New Privacy Act in force
27 November 2020
Make sure you are following the rules of the new Privacy Act, which came into force on 1 December.
The Privacy Act governs the use of personal information in NZ. The new Act replaces the old Act with a few key changes. Significantly, the new Act creates criminal offences for:
- misleading an agency to get or alter someone else's personal information
- destroying someone's personal information when they have asked to access it
- failing to advise the affected person and the Privacy Commissioner about a serious privacy breach
- failing to comply with a compliance order from the Privacy Commissioner.
You can be fined up to $10,000 if you are convicted of any of these offences.
How to comply
1. If you haven't already done so, appoint a Privacy Officer to be responsible for ensuring your business complies with the Privacy Act. You can appoint an external person if you don’t have resources within your business.
2. Ensure you:
- collect information only from the individual concerned
- tell people when you collect their information and what you will use it for
- store it securely
- use it for the purpose/s you collected it for
- disclose it only if you have permission
- have a process for dealing with requests for information.
3. Make sure all staff understand what they are required to do under the Act.
4. Have a plan for what you would do if someone's privacy were breached. If the breach causes or has the potential to cause 'serious harm', you need to notify the person affected and the Privacy Commissioner. You can use the Notify Us tool on the Privacy Commissioner's website to work out if the breach is serious.