1. Prepare In Advance
The updated privacy act took effect on December 1st, 2020. You should already have a compliance officer in place.
Hold data securely and dispose of it when you are required to.
2. Schedule Check-In Times
Make sure your systems are working correctly and that you are testing them periodically. You must respond to requests within 20 working days.
Introduction of new criminal offences with penalties for non-compliance are increasing from $2,000 to $10,000.
3. Take a Moment to Understand Why
Strengthening of privacy protection - that includes your own.
Promotion of early intervention and risk management.
Enhancement of the Privacy Commissioner's role.
4. Learn the Basics
The Privacy Commissioner will have the power to 'Name and Shame'.
The Act will have extraterritorial effect meaning overseas entities doing business in New Zealand are subject to the same obligations.
5. Honesty is the Best Policy
Mandatory Breach Reporting: If you have a breach you believe has caused or is likely to cause serious harm, you will be required to notify the people affected and the Privacy Commissioner as soon as possible.
Keep an eye out for the new breach notification tool online.
6. Be Flexible and Transparent
You can be made to provide individuals with access to their personal information.
Access directions will be enforceable in the Human Rights Review Tribunal.
60% of complaints are from people denied access to their information.