The way we live and work has changed vastly since the Privacy Act was first enacted in 1993. Today we can do almost anything online and our data is collected by organisations in New Zealand and around the world. While the core framework of the Privacy Act 1993 has been retained, the new Act has been modernised to reflect wider societal changes and to ensure it is fit for the technological world in which we live.
One of the most-widely discussed changes for most organisations (referred to as ‘agencies’ in the legislation) will be the requirement to report on serious privacy breaches. Under the new Act, any organisation that suffers a privacy breach will be required to notify the Privacy Commissioner and affected individuals. Failure to report notifiable privacy breaches will carry a fine of up to NZ$10,000.
A privacy breach will be notifiable if it is reasonable to believe that the breach has caused serious harm to affected individuals, or is likely to do so. While the new Act does not explicitly define what ‘serious harm’ is, guidelines are provided to help businesses make this assessment. Initially, this may result in over-notification from some organisations while they develop an understanding of what constitutes ‘serious harm’. Conversely, some organisations may be reluctant to report privacy breaches unless it is very clear that serious harm has occurred.
Other important changes include the introduction of compliance orders, criminal offences and fines for non-compliance, and new controls on disclosing information overseas. Yet the new Act does not go as far as other highly-publicised data protection laws such as the EU’s GDPR. Individuals do not have the same rights as data subjects in other countries, such as the ‘right to be forgotten’ or the right to data portability, and the fines for non-compliance are comparatively low.
Key changes in the Privacy Act 2020:
We can help you ensure that your systems and processes comply with the new Act. Please contact us to find out more.
Mike is a Partner with over 25 years’ experience and is on the Board of Nexia New Zealand. He is passionate about working with clients to make better business decisions in a world where information and knowledge are key.
He specialises in advising for the primary sector, manufacturing, preschools, property and exporting.
His accounting experience includes operating outsourced virtual controller roles for businesses, until such time as they grow in size to take on someone internally.
p 03 379 0829
November 27, 2020