SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Privacy Bill will mandate more transparency in Kiwi businesses - OPC
Mon, 16th Mar 2020
FYI, this story is more than a year old

The Privacy Bill will have an impact on New Zealand businesses, who must now prepare for new regulations around mandatory breach legislation.

The Office of the Privacy Commissioner's public affairs manager Annabel Fordham says that mandatory privacy breach reporting will mean that businesses will be obligated to notify affected individuals involved, and in some cases, they must notify the Office of the Privacy Commissioner if the data loss could lead to serious harm.

“Privacy is about being transparent and clear with customers and protecting their personal information. It's about telling people what you're collecting and what you're going to do with it,” says Fordham.

She adds that the new legislation aims to let people know when something goes wrong and how they could protect themselves. For example, if credit card information is breached,  people must be aware that they should cancel their credit card. If passwords information is breached, people should change their password.

“Businesses should consider the privacy implications of innovation and try to innovate in ways that are consistent with privacy values. We believe it's possible to do both,” she adds.

This involves approaching privacy from a risk and a customer service mindset. If businesses ‘tick the box' in these areas, it will be easier to build privacy and trust for businesses and their customers.

While Fordham understands that businesses often find it difficult to navigate an ever-changing tech landscape, she says the Office of the Privacy Commissioner is working on ways to help businesses conform to and understand privacy laws.

“We're developing an online breach reporting tool to make it as easy as possible for businesses to comply with their legal requirement of telling the Privacy Commissioner when there is a serious privacy breach,” she explains.

“We also have a privacy statement generator that will enable a business owner to create a suitable privacy statement within a matter of minutes.

The Office of the Privacy Commissioner and LearningWorks have been working together to provide tools related to data, privacy, and personal information.

“As a partner, we design, develop and support the Office of the Privacy Commissioner's eLearning and Learning Management System,” says Hutton. “This has enabled the Office to educate and raise awareness to over 25,000 people through their free eLearning,” comments LearningWorks chief executive Sandra Hutton.

Hutton says that businesses need to realise that some tools can create privacy risks.

“Social media, for example, is now commonly and widely used for business marketing. Although this can be a useful tool, it is important to understand how your information is being used, and what risks might be associated with this from a privacy perspective.

“It's so easy to connect and share that businesses often forget there could be breaches.

Privacy Commissioner John Edwards recently spoke at TechFest in Hamilton earlier in March. Read our coverage here.