New Privacy Act Changes Applies from 1 December 2020
There have been changes to New Zealand’s Privacy Act which came into effect on 1 December 2020. Briefly the changes mean businesses must:
- Not destroy personal information if someone asks for information held about themselves,
- Report any serious privacy breaches,
- Check that any personal information shared with overseas companies, will be subject to similar protection to that applying in New Zealand. Does the overseas business meet New Zealand’s privacy requirements?
The Privacy Acts purpose is to keep personal information safe and secure. The changes to the Act reflect changes in technology and the ways business is done both online and offline. Anyone who collects, uses and stores personal information must follow the new and existing rules in the Privacy Act.
Generally you need to:
- Have a general understanding of how the Privacy Act relates to your business,
- Check any personal information you collect (names, contact details, employment records etc.) are collected responsibly and stored safely and securely,
- Make sure any information you collect, you are allowed to legally keep and that the information is only needed for business reasons and only kept while you need it for that reason,
- Make sure any issues or requests for personal information are handled promptly,
- Handle privacy complaints made to your business,
- Report serious privacy breaches to the Privacy Commissioner,
- In most cases appoint a Privacy Officer.