sb-nz logo
Story image

Privacy Act to roll out in December as Kiwis support stronger privacy laws

30 Jun 2020

The Privacy Bill has passed its third and final reading in Parliament this month, with only the Royal Assent process remaining before it becomes passed into law.

The new Privacy Act is expected to take effect from 1 December 2020, according to the Office of the Privacy Commissioner.

The Privacy Act will replace the 1993 legislation and brings the concept of privacy into the modern, digital age.

“The new Privacy Act provides a modernised framework to better protect New Zealanders’ privacy rights in today’s environment,” comments Privacy Commissioner John Edwards.

“I am grateful for the cross-party support of Parliament on this issue. It is an endorsement of the significance of privacy as a universal human right that the Bill was passed with the multi-party support of the House.”

The Office of the Privacy Commissioner today released the results of a new survey, titled Concerns and Sharing Data.

Of 1398 polled New Zealanders, 65% are in favour of strong privacy regulation, 29% are happy with the same level of regulation, and 6% prefer less legislation.

New Zealanders are most concerned about unauthorised business sharing of their personal information (75%), while 65% express concern about government agencies doing the same thing.

Other major concerns include theft of banking information (72%), and online security of personal information (72%). Additionally, 41% are concerned about how CCTV and facial recognition technology is used.

The majority (81%) of respondents say they are aware of the Privacy Act – however, those who are younger and of Māori and Pasifika descent are less likely to be aware of it.

The Office of the Privacy Commissioner notes that the New Privacy Act includes key reforms, such as:

  • Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
  • Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
  • Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
  • Controls on the disclosure of information overseas. Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
  • New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it.  The maximum fine for these offences is $10,000.
  • Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.

Read our previous coverage on the Privacy Bill below.

Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More