Contents
As a small business owner, it is vital that you and your business comply with New Zealand privacy laws. The main thing you need to be aware of is the New Zealand Privacy Principles, which are 13 principles that form the foundation of our privacy framework in New Zealand.
Understanding the New Zealand Privacy Principles can be a bit tricky, so we’ve put together a simple guide for you and your business.
Read on to learn more.
Does Your Business Come Under The Privacy Act 2020?
First, you must determine if your business comes under the Privacy Act 2020 (Privacy Act).
Not all, but some small businesses come under the Privacy Act.
The Office of the Privacy Commissioner (OPC) defines a small business that must comply with the Privacy Act as any business that deals with personal information.
For the purposes of the Privacy Act, dealing with personal information includes:
- Collecting
- Using
- Disclosing
Further, the OPC outlines that regardless of size, the Privacy Act covers any business that is:
- A health service provider
- Trading in personal information
- A contractor that provides services under a contract
- Operating a residential tenancy database
- A credit reporting agency
- A reporting entity for the purposes of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009
- Employee associations registered or recognised under the Employment Relations Act 2000
- A business that conducted protection action ballots
- A business accredited under the Consumer Data Right system
- A business that is related to a business that the Privacy Act covers
- A business prescribed by the Privacy Act regulations
- A business that has opted in to be covered by the Privacy Act
The OPC has a privacy checklist for small businesses. It contains questions to determine whether your business comes under the Privacy Act. It can be found here.
If the Privacy Act does in fact cover your business, it is important to understand your obligations under the New Zealand Privacy Principles.
Complying With The New Zealand Privacy Principles
If your business is covered under the Privacy Act, there are 13 New Zealand Privacy Principles (NZPP) that your business will have to comply with.
It is important to understand each NZPP to ensure that your business is compliant.
Let’s consider each NZPP singularly to best understand your business’ obligations.
NZPP 1: Purpose of collection of personal information
Your business must collect personal information only for a lawful purpose connected with a function or activity of the agency and the collection must be necessary for that purpose.
Personal information can be defined as information about an identifiable individual.
Information is still personal whether or not it is true. Equally, it remains personal information whether it is recorded in a material form or not.
Ensuring the purpose of collection of personal information is clear can be achieved by having transparent procedures when collecting personal information.
If your business must comply with New Zealand Privacy Principles, having a clear and up to date Privacy Policy is a requirement under the Privacy Act.
Ensuring that your Privacy Policy is available at all times (for example, on your website) is a great way to ensure the purpose of collection of personal information is clear.
If you need any more help, reach out to our team for a free, no-obligations chat at [email protected] or 0800 002 184.
Get in touch now!
We'll get back to you within 1 business day.
Top 3 Legal Mistakes
Book in a free consultation with us to discuss your legal needs.