sb-nz logo
Story image

Privacy Bill will mandate more transparency in Kiwi businesses - OPC

16 Mar 2020

The Privacy Bill will have an impact on New Zealand businesses, who must now prepare for new regulations around mandatory breach legislation.

The Office of the Privacy Commissioner’s public affairs manager Annabel Fordham says that mandatory privacy breach reporting will mean that businesses will be obligated to notify affected individuals involved, and in some cases, they must notify the Office of the Privacy Commissioner if the data loss could lead to serious harm.

“Privacy is about being transparent and clear with customers and protecting their personal information. It’s about telling people what you’re collecting and what you’re going to do with it,” says Fordham.

She adds that the new legislation aims to let people know when something goes wrong and how they could protect themselves. For example, if credit card information is breached,  people must be aware that they should cancel their credit card. If passwords information is breached, people should change their password.

“Businesses should consider the privacy implications of innovation and try to innovate in ways that are consistent with privacy values. We believe it’s possible to do both,” she adds.

This involves approaching privacy from a risk and a customer service mindset. If businesses ‘tick the box’ in these areas, it will be easier to build privacy and trust for businesses and their customers.

While Fordham understands that businesses often find it difficult to navigate an ever-changing tech landscape, she says the Office of the Privacy Commissioner is working on ways to help businesses conform to and understand privacy laws.

“We’re developing an online breach reporting tool to make it as easy as possible for businesses to comply with their legal requirement of telling the Privacy Commissioner when there is a serious privacy breach,” she explains.

“We also have a privacy statement generator that will enable a business owner to create a suitable privacy statement within a matter of minutes.”

The Office of the Privacy Commissioner and LearningWorks have been working together to provide tools related to data, privacy, and personal information.

“As a partner, we design, develop and support the Office of the Privacy Commissioner’s eLearning and Learning Management System,” says Hutton. “This has enabled the Office to educate and raise awareness to over 25,000 people through their free eLearning,” comments LearningWorks chief executive Sandra Hutton.

Hutton says that businesses need to realise that some tools can create privacy risks.

“Social media, for example, is now commonly and widely used for business marketing. Although this can be a useful tool, it is important to understand how your information is being used, and what risks might be associated with this from a privacy perspective.

“It’s so easy to connect and share that businesses often forget there could be breaches.”

Privacy Commissioner John Edwards recently spoke at TechFest in Hamilton earlier in March. Read our coverage here.

Link image
DevOps teams struggling to achieve enterprise scale - tips for enablement
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More