New Zealand’s highly anticipated new Privacy Act came into force on 1 December 2020, replacing the Privacy Act 1993. The new Act widely applies to both New Zealand agencies and overseas agencies that carry on business in New Zealand.
here are some significant changes under the new Act, including:
A mandatory requirement to report notifiable privacy breaches i.e., those breaches that cause or are likely to cause serious harm.
Strengthening the protection of data disclosed outside of New Zealand by requiring comparable privacy protections to those in New Zealand.
The power of the Commissioner to issue compliance notices to organisations.
The introduction of new criminal offences, with non-compliance punishable by fines of up to $10,000.
The Privacy Commissioner, John Edwards, has advised businesses to treat the new Privacy Act with a high level of seriousness. Accordingly, now is an opportune time to ‘reset’ by reviewing your internal policies, practices and processes to ensure they comply with the new Act and are fit for purpose. Old or outdated policies risk non-compliance (particularly if you disclose information overseas) and can affect how your clients perceive and/or value your business.
At K3, we have recently assisted several clients with bringing their privacy policies up to date. For a fixed rate, our commercial team can help ensure your privacy policies comply with the new Privacy Act and support your digital and data strategies.