Wednesday, 06 December 2023
KaitaiaWhangareiDargavilleAucklandThamesTaurangaHamiltonWhakataneRotoruaTokoroaTe KuitiTaumarunuiTaupoGisborneNew PlymouthNapierHastingsDannevirkeWhanganuiPalmerston NorthLevinParaparaumuMastertonWellingtonMotuekaNelsonBlenheimWestportReeftonKaikouraGreymouthHokitikaChristchurchAshburtonTimaruWanakaOamaruQueenstownDunedinGoreInvercargill
NZ HeraldThe Northern AdvocateThe Northland AgeThe AucklanderWaikato HeraldBay Of Plenty TimesRotorua Daily PostHawke's Bay TodayWhanganui ChronicleThe Stratford PressManawatu GuardianKapiti NewsHorowhenua ChronicleTe Awamutu CourierVivaEat WellOneRoofDRIVEN Car GuideThe CountryPhoto SalesiHeart RadioRestaurant Hub
Voyager 2023 media awards
Subscribe

Advertisement

Advertise with NZME.
Home / Business

Privacy Commissioner offers advice, online tools, as new law looms

Chris Keall
By
Chris Keall
27 Oct, 2020 09:25 PM4 mins to read
Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail
Privacy Commissioner John Edwards. Photo / John Stone

Privacy Commissioner John Edwards. Photo / John Stone

A sweeping update to our privacy laws comes into effect on December 1 - and Privacy Commissioner John Edwards is encouraging organisations to prepare for its tighter rules ASAP.

The commissioner's office is also offering online tools and backgrounders to help grapple with the new legislation.

A key provision of the new Privacy Act 2020 is mandatory data breach disclosure.

From December 1, any organisation that suffers a data breach that could cause serious harm is required to report it to Edwards' office - or face a fine of up to $10,000.

Advertisement

Advertise with NZME.

The commissioner wants people to take a deep breath before picking up the phone.

"If your kindergarten accidentally sends a message to all that reveals your child is gluten-intolerant, I don't want to hear about it," Edwards says.

But what does constitute potential "serious harm"? The Privacy Commissioner has just released a new online tool, NotifyUs, which guides you through a self-assessment Q&A then, if necessary, the online process to report a breach.

Another change from December 1: Principle 12 of the new Privacy Act says New Zealanders should expect comparable privacy protections to those they enjoy under New Zealand's Privacy Act when their information is disclosed and used in a foreign jurisdiction (offshore cloud computing services are not counted as a foreign jurisdiction).

Advertisement

Advertise with NZME.

A practical way for businesses and organisations to comply with the new principle is to adopt contractual safeguards, Edwards says.

"We recommend that you consider using the model contract clauses developed by my office. The model contract clauses are designed to assist agencies to comply with principle 12 and to reduce the compliance burden for agencies."

The model contract clauses are tailored to the requirements of the Privacy Act 2020 and to make it easier to comply with principle 12 – particularly for small and medium-sized businesses. Organisations can modify them to suit their needs or use their own form of contract clauses, so long as the key privacy protections are included.

Download the model contract here for cross-border information transfer here, a step-by-step guide to principle 12 here and the Commissioner's guide to the broader act here.

Related articles

Business

Two veterans depart Chorus as new boss downsizes

28 Oct 04:30 AM
Business

Analyst sees Spark-Sky deal as 'first white flag'

27 Oct 04:43 AM
Business

Why analysts have hiked Infratil's target price

27 Oct 04:20 AM
Business

US, EU, Australia pile into Google - NZ pulls its punches

20 Oct 07:00 PM

Privacy Act key reforms

• Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.

• Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.

• Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.

• Controls on the disclosure of information overseas. Before disclosing New Zealanders' personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.

• New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone's personal information or to destroy personal information if a request has been made for it. The maximum fine for these offences is $10,000.

• Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders' personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.

The act comes into effect on December 1.

Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail

Advertisement

Advertise with NZME.

Latest from Business

Business

Watch live tonight: Deloitte Top 200 awards

05 Dec 05:56 PM
Premium
Business

Claimant spammed after ACC phone number bungle

05 Dec 04:00 PM
Premium
Business

Public service cutbacks: The Kiwi startup framed as David Seymour-friendly

05 Dec 04:00 PM
Premium
Business

Proposed mortgage rules unlikely to have much bite - for now

05 Dec 04:00 PM

How to make a win-win-win from waste

sponsored

Advertisement

Advertise with NZME.

Latest from Business

Watch live tonight: Deloitte Top 200 awards

Watch live tonight: Deloitte Top 200 awards

05 Dec 05:56 PM

New Zealand's most prestigious business awards live.

Premium
Claimant spammed after ACC phone number bungle

Claimant spammed after ACC phone number bungle

05 Dec 04:00 PM
Premium
Public service cutbacks: The Kiwi startup framed as David Seymour-friendly

Public service cutbacks: The Kiwi startup framed as David Seymour-friendly

05 Dec 04:00 PM
Premium
Proposed mortgage rules unlikely to have much bite - for now

Proposed mortgage rules unlikely to have much bite - for now

05 Dec 04:00 PM
More houses coming
sponsored

More houses coming

About NZMEHelp & SupportContact UsSubscribe to NZ HeraldHouse Rules
Manage Your Print SubscriptionNZ Herald E-EditionAdvertise with NZMEBook Your AdPrivacy Policy
Terms of UseCompetition Terms & ConditionsSubscriptions Terms & Conditions
© Copyright 2023 NZME Publishing Limited
TOP