be within your network. 

Working With Overseas Parties

Your franchise may operate in multiple countries, which means you need to consider the privacy laws of those countries as well. You may partner with businesses that operate overseas and share New Zealand citizens’ personal information with them.

When you do so, you need to comply with New Zealand privacy law’s requirements for sharing such data with foreign parties. You need to ensure you protect this personal information with the same standard as New Zealand law. This may be through the law itself or your contractual requirements with these foreign parties. 

Key Takeaways

Just like any other business, your franchise needs to comply with New Zealand privacy law. Therefore, you need to implement franchise-wide privacy policies, evaluate potential privacy risks within your network, and handle them accordingly. If you would like more information or help with privacy concerns within your franchise, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

Does my business need a privacy officer?

The Privacy Act requires that every agency dealing with personal information has someone who acts as a privacy officer. This could be a standalone role or as a part of a staff member’s overall duties.

What is a privacy breach?

A privacy breach is when someone or something has compromised the personal information you hold at your business. This could include unauthorised access to said personal information or barring you from accessing the information yourself.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards