Reading time: 5 minutes

To meet your obligations under the Privacy Act, you need to ensure that your employees maintain your business’ privacy standards. One way to do this is to provide them with a privacy manual. This is an internal document which outlines privacy procedures and helps you comply with privacy law. This article will explain what a privacy manual is in New Zealand.

What is a Privacy Manual?

A privacy manual is a document or guidebook that you provide for your employees that details all privacy matters at your business. Notably, your business should have procedures and practices relating to maintaining privacy and protecting personal information. The manual is an internal document that explains such matters trelating to certain information to your employees. As an extension of your business, your employees are an active part of these processes and are responsible for making sure they work effectively. Additionally, they are the ones who will usually be handling the privacy concerns of your customers.

For example, customers have a right to know how your business deals with their personal information. Consequently, they will likely go to your employees if they want information about your privacy practices, so your employees need to know what your privacy practices are and how to handle those situations.

As a result, every employee needs access to your business’ manual. Therefore, you should also accompany the manual with privacy training relevant to what the employee does at your business.

Why Do I Need a Privacy Manual?

In New Zealand, every business that deals with personal information needs to comply with the Privacy Act. Thus, this law sets out various privacy obligations for businesses that deal with information like a person’s:

  • name;
  • IP address;
  • physical address;
  • phone number;
  • email address; or
  • identifying photos.

However, if one of your employees breaches the Privacy Act, then your business is likely to be responsible in the first instance. Therefore, you need to take steps to ensure your employees know:

  • their obligations under the Privacy Act;
  • their own privacy rights; and 
  • what privacy rights your customers have.

For example, your privacy manual should inform your employees that they can only collect personal data for a legitimate purpose.

A privacy manual is an integral part of ensuring your employees comply with the Privacy Act, on top of any privacy training or education. In addition, more informed employees mean a lower risk of privacy breaches occurring and safer handling of personal information.

For instance, email privacy breaches refer to when an employee sends an email to the wrong person. Therefore, if your employees are aware of the potential privacy fallout of such a situation, they can take more care to avoid email privacy breaches. Finally, a good manual should also detail what an employee should do in response to such a breach.

NZ Startup Manual: A Legal Handbook For Founders

Essential reading for anyone building their startup. This free guide includes practical advice and seven real-life case studies.

Download Now

Writing an Effective Privacy Manual

However, your task does not end simply by providing a manual. You also need to ensure that it is effective and does its job. A good privacy manual is only useful if your employees actually read it and take in its information in a way that means they can follow its guidance in the event of a privacy breach or other problem.

Therefore, you need to ensure that you effectively structure it to allow for the most accessible communication of its contents. Some ways to do this include:

  • ensuring your manual is in plain English and easily readable;
  • structuring your manual in intuitive sections for digesting information;
  • covering all necessary privacy aspects of your business; and
  • having an index for easy information retrieval.

If your manual is too complex or jargon-heavy, employees will not retain that information. It is also good to have employees sign their manual to show that they have read it, which can be helpful if there are any privacy disputes later on.

What Should My Business’ Privacy Manual Cover?

Your manual needs to reflect the reality of your business and what privacy issues are important. Accordingly, it would be a good idea to provide a relevant summary of the Privacy Act and its applicable principles. Thus, you should detail how you handle personal information within your business, such as its:

  • collection;
  • usage; 
  • disposal;
  • storage;
  • security; and
  • disclosure.

Following that, you need to detail your employees’ roles in maintaining proper standards when handling personal information at any point of its life cycle within your business. Different employees and teams will have different privacy responsibilities, so you need to account for this. Therefore, you should account for different situations for your business, and detail how to respond to those situations, such as:

In particular, when sharing personal data with third parties (such as business partners), you should also send them a copy of your manual. The law imposes various obligations on your business and you can inform third parties of them in this way.

Key Takeaways

A privacy manual is an important document for ensuring your employees comply with your business’s obligations under New Zealand privacy law. Therefore, a privacy lawyer can help you comply with your privacy obligations and review a manual. If you would like more information or help with your privacy manual, contact LegalVision’s New Zealand IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a privacy manual?

A privacy manual is an internal document that sets out your business’ privacy obligations for your employees. It also details their role in maintaining these obligations.

Do I need a privacy manual?

A privacy manual is a useful document for making sure your employees comply with your business’ privacy obligations. It informs them of what they need to do and how they should deal with personal data. Some countries’ personal data laws require a privacy manual, so you should develop one if you deal in international business.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards