Changes to the Privacy Act are coming. If you collect, store or use personal information about your employees and/or customers, here’s what you need to know.
What you need to know:
When: The Privacy Bill is making its way through Parliament and will most likely become law before the end of 2019.
What: Privacy changes include the following:
Enquiry form (external link) — Office of the Privacy Commissioner
Who: All businesses that collect, store and use personal information about their employees and/or customers.
Why: The Government is updating New Zealand’s Privacy Act 1993 to make sure personal information is kept safe and secure in line with new technology and ways of doing business.
What you need to do:
Talk to your staff about what to do in the event of a serious data breach. Work through various scenarios together so everyone is aware of the steps they should take.
Data breaches - Office of the Privacy Commissioner
60 per cent of complaints to the Office of the Privacy Commissioner are from people denied access to their information. If a customer or employee requests their information, you are required to respond to that request within 20 working days. Make sure you have a process in place to handle customer requests for information held about them if, and when, they are made.
Make sure you hold and use personal information in a safe and secure way and dispose of it securely when you have finished with it.
If you use an overseas-based service provider, like cloud software, ask the provider how they’re meeting New Zealand privacy laws.
Appoint a privacy officer. Every business should have a privacy officer, according to the Privacy Act. This is someone who has a general understanding of the Act and can deal with privacy issues when they arise.
What is privacy officer? - Office of the Privacy Commissioner.
Review your privacy statement and make sure it’s up to date. If you don’t have one, the Office of the Privacy Commissioner has a free tool to help you create a privacy statement that tells people how you will be collecting, using and disclosing their information.
Priv-o-matic - Office of the Privacy Commissioner.
The Office of the Privacy Commissioner has online learning modules that you and your staff can go through to become more familiar your legal privacy responsibilities. The Privacy ABC and Privacy 101 modules are quick and easy introductions to the Privacy Act.
eLearning - Office of the Privacy Commissioner.