Did you even know it was changing? Or better yet, do you understand your current privacy obligations?
Privacy has always been an important aspect to consider in business. But, that has never been more true than in our current digital age where we hold far more personal information for our staff and customers than ever before.
The Privacy Act 1993 was introduced with the sole purpose of protecting people. It details how people’s personal information can be collected and stored here in New Zealand.
The legislation states that people’s personal information can only be obtained for lawful purposes. That means, only collect the information that is relevant to your business and is necessary for the service you are providing.
Once personal information is obtained, you have a responsibility to keep it safe and secure for the period that it is needed. It should not be disclosed unnecessarily, and the person should have the absolute right to amend their information for accuracy.
Well, it was simple to adhere to when the regulations came into effect almost 3 decades ago. Now, with the digital world dominating every aspect of our modern lives, it is no surprise that an almost 30-year-old the Privacy Act surrounding personal information needed some amendments!
The ever increasing problem of cyber threats, numerous data breaches from high profile organisations, and international law like the GDPR has highlighted the need for greater focus in this area. So, the update to the Privacy Act makes sure personal information is kept safe even with the use of new technology and new ways of doing business.
The changes impact every business that collects, stores and uses personal information about their employees and/or customers. This includes New Zealand businesses that have overseas team members and use international service providers.
It is your responsibility to ensure that every facet of your business is meeting NZ privacy laws.
The specifics of the Privacy Act
These are the specific aspects that are being updated and your responsibilities regarding those changes.
- Reporting data breaches. Any company that experiences a data breach that is likely to cause harm to the individual’s whose data has been compromised must report this breach to the Privacy Commissioner and the individuals involved. This enables a constant demand for transparency and holds you accountable for your data security.
- International data protection. All businesses will need to ensure any personal data will be protected by security that is comparable to New Zealand privacy laws if it is being transferred offshore. The most common example of this is cloud-based storage or software.
- Beyond the borders. The Privacy Act now has global borders. So, privacy laws relate to anyone carrying out business in New Zealand. That includes both local and overseas companies. Any business that operates in New Zealand is included, even if they don’t have physical premises here or turn a profit.
- Greater power for the Privacy Commissioner. The Privacy Commissioner will now have greater power. They will be able to issue compliance notices that will require a business to do something or to stop doing something. They will also be able to make binding decisions on complaints. The Commissioner also has increased information gathering powers and can shorten the timeframe that an agency has to comply with investigations.
- Criminal offences. New criminal offences are introduced, making it an offence to breach data, destroy documents that contain requested personal information, or releasing data that people are not entitled to see. These new offences will carry a penalty of up to $10,000.
What your business needs to do
Change in law usually triggers a business to check its processes. So, you need to ensure that your business is going to be fully compliant with the original Act and these new amendments. There are several steps you need to take to comply with these changes, and this should be a priority for your business.
Data breaches can be costly from a financial perspective but are also costly to your company’s reputation.
If you are unsure how the amendments will impact your business or how you can ensure you are compliant, then get in touch with the team at EC Credit Control. They have the knowledge and expertise to position your business for safety and security when it comes to protecting the data of your team and customers.