Data-Privacy.png

Top 7 Facts About the Privacy Act (NZ)

With the new Privacy Act around the corner for New Zealand, what are some of the Top things you need to be aware of?

Monday 21st October 2019

65% of New Zealanders are concerned to a significant extent about their individual privacy and of those, 80% are concerned about the security of their personal information on the internet and 78% concerned about businesses sharing people's information without permission - we are required to be diligent and upfront with how we care for the data we collect and store. *1

When you collect and make decisions about data, regardless of the size of your organisation, you become the controller of that data and therefore have obligations to adhere to the privacy act. This post highlights the most obvious points that we all should be considering.


COLLECTING INFORMATION

1. Only Collect What You Need

It is vital to consider each piece of data you collect to determine if you actually need to collect it. e.g. do you really need a person's gender or the fact that they volunteered with another organisation at some point? Remember that you are responsible for each new piece of data you collect.

2. Tell People What You Are Doing

At the point of collection - be that electronically on a form, or verbally; you need to be clear with the owner of that information why you are collecting it and how and where you are storing it. Its most important to be upfront about how you are going to use it, this may be sending a regular newsletter, or more complex purposes such as providing care for their needs whilst they are part of your community.


HOLDING INFORMATION

3. Store It Securely

This is primarily your software’s problem if they are a software provider such as infoodle, but you have a responsibility to take precautions too such as keeping your password safe, use Two Factor Authentication (or multi factor authentication) *3 in case your login details have been compromised in some way. If you use desktop solutions such as Excel - you are totally responsible.

4. Give People Access To What You Hold

This for the most part is ok - you have no reason not to withhold this information from the data owner - but its an important consideration if you hold more personal information such as counselling notes or any personal preferences. There are some caveats in the law which can be used to get around disclosing this data but its not that clear cut to be confident of those caveats. It's also a reminder not to ‘derive’ information from other sources, it's always best to get it directly from the person themselves.


USING INFORMATION

5. Make Sure It Is Accurate

This is in your interest as well!

6. Use It For The Reason You Obtained It

This refers back to the ‘collecting’ information step too. If you tell people you only collected their data to send them a newsletter - dont send them anything else!


PRIVACY OFFICER

7. Make Sure You Have One!

For every data collection exercise you do in particular, you need to consider the privacy act - and having a point person who has knowledge of and takes responsibility for compliance is really helpful.


Changes to the New Zealand Privacy Act *2

Changes working through parliament and scheduled for 1st March 2020 currently seem to be nothing too onerous. Most of the clause changes seem to be ‘beefing’ up the powers, fines and Commissioners powers for the most part. Perhaps the most notable strengthening is around sharing data with overseas agencies.

New Zealand agencies will have to take reasonable steps to ensure that personal information sent overseas is protected by acceptable privacy standards. The Bill also clarifies that when a New Zealand agency engages an overseas service provider, it will have to comply with New Zealand privacy laws.

Many services used by New Zealand companies are performed by overseas agencies, its an important compliance check that must be done by your Privacy Officer!

As a footnote - this represents our reading of the legislation - but we are not lawyers! Please undertake your own review and get legal advice where necessary - but regardless - we all need to take data privacy seriously!



Footnotes (references)

*1 https://www.marketing.org.nz/data-privacy
*2 https://www.justice.govt.nz/justice-sector-policy/key-initiatives/privacy/
*3 https://help.infoodle.com/help/people/2-factor-authentication