Privacy Act 2020 – Are you ready?
By: Bethany Entwistle
Published: 13/07/2020
New Zealand’s highly anticipated Privacy Act will commence on 1 December 2020, replacing the Privacy Act 1993.

The new Act aims to modernise New Zealand’s privacy law framework, in accordance with international laws such as the European General Data Protection Regulation 2018.  While much of the content of the current Act will remain, there are some significant changes that you and your organisation should be aware of. 

A key change is the mandatory requirement to notify the New Zealand Privacy Commissioner and the individual affected where a privacy breach poses a risk of serious harm to that individual.  A privacy breach is:
  • Any unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information; or
  • An action that prevents the agency from accessing the information on either a temporary or permanent basis.
When assessing whether a privacy breach is likely to cause serious harm and therefore required to be notified, the organisation must consider the following, inter alia:
  • Any action taken to reduce the risk of harm following the breach;
  • Whether the personal information is sensitive in nature;
  • The nature of the harm that may be caused to affected individuals;
  • The person or body that has obtained or may obtain personal information as a result of the breach (if known); and
  • Whether the personal information is protected by a security measure.

Failure to notify without reasonable excuse is an offence and could result in a fine of up to $10,000. Importantly, it is not a defence that steps have been taken to address the privacy breach, or that the organisation did not consider the privacy breach to be a notifiable privacy breach.

Other notable changes under the Act include:
  • The scope of the Act.  The Act will apply to both New Zealand and overseas organisations. However, this is only in respect of information collected in the course of carrying on business in New Zealand.
  • Restrictions on disclosure overseas.  Before disclosing New Zealanders’ personal information overseas, New Zealand organisations will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
  • Introduction of new criminal offences.  It will be an offence to mislead an organisation in a way that affects someone’s personal information or to destroy personal information if a request has been made for it (the maximum fine for these offences is $10,000).
  • Compliance orders.  The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result in a fine of up to $10,000.
Now is the time to review your company’s privacy policy, practices and reporting processes.  If you need assistance, the experienced team at Wynn Williams are here to help.
 
Download article in PDF format



Enter security code:
 Security code

Wynn Williams Christchurch
Level 5, Wynn Williams House, 47 Hereford Street, Christchurch 8013, New Zealand.
PO Box 4341, DX WX11179, Christchurch 8140.
+64 3 379 7622
+64 3 379 2467
Wynn Williams Auckland
Level 25, Vero Centre, 48 Shortland Street, Auckland 1010, New Zealand.
PO Box 2401, Shortland Street, Auckland 1140.
+64 9 300 2600
+64 9 300 2609
Top

This page is best viewed in an up-to-date web browser with stylesheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so. The latest version of Firefox, Safari or Google Chrome will work best if you're after a new browser.