It is important that businesses understand their responsibilities regarding any personal information they hold. According to the Privacy Act 2020, personal information is defined as any recorded information about an identifiable individual.
If you have records that contain information such as name, date of birth, email address, bank account details, financial information, employment history and medical records, you have a responsibility to protect that information from unauthorised access and transmission.
This includes ensuring that staff are aware of their obligations under the Privacy Act 2020 and that they are trained in how to handle personal information safely and securely.
The Privacy Commissioner’s website at www.privacy.org.nz provides guidance on how to handle personal information and what steps businesses should take to protect it.
The website also has a range of resources available for businesses, including guidelines on how to handle personal information, privacy statements for websites, and a privacy breach notification form.
The Privacy Act 2020 sets out the requirements for notifying affected individuals and the Privacy Commissioner of a notifiable privacy breach.
The requirements include notifying the Commissioner as soon as practicable after becoming aware of the breach and notifying affected individuals as soon as practicable after notifying the Commissioner.
There are several new consequences for breaching New Zealand’s privacy laws under the Privacy Act 2020. This includes both criminal liability for the company (and directors if applicable), with fines up to $10,000.
If you breach one or more privacy principles (or equivalent rules under a code of practice), then any individual who has been affected can make a complaint to the Privacy Commissioner to investigate.
Visit elearning.privacy.org.nz for excellent free online learning resources that are short, snappy and practical – and you get a certificate on completion!
Our staff are encouraged to complete these courses so we all can understand our responsibilities regarding the data we hold and have access to. I recommend
they be part of every induction programme.
We provide the digital tools, applications and services to protect your computer systems, networks and digital data but the weakest link is always the human one. Increasingly the bad actors are targeting and probing individuals to gain access. Education is important.
May 8 – 14 is Privacy Week 2023 and there are events planned to provide further education on privacy rights in the digital age.
Check out the Privacy Commissioner’s website and ensure you, your staff and your colleagues are aware of your responsibilities – and your rights.