A new privacy act means you need to act on 1 December 2020, New Zealand’s updated Privacy Act comes into force.  Here’s what you need to know to prepare for the changes.

The world in 2020 is almost unrecognisable when compared to 1993 when the first Privacy Act was
passed. 

The Privacy Act 2020 significantly modernises New Zealand’s privacy law and recognises the enormous technological advances of the past 27 years.   The new Act, like its predecessor, is based on information privacy principles that set broad standards around how organisations can collect, use, store and share people’s personal information. There are new criminal offences and new fines. Some behaviour which has been optional will now become mandatory.  The updated Act gives the Privacy Commissioner additional powers including:

  • The ability to issue compliance notices to compel organisations to do something – or stop doing something.
  • The power to direct organisations to give individuals access to their personal information.  
    New Zealand’s many small and medium business owners need to get up to speed with the changes.

WHAT YOU NEED TO KNOW
If a business is issued with a compliance notice, it will have the opportunity to respond before it is finalised. Once finalised, the
business can still appeal to the Human Rights Review Tribunal.  If the business loses its appeal and does not comply, or does not comply and does not appeal, it can be fined up to $10,000.
Because the new Act now incorporates criminal offences – with potential fines of up to $10,000 – businesses will take on more
financial risk when dealing with personal information. The following behaviours are offences under the new Act:
• Failing to comply with a compliance order from the Privacy
  Commissioner.
• Misleading an agency to get someone else’s personal information.
• Destroying someone’s personal information when they ask for it.
• Failing to alert the Privacy Commissioner about a serious privacy
  breach.