sb-nz logo
Story image

Privacy Act to roll out in December as Kiwis support stronger privacy laws

30 Jun 2020

The Privacy Bill has passed its third and final reading in Parliament this month, with only the Royal Assent process remaining before it becomes passed into law.

The new Privacy Act is expected to take effect from 1 December 2020, according to the Office of the Privacy Commissioner.

The Privacy Act will replace the 1993 legislation and brings the concept of privacy into the modern, digital age.

“The new Privacy Act provides a modernised framework to better protect New Zealanders’ privacy rights in today’s environment,” comments Privacy Commissioner John Edwards.

“I am grateful for the cross-party support of Parliament on this issue. It is an endorsement of the significance of privacy as a universal human right that the Bill was passed with the multi-party support of the House.”

The Office of the Privacy Commissioner today released the results of a new survey, titled Concerns and Sharing Data.

Of 1398 polled New Zealanders, 65% are in favour of strong privacy regulation, 29% are happy with the same level of regulation, and 6% prefer less legislation.

New Zealanders are most concerned about unauthorised business sharing of their personal information (75%), while 65% express concern about government agencies doing the same thing.

Other major concerns include theft of banking information (72%), and online security of personal information (72%). Additionally, 41% are concerned about how CCTV and facial recognition technology is used.

The majority (81%) of respondents say they are aware of the Privacy Act – however, those who are younger and of Māori and Pasifika descent are less likely to be aware of it.

The Office of the Privacy Commissioner notes that the New Privacy Act includes key reforms, such as:

  • Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
  • Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
  • Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
  • Controls on the disclosure of information overseas. Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
  • New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it.  The maximum fine for these offences is $10,000.
  • Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.

Read our previous coverage on the Privacy Bill below.

Story image
BYOD security in remote work era still riddled with issues
Bitglass’ 2020 BYOD Report suggests that BYOD and personal device security in organisations still leave much to be desired, even as more organisations adopt flexible BYOD arrangements.More
Story image
Not enough being done to combat email fraud in A/NZ - report
New research from SMX has revealed neither private companies nor government agencies have done enough to stamp out phishing and spoofing campaigns throughout Australia and New Zealand.More
Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More
Story image
Fortinet: Distributed networks driving enterprises towards consistent security
Jon McGettigan, Fortinet A/NZ Regional Director, explains how consistent security services can protect and help manage distributed networks.More
Story image
Report: Brute-force attacks feed on remote working vulnerabilities
A new report from ESET has detailed the extent to which attackers employ brute-force tactics to infiltrate remote desktop protocols.More
Story image
Rackspace and Cloudflare join forces for managed edge security
Rackspace and Cloudflare join forces for managed edge security The solution includes a web application firewall, DDoS protection, DNS services and a global content delivery network, backed by 24/7 support.More