sb-nz logo
Story image

Privacy Act to roll out in December as Kiwis support stronger privacy laws

30 Jun 2020

The Privacy Bill has passed its third and final reading in Parliament this month, with only the Royal Assent process remaining before it becomes passed into law.

The new Privacy Act is expected to take effect from 1 December 2020, according to the Office of the Privacy Commissioner.

The Privacy Act will replace the 1993 legislation and brings the concept of privacy into the modern, digital age.

“The new Privacy Act provides a modernised framework to better protect New Zealanders’ privacy rights in today’s environment,” comments Privacy Commissioner John Edwards.

“I am grateful for the cross-party support of Parliament on this issue. It is an endorsement of the significance of privacy as a universal human right that the Bill was passed with the multi-party support of the House.”

The Office of the Privacy Commissioner today released the results of a new survey, titled Concerns and Sharing Data.

Of 1398 polled New Zealanders, 65% are in favour of strong privacy regulation, 29% are happy with the same level of regulation, and 6% prefer less legislation.

New Zealanders are most concerned about unauthorised business sharing of their personal information (75%), while 65% express concern about government agencies doing the same thing.

Other major concerns include theft of banking information (72%), and online security of personal information (72%). Additionally, 41% are concerned about how CCTV and facial recognition technology is used.

The majority (81%) of respondents say they are aware of the Privacy Act – however, those who are younger and of Māori and Pasifika descent are less likely to be aware of it.

The Office of the Privacy Commissioner notes that the New Privacy Act includes key reforms, such as:

  • Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
  • Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
  • Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
  • Controls on the disclosure of information overseas. Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
  • New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it.  The maximum fine for these offences is $10,000.
  • Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.

Read our previous coverage on the Privacy Bill below.

Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More