Reading time: 5 minutes

If you run a charity in New Zealand, you need to be careful if you deal with personal information and other kinds of confidential data. Many organisations are moving their operating systems online, and this raises concerns around your data security. More technology means more convenience but also more risk. Therefore, you need to prioritise data protection when that data is sensitive or high-risk. That way, you can reassure your donors and members of the public that the information you hold of theirs is secure. Additionally, data protection is important for complying with your obligations under privacy law. So, this article will explain what you need to know about data protection if you run a charity in New Zealand.

Privacy Law and Data Protection

If you deal with personal information, then the Privacy Act applies to your organisation, whether that information is digital or not. To clarify, personal information is any data that can identify a person. Therefore, the Privacy Act aims to protect the privacy rights of every individual in New Zealand by imposing obligations on those that handle their personal data.

Following that, your charity will likely deal with all kinds of personal information, such as the:

  • donor’s financial information;
  • volunteer details;
  • donor’s names and addresses;
  • employee details;
  • names and contact details of board members;
  • meeting minutes that mention people by name;
  • reports or surveys of the general public;
  • tracking of cookies from your website; and
  • identifying details of charity members or the people you help.

Your Obligations

One of your obligations is to protect the personal data you hold with security measures appropriate to:

  • where you store it;
  • the kind of information it is; and
  • information sensitivity.

Therefore, when you store personal data online, you need efficient data protection measures. These play out both in what security you have and your charity’s practices that reduce the risk of: 

  • a data breach; or
  • other unauthorised disclosure.

Mishandling data protection could lead to losing your reputation as a trustworthy charity organisation and legal penalties under privacy regulation.

If you handle the personal data of European Union residents, then the General Data Protection Regulation (GDPR) may also apply to your charity. They have additional data protection laws that you would need to know about.

Review What Data is Necessary

Under the Privacy Act, you can only collect and use data that is necessary for a legitimate purpose. You need to have this purpose in mind before you collect any personal data, and tell people that is why you are collecting their information. Once you have used that data for its intended purpose, you should dispose of it securely.

If you limit the personal data your charity collects, there is less to protect and lose in a data breach. Regularly review the personal data your organisation holds so that you are not retaining anything unnecessarily.

Determine What Security Measures Work for You

When you store your charity’s data online, it is important that you implement robust and effective cybersecurity measures. If you do not have skills or experience in this area, consider getting the help of an IT expert to ensure your security is enough to protect the important data you hold. 

An example of a good data protection measure is encryption. You should engage an encryption service for any personal data that you:

  • collect over an internet connection;
  • share over email; or
  • store in a database.

You will also want to make sure your antivirus software is up to date and functional.

Sharing Data

You may wish to share the data that your charity holds with another organisation, such as if you want to recommend a volunteer for their excellent work. Or, you may give them information about your donors if the other party wants to reach a larger audience.

However, you cannot share any personal data unless you have met the necessary requirements. You need to confirm that:

  • you have the consent of the relevant individual it is about;
  • disclosure was one of the reasons you collected it;
  • a law or court requires it; or
  • you cannot identify who the information is about.

When you share this information, you also need assurances from the other party that they will handle it securely and comply with privacy law. Otherwise, this poses a risk to your charity’s personal data and undermines your data protection.

If you want to share data with overseas parties, there are additional requirements you may need to meet as well.

Key Takeaways

When your charity deals with personal data, such as donor information or volunteer details, you need to adequately protect that data, both for legal and reputational reasons. Therefore, make sure you receive assurances from anyone you share data with that they will not undermine the protection measures you have in place. Additionally, implement appropriate cybersecurity measures, such as strong passwords and encryption. If you would like more information or help with your charity’s data protection, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

Is my charity an agency under privacy law?

An agency is the legal name of any business or organisation that handles personal information. If your organisation in the charity sector deals with personal data of this kind, you are an agency that must comply with the Privacy Act.

Who can I share personal information with?

When you collect personal information, you must tell the individual you are collecting it from who you will share it with. You cannot share information with a new third party without consent from the original individual.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards