25.05.2020

The new Privacy Act: What will this mean for your Business?

Home / Insights & Opinion / Corporate & Commercial / The new Privacy Act: What will this mean for your Business?

The long awaited reform to New Zealand privacy law is currently making its way through the final stages in Parliament, and is expected to become law on 1 November 2020. The Privacy Bill (which when enacted will become the Privacy Act 2020) will replace the Privacy Act 1993. While large parts of the current Act remain, there are significant changes designed to improve New Zealand organisations’ privacy compliance. Now is a good time to consider whether changes are required to your privacy policy and employment agreements to ensure you do not incur the wrath of the Office of the Privacy Commissioner.

Key changes

The Privacy Act 2020 will introduce some important changes. The key changes include:

  • A mandatory requirement for businesses to report serious breaches of privacy that pose a risk of harm, loss, or damage to the individual to the Privacy Commissioner (this requirement follows the position of the Australian and European Privacy Laws);
  • Strengthening cross-border data protection by requiring New Zealand agencies to ensure that all personal information shared with an overseas entity is protected;
  • Extension of the Privacy Act to all agencies carrying out business in New Zealand (whether they have a physical presence in New Zealand or not);
  • Introduction of new criminal offences with a fine of up to $10,000 if a business misleads an agency or attempts to destroy documents with personal information; and
  • Strengthening the Privacy Commissioner’s power to gather information from an agency by reducing timeframes and increasing penalties from $2,000 to $10,000.

Stronger enforcement and compliance

The Privacy Act 2020 will introduce a number of new enforcement and compliance provisions that will give the Privacy Commissioner greater power to ensure that the statute is adhered to.

Importantly, the Privacy Commissioner will have the power to serve businesses with compliance notices in response to a breach of the Act, and to instruct the business to release personal information held by that business to the affected individual. The Privacy Commissioner will be assisted by the Human Rights Review Tribunal to enforce compliance notices. If the business fails to report a privacy breach to the Privacy Commissioner, it could face a fine of up to $10,000 (being a notable increase from the previous $2,000 maximum limit). While the new Act does raise the penalty amount, the regime is considered to be at a low level compared to other jurisdictions’ regimes, such as Canada (where the penalty for not reporting a privacy breach could be as high as NZ$120,000 or even higher in some cases).

Another important change is the strengthening of the Privacy Commissioner’s power to carry out investigations into breaches of privacy complaints by having shorter time frames in place within which a business is required to respond and provide the requested information. Where a business fails to provide the requested information, it could be liable to a fine of $10,000.

Advice for businesses and agencies

Overall, the changes that the Privacy Act 2020 introduces are likely to have an impact on the operation of your business. While the Act is not yet in force, it is important that your business starts taking preparatory steps to ensure that its privacy policies and employment agreements are up to date. As a preliminary step, we recommend that you:

  • Review your privacy policy and employment agreement to see if it complies with the Act (this includes reviewing your business’s privacy statement and making changes where necessary); and
  • Check your current systems to ensure that all personal information is held safely and securely (this includes employee, employer, and any customer or other third-party information that is held by your organisation).

Businesses should view privacy protection as a cultural norm. If you have any questions or want to discuss how the new Privacy Act 2020 is likely to impact your business, please contact one of the members of our Employment Law Team.

Disclaimer:  The information contained in this article is current at the date of publishing and is of a general nature.  It should be used as a guide only and not as a substitute for obtaining legal advice.  Specific legal advice should be sought where required.

 

SHARE
Print
Do you need expert legal advice?
Contact the expert team at Hesketh Henry.
Kerry
Media contact - Kerry Browne
Please contact Kerry with any media enquiries and with any questions related to marketing or sponsorships on +64 9 375 8747 or via email.
Do you need expert legal advice?
Contact the expert team at Hesketh Henry.
Topics
Written By
Jim
Jim Roberts
Sign up for our
Employment News eZine
ezine

Related Articles / Insights & Opinion

Flooded car
Flooding due to overland flow paths and damaged drainage
Persistent heavy rainfall across the country often results in damage to property due to flooding caused by overland flow paths and defective drainage.  But who is responsible for the cost of the dama...
17.06.2025 Posted in Climate Change & Property
Understanding Indirect Privacy Notification: What you need to know
The Privacy Amendment Bill (the Bill), if passed into law, will require agencies to notify individuals when their personal information is collected from a source other than the individual themselves, ...
16.06.2025 Posted in Corporate & Commercial & Employment
iStock Succession Plan medium
Family Ties: Intra-Family Succession and Exit Planning
As the second instalment in a series of articles looking at the generational wealth transition and its impacts on business succession in New Zealand, Ben Hickson (partner, Corporate & Commercial...
16.06.2025 Posted in Corporate & Commercial & Private Wealth
Employment law at a glance – June 2025
If you are anything like us, you will be shocked to realise that we are halfway into 2025. As time has been marching on, so too have employment law developments – and there have certainly been quite...
05.06.2025 Posted in Employment
HH Pg Forrest uncropped
ETS Update: Climate Change Commission recommends minor tweaks to ETS Settings
Last month, He Pou a Rangi Climate Change Commission (the Commission) released its annual advice to the Government on the Emissions Trading Scheme (ETS) settings for the period 2026 to 2030 (Advice)....
09.05.2025 Posted in Climate Change & Corporate & Commercial & Forestry
HS Scrabble Med Crop Vignette
Health and safety learnings for landowners following latest Whakaari decision
The leasing and subleasing of land, buildings and infrastructure is commonplace in New Zealand business and commerce, but what happens when something goes wrong? Do landowners have health and safety o...
08.05.2025 Posted in Health & Safety
Navigating Settlor Intentions in Trust Restructures – Legler v Formannoij [2024] NZSC 173
In Legler v Formannoij the surviving widow Marina Formannoij, was forced to navigate the complexities of two trusts that were part of her late husband Ricco Legler’s estate plan: the Kaahu Trust (wh...
08.05.2025 Posted in Private Wealth
BROWSE ALL
Insights & Opinion
Our Affiliations
German New Zealand Chamber of Commerce Advoc law link gala logo juraforum
Website by Scratch
SEND AN ENQUIRY
Send us an enquiry

For expert legal advice, please complete the form below or call us on (09) 375 8700.

Contact Us +64 9 375 8700 +64 9 309 4494 lawyers@heskethhenry.co.nz