We give out personal information frequently. 

In fact, there’s not a lot we can do without giving away our information. Opening a bank account, signing  a lease, applying for a job, seeking healthcare and even buying something all requires us to give out some kind of personal information. 

It may seem harmless and like a valid exchange in most cases. However, it’s still necessary that when we do give out our personal information, it remains protected so that it cannot be used against us.  

In 2020, New Zealand passed legislation that aims to protect individuals when they come into contact with government agencies and share personal information with them. 

Keep reading to learn more. 

What Is The Privacy Act 2020?

The Privacy Act 2020 determines how New Zealand government agencies are to handle the personal information they receive. 

The Privacy Act provides 13 information privacy principles that give detailed instructions on how information is to be collected, what kind of information is suitable for collection and how it is to be used and stored. 

The principles also set the standard for the flow of information, quality, necessity and anonymity. 

What Are The Information Privacy Principles?

The information privacy principles listed under the Privacy Act are as follows: 

  • Collection 
  • Source of personal information
  • Collection of information from subject
  • Manner of collection of personal information
  • Storage and security of personal information
  • Access to personal information
  • Correction of personal information
  • Accuracy, etc., of personal information to be checked before use
  • Agency not to keep personal information for longer than necessary
  • Limits on use of personal information
  • Limits on disclosure of personal information
  • Use of unique identifiers
  • Disclosure of information outside New Zealand

Each rule talks about what agencies need to do when collecting information. Every rule has an exception, so we recommend getting familiar with them as much as possible to make sure your conduct is within the bounds of the legislation. 

If you’re ever unsure, it’s best to contact a legal professional to gain some clarity. 

Why Is Privacy Important?

The right to privacy is considered to be a basic and fundamental human right. When an individual’s private information falls into the wrong hands, it can have some pretty serious consequences. This can include being used to influence a person’s personal or political decisions, compromising their dignity and risking their security. 

How Can I Comply With New Zealand Privacy Legislation?

The exact ways you comply with privacy laws will depend on your business and it’s exact operations. Commonly, legal documents can be used to not only comply with privacy laws but to also protect your business’s privacy. Things like NDA’s, confidentiality clauses, terms and conditions plus a privacy policy are usually utilised to protect data and comply with privacy laws.

What Is A Privacy Policy And What Should A Privacy Policy Contain?

A Privacy Policy is a legal document that lets users to your website know their information is being collected. It should be clear, easy to read and accessible for all users. 

Generally, your Privacy Policy needs to cover: 

  • The information that will be collected
  • Why the information is being collected
  • The purposes it will be used for
  • How long the information will be kept
  • How it be be stored
  • If the information will be shared with the third party 
  • Contact details if users want access to their private data 

If you need help writing your Privacy Policy, contact us today and our expert legal team will be happy to draw one up for you that is compliant with the relevant legislation. 

If you are not legally required to have a privacy policy, then you can still consider getting one. Being transparent with your customers or clients about what is being done with their information can help you build a more trusting relationship with them. 

How To Build A Strong Cyber Security System

In addition to having a privacy policy, it’s also your duty to take active measures in building a strong cyber security system. This way, if a breach ever occurs and liability is being assessed, it can help to point out that your business did everything reasonably possible to keep all the information secure. 

There are a number of ways you can go about building a strong cyber security system, the method you choose will depend on the kind of data your business collects and the resources available to you. Common ways to secure data security include: 

  • Limiting the amount of people that have access to the data
  • Training all staff in cyber security measures
  • Keeping everything secured and password protected
  • Regularly updating your cyber security systems 

It also helps to be prepared in case a breach does occur. A Data Breach Notification is a set of steps that are put in place in case a breach happens. Having a plan in place can make your response more efficient and aid in resolving the issue quicker. 

International Data Privacy Laws

If your business expands outside of New Zealand, then you will need to be aware of international data privacy laws as well. 

Different regions may have privacy requirements that you will need to adhere to if your business operates in their country as well. For example, if you are thinking of opening your business up to the European audience, then you will need to update your privacy policy (or write a new one) that reflects their General Data Protection Regulation.  

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is the European Union’s version of our privacy principles. When you’re taking a look at the GDPR, you may find similarities to the New Zealand principles, however, there are also some key differences. 

The EU’s requirements for what a privacy policy must contain are a little more comprehensive than the New Zealand ones. Their definitions around what constitutes ‘personal data’ also differs slightly. It’s important to be aware of these differences and adjust your business practices as well as update those legal documents accordingly. 

Our lawyers can draft a GDPR Privacy Policy for your business. 

Key Takeaways

Privacy and data protection are one of your most relevant legal obligations as a business. It’s important to be up to date with them and ensure your business’ practices are in line with the regulations. To summarise what we’ve discussed: 

  • The Privacy Act is legislation that essentially lets organisations know the rules when it comes to handling data
  • Privacy is a fundamental human right
  • There’s a chance you will need to have a privacy policy in place and other legal documents for privacy
  • If your business collects data, then it should also actively aim to have a strong cyber security system 
  • Businesses that operate internationally need to follow the privacy regulations of overseas regions, such as the GDPR  

If you would like a consultation on privacy and data protection, you can reach us at 0800 002 184 or [email protected] for a free, no-obligations chat.

Sapna Goundan
Sapna has completed a Bachelor of Arts/Laws. Since graduating, she's worked primarily in the field of legal research and writing, and she now writes for Sprintlaw.
About Sprintlaw

We're an online legal provider operating in New Zealand, Australia and the UK. Our team services New Zealand companies and works remotely from all around the world.

5.0
(based on Google Reviews)
Do you need legal help?
Get in touch now!

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Services

Privacy Policy

Privacy policies outline how you handle information.
Learn More

Privacy Advice

Understand your legal risks around privacy.
Learn More

Privacy Policy (GDPR)

Ensure your privacy policy is GDPR-compliant.
Learn More

Authority to Act Form

If you're acting in place of another person, you need an Authority to Act Form.
Learn More

Privacy Collection Notice

Collect personal information the right way.
Learn More
Related Articles
How To Update Company Director And Officeholder Details With Companies Office
Posted 23rd April, 2024
How Do You Comply With Business Regulations?
Posted 17th April, 2024
Can Tourists Open A Business In New Zealand?
Posted 30th March, 2024
Can You Run A Business From A Residential Property In New Zealand?
Posted 30th March, 2024
The National Battery Strategy: What Businesses Need To Know
Posted 30th March, 2024
Who Would You Approach For Specialist Legal Advice Specific To Your Business?
Posted 19th March, 2024