The updated Privacy Act 2020 comes into force on 1 December 2020. This is an update to the previous Privacy Act 1993, which provided the principals on how organisations need to treat the Personal Information that they collect, store and use.
It is important that everyone in the organisation knows what is expected of them when dealing with other people’s personal information, from staff and volunteers who may be collecting and entering data, to directors and trustees who need to ensure the IT systems in place are robust and secure. The organisation needs to have appropriate policies and procedures in place, so that any information is safe, secure and used appropriately.
Some of the updates to the Act include; mandatory breach notifications, where you must notify both the privacy commissioner and the affected party if you have a data breach; compliance notices able to be issued by the Privacy Commissioner to require organisations to comply with the Act; and penalties and fines for acting improperly with collecting or using personal information. There are also added levels of international protection, with overseas companies that do business in New Zealand now specifically having to comply with our Act, and New Zealand organisations only being allowed to disclose information to overseas organisations if they have similar levels of protection to ours.
For information sheets from the Privacy Commissioner about the main changes in the Privacy Act 2020, click here: Office of the Privacy Commissioner | Privacy explained: Privacy Act 2020 information sheets
You can attend our webinar on this issue on Thursday 28 January at 10am.