Table of Contents
As a business owner, it is your responsibility to ensure your organisation complies with privacy laws. The Privacy Act 2020 created a raft of changes to protect privacy in New Zealand. With the rise of online data, privacy is at the forefront of legislators’ minds, as many businesses hold customers’ private data. In addition, cyber security threats mean that it is all the more critical that companies have robust privacy plans in place to ensure that their data or their customer’s data does not fall into the wrong hands. This article will explain your obligations under the Privacy Act 2020.
Main Clauses
Notify Privacy Breach
Under the new Privacy Act, you must notify the Privacy Commissioner when you know that your business has been subject to a privacy breach. You must also inform all the individuals affected by the privacy breach. For example, your business might have been hacked, and your customers’ data leaked. This means you must inform your customers about this and, specifically, what data has leaked.
Collect Necessary Information
The new legislation also outlines the circumstances in which you can ask for data. This means you can not collect customer information just because your business wants to keep a record. However, you can still collect the information you need, such as a delivery address, if your business delivers something to your customer. There are also provisions in the Act that mean you must take extra precautions when retrieving information from minors or those who are vulnerable.
Allow People to Access Your Data
The Act also requires you to allow individuals to access the data that you hold. This means you must honour any request someone makes to access their data. They can also correct any personal information about themselves that you may have. The Privacy Commissioner can issue an access direction if you refuse to allow someone access to their data.
Mistakes to Avoid
Collecting Too Much Information
Everyone at some point is likely to have filled out a form that requires too much information. Under the Act, businesses must ensure that they only collect the necessary information. This means it is essential that, as a business owner, you reassess how much data you need from your stakeholders. For example, you do not need your customer’s address in most cases, so you may want to take this out of your relevant forms.
Sharing Information with Overseas Entities
Another privacy mistake you must avoid is ensuring you share information with overseas entities appropriately. You must look at the foreign country’s privacy laws before you share any information with them. You should also make sure to include proper privacy clauses in your contracts with overseas businesses that reflect the privacy laws in New Zealand.
Not Abiding by Compliance Notices
The Act allows the privacy commissioner to issue compliance notices which you must follow. These compliance notices might relate to how your business’ privacy protections operate. They can require you to do something or stop doing something to ensure that you comply with the Act. These notices will have a date by which you must comply with them.
Essential reading for anyone building their startup. This free guide includes practical advice and seven real-life case studies.
Call 0800 005 570 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Key Takeaways
As a business owner in New Zealand, you must be aware of the Privacy Act 2020 and its obligations. If you need help protecting your business, our experienced privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0800 005 570 or visit our membership page.
Frequently Asked Questions
Yes, you can face prosecution for misleading an agency to access someone else’s information.
The Privacy Commissioner can issue access directions to ensure that businesses give access to their customers’ data. They can also issue compliance notices.
We appreciate your feedback – your submission has been successfully received.