Reading time: 5 minutes

The ways that we can share information now are numerous and varied, sending data across the world in seconds. This greater connectivity can mean increased opportunities for your business and efficient collaboration across industries. However, there are also more significant risks present in the current information age, and your business’ data can fall into the wrong hands. New Zealand privacy law sets minimum standards for how your business should handle personal information, but you can achieve greater security by going above this standard. One way of managing risk is through the privacy by design approach, which will affect almost all information processes across your business. Therefore, this article will explain what privacy by design means and how it may be useful to you.

What Is Privacy By Design?

Privacy by design refers to a mode of operating that puts privacy as its focus. Indeed, as the world becomes more digitally dependent, this process operates on the fact that minimum compliance with privacy law is not enough for protection. Instead, it places privacy assurance as the default for almost all operations within your business. Therefore, under a privacy by design approach, privacy is a priority from the outset. This means you embed design that promotes privacy in your:

  • IT systems;
  • business practices;
  • applications; and
  • projects.

In particular, privacy by design operates on seven foundational principles, which are:

  1. being proactive, not reactive, focusing on preventative measures rather than remedial;
  2. operating with privacy as the default setting;
  3. embedding privacy into your design and business architecture;
  4. treating privacy design requirements as a positive-sum, rather than as a trade-off for other functionalities;
  5. protecting privacy across the entirety of the data lifecycle;
  6. being visible and transparent with people about how you deal with their personal information; and
  7. keeping the user’s privacy at the centre of any design.

Benefits of Operating Under Privacy By Design Principles

If your business deals with sensitive data, it may be worthwhile to consider implementing privacy by design principles within your workplace. Indeed, when privacy becomes a priority, it is much easier to identify and address privacy risks before they can lead to privacy breaches. You can also build greater trust with your customers and establish a reputation as a competent privacy-minded organisation. Other benefits can include:

  • reduced costs from identifying privacy risks before they become issues;
  • increased privacy awareness across your business, leading to fewer mistakes;
  • less intrusive action on the privacy of your employees and customers;
  • less likely privacy breaches;
  • greater ability to deal with unexpected privacy issues;
  • better adaptability to changing technology and its privacy impacts;
  • increased information security overall;
  • competitive advantages to customers seeing your business as more privacy-focused than competitors; and
  • greater likelihood of complying with your legal obligations.

Privacy and The Law

Privacy by design is important because it directly relates to your business complying with its legal obligations under the Privacy Act. This law imposes rules for any agency that handles personal information. In particular, this covers any information which you can use to identify a living person, which can include:

  • names;
  • addresses;
  • photos;
  • email addresses;
  • IP information; and 
  • financial details.

Businesses that impose a privacy by design approach will likely be meeting a standard for information privacy higher than what New Zealand law sets. Certainly, this may seem daunting at first. However, running on such a methodology means that there is a lower chance of you breaching the Privacy Act. This is crucial because breaching this law can result in fines or legal action. Therefore, avoiding legal consequences will benefit your business.

Note: If your business deals with the personal data of residents of the European Union, the General Data Protection Regulation (GDPR) may apply to you. This regulation is a framework of privacy laws in the EU that imposes a different standard to New Zealand’s own privacy laws. If you do need to comply with the GDPR, operating a privacy by design approach can make meeting your obligations easier. 

What Does Privacy By Design Look Like?

The exact specifications of your approach will depend on the nature of your business. However, there are a few broad concepts and practices that you should implement if you wish to achieve a sufficient privacy by design model, which includes:

  • involving all members of your business in the privacy process, ranging from executives and management to your employees;
  • conducting privacy impact assessments whenever you start a new project;
  • holding regular privacy audits;
  • catering privacy requirements to the specific nature of the activity they apply to, such as the protocols for privacy in face to face conversations versus email;
  • keeping your privacy officer involved;
  • listening to customers’ privacy concerns, and operating with their privacy in mind; and
  • keeping up to date with changing technology and its privacy impacts.

Key Takeaways

Operating with a privacy by design approach means placing privacy assurance as a focus across your business. However, this practice requires a higher privacy standard than what the law may require. Nonetheless, it can offer numerous benefits as well.

If you would like more information or help with implementing privacy by design at your business, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is personal information?

Personal information is any information you can use to identify a living person, whether by itself or combined with other data. For example, a name or photo of a person.

What is privacy by design?

This refers to a way of operating your business processes that place privacy protection as the default. As a result, privacy becomes a focus, and you embed it in all of your business practices.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards