top of page

Get ready for upcoming privacy law changes

Updated: Oct 9, 2020

Changes to the Privacy Act are coming. If you collect, store or use personal information about your employees and/or customers, here’s what you need to do. (Excerpt from

What you need to know

When: The Privacy Bill is making its way through Parliament and will most likely become law before the end of 2019.

What: Privacy changes include the following:

Businesses will need to report serious privacy breaches. For example, if you experience a data breach that poses a risk of harm (eg leaked personal information is used in identity theft or published online), you must notify the people affected. Also, you must notify the Office of the Privacy Commissioner either by email, phone or using their online enquiry form.

Enquiry form - Office of the Privacy Commissioner

If someone requests personal information held by a business, the business cannot destroy the information in order to avoid providing it.Kiwi businesses using service providers based overseas, like cloud software, will need to make sure their providers are meeting New Zealand privacy laws.

Who: All businesses that collect, store and use personal information about their employees and/or customers.

Why: The Government is updating New Zealand’s Privacy Act 1993 to make sure personal information is kept safe and secure in line with new technology and ways of doing business.

What you need to do

Talk to your staff about what to do in the event of a serious data breach. Work through various scenarios together so everyone is aware of the steps they should take.

Enquiry form - Office of the Privacy Commissioner

60 per cent of complaints to the Office of the Privacy Commissioner are from people denied access to their information. If a customer or employee requests their information, you are required to respond to that request within 20 working days. Make sure you have a process in place to handle customer requests for information held about them if, and when, they are made.Make sure you hold and use personal information in a safe and secure way and dispose of it securely when you have finished with it.If you use an overseas-based service provider, like cloud software, ask the provider how they’re meeting New Zealand privacy laws.Appoint a privacy officer. Every business should have a privacy officer, according to the Privacy Act. This is someone who has a general understanding of the Act and can deal with privacy issues when they arise.

What is a privacy officer? — Office of the Privacy Commissioner

Review your privacy statement and make sure it’s up to date. If you don’t have one, the Office of the Privacy Commissioner has a free tool to help you create a privacy statement that tells people how you will be collecting, using and disclosing their information.

Priv-o-matic — Office of the Privacy Commissioner

The Office of the Privacy Commissioner has online learning modules that you and your staff can go through to become more familiar your legal privacy responsibilities. The Privacy ABC and Privacy 101 modules are quick and easy introductions to the Privacy Act.

eLearning — Office of the Privacy Commissioner

At Grace Team Accounting | Tauranga Accountants we want you to have all the correct information at your fingertips. Check out our Business Toolbox Resource hub for other insightful resource and a library of information

7 views0 comments


bottom of page