Mistakes to Avoid Under the Privacy Act 2020 in NZ

As a business owner, it is your responsibility to ensure your organisation complies with privacy laws. The Privacy Act 2020 created a raft of changes to protect privacy in New Zealand. With the rise of online data, privacy is at the forefront of legislators’ minds, as many businesses hold customers’ private data. In addition, cyber security threats mean that it is all the more critical that companies have robust privacy plans in place to ensure that their data or their customer’s data does not fall into the wrong hands. This article will explain your obligations under the Privacy Act 2020.

Main Clauses 

Notify Privacy Breach

Under the new Privacy Act, you must notify the Privacy Commissioner when you know that your business has been subject to a privacy breach. You must also inform all the individuals affected by the privacy breach. For example, your business might have been hacked, and your customers’ data leaked. This means you must inform your customers about this and, specifically, what data has leaked. 

Collect Necessary Information

The new legislation also outlines the circumstances in which you can ask for data. This means you can not collect customer information just because your business wants to keep a record. However, you can still collect the information you need, such as a delivery address, if your business delivers something to your customer. There are also provisions in the Act that mean you must take extra precautions when retrieving information from minors or those who are vulnerable. 

Allow People to Access Your Data

The Act also requires you to allow individuals to access the data that you hold. This means you must honour any request someone makes to access their data. They can also correct any personal information about themselves that you may have. The Privacy Commissioner can issue an access direction if you refuse to allow someone access to their data.

Mistakes to Avoid

Collecting Too Much Information

Everyone at some point is likely to have filled out a form that requires too much information. Under the Act, businesses must ensure that they only collect the necessary information. This means it is essential that, as a business owner, you reassess how much data you need from your stakeholders. For example, you do not need your customer’s address in most cases, so you may want to take this out of your relevant forms.

Sharing Information with Overseas Entities

Another privacy mistake you must avoid is ensuring you share information with overseas entities appropriately. You must look at the foreign country’s privacy laws before you share any information with them. You should also make sure to include proper privacy clauses in your contracts with overseas businesses that reflect the privacy laws in New Zealand.

Not Abiding by Compliance Notices

The Act allows the privacy commissioner to issue compliance notices which you must follow. These compliance notices might relate to how your business’ privacy protections operate. They can require you to do something or stop doing something to ensure that you comply with the Act. These notices will have a date by which you must comply with them.

NZ Startup Manual: A Legal Handbook For Founders

Essential reading for anyone building their startup. This free guide includes practical advice and seven real-life case studies.

Download Now

Key Takeaways

As a business owner in New Zealand, you must be aware of the Privacy Act 2020 and its obligations. If you need help protecting your business, our experienced privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0800 005 570 or visit our membership page.

Frequently Asked Questions