legal questions
Is it necessary for our business to have a privacy policy for our website as well as a separate policy for our employees?
Yes, we'd typically recommend that you have a privacy policy for your website, and a separate internal privacy 'manual' for employees.
Website Privacy Policy: The Online Standard
The Privacy Act 2020 mandates that organizations that deal with personal information must have a transparent and accessible privacy policy. This policy should detail how your firm collects, uses, stores, and discloses personal information (Privacy Act 2020 - Principle 1). Specifically, it should address:
- The types of personal information collected
- The purposes of collection
- How the information is collected and held
- The ways in which the information is used and disclosed
- The process for an individual to access and correct their personal information
- How an individual may complain about a breach of the Privacy Principles and how the complaint will be handled
- Whether the personal information is likely to be disclosed to overseas recipients
Creating this document is not only a compliance measure but also a trust-building tool that assures your clients and site visitors that their data is handled with the utmost care and respect.
Employee Privacy Manual: A Dual-Purpose Guide
For internal purposes, an employee privacy manual should exist as a distinct document. This internal policy should elaborate on how your firm processes and safeguards the personal and sensitive information of your employees in line with the Privacy Principles and the Employment Relations Act 2000, ensuring workplace rights and privacy are respected.
Additionally, this manual must provide explicit guidance to your employees regarding the handling of client information. This should cover:
- Secure handling and processing of client information
- Access controls and authorizations
- Protocols for the storage, transfer, and destruction of sensitive data
- Obligations under the Privacy Act 2020 and other relevant legislation like the Harmful Digital Communications Act 2015
- Employee training programs on privacy and data security
- Reporting structures for potential privacy issues or breaches
- Regular updates in line with changes in privacy law and technology
By instituting a comprehensive privacy policy for your website and a detailed internal privacy manual for your employees, you affirm your firm’s commitment to protecting personal information, thereby reinforcing your reputation and compliance with New Zealand law.
Both documents should be living documents, subject to regular review and updates to reflect changes in legislation, such as amendments to the Privacy Act or new rulings related to data protection and employee rights.
Ensuring these policies are well-documented, accessible, and communicated will help maintain transparency with your clients, fulfill legal obligations, and safeguard your firm’s integrity in the handling of sensitive data.
Need Legal Help?
Ask Us!
Enter your details to get started
* Proceeding confirms you agree to our Privacy Policy