The highly anticipated Privacy Bill was introduced to Parliament in March 2018 (the Bill) and is due to come into effect in July 2019. It will replace the Privacy Act 1993 and aims to modernise New Zealand’s privacy law framework, in accordance with international laws such as the European General Data Protection Regulation 2018.
While much of the content of the current Act will remain, there are some significant changes that you and your company should be aware of. A key change is the mandatory requirement to notify a privacy breach to the New Zealand Privacy Commissioner and the individual affected.
In order to comply with the new requirements, your company may be required to update its policy, practices and procedures. Being able to answer the following questions whilst reviewing your current policy will help you be compliant:
- Does your company know what constitutes ‘personal information’?
- Does your company know what a “privacy breach” is?
- Are all staff able to identify a privacy breach?
- Does your company keep detailed records of where information is stored, how it is stored and who has access to it?
- Does your company have adequate security systems in place?
- Does your company have an adequate reporting process in place in the event of a privacy breach?
- Does your company have an adequate and accessible complaints procedure?
- Does your company have a Privacy Officer?
- Are your company’s internal and external privacy policies up to date?
- Has your company sought undertakings from its third-party data processors in respect of their privacy obligations?
Failure to comply with the new privacy laws could result in a fine of up to $10,000. Individuals may also have recourse to the Human Rights Tribunal for damages based on an interference with their privacy.
If you would like to receive newsletters on relevant areas of law, please click here
Bethany Entwistle, Solicitor
+64 3 379 7622