• Facebook
  • Twitter
  • Youtube
  • LinkedIn
Parry Field Lawyers
  • Home
  • Our People
  • Services
    • Property
      • Residential
      • Construction
      • Subdivisions
      • Commercial
      • Leasing
    • Advisory
      • Sale & Purchases
      • Financing
      • Governance
      • Technology/IT
      • Capital Raising
      • Employment
    • Disputes
      • Court, Tribunals and Arbitrations
      • Estates & Wills
      • Divorce & Separation
      • Insurance
      • Employment
      • Family
      • Company & Shareholding
      • Debt Collection
      • Construction
    • Trusts & Asset Planning
      • Wills & Enduring Powers of Attorney
      • Estates
      • Succession Planning
    • Charities/Social Enterprises
      • Not for Profits
      • Churches
      • Sports Groups
      • Social Enterprises
      • Impact Investing
      • Community Groups
    • Immigration
      • Work Visas
      • Family Visas
      • Skilled Migrants
      • Business and Investment Visas
      • Potentially Prejudicial Information
      • Employer Assistance
      • Overseas Investment
  • Resources
    • Guides
      • Charities In New Zealand
      • Guide to “Doing Business In New Zealand” Second Edition
      • COVID-19 Legal Handbook
      • Buying & Selling Property
      • Death & Estates
      • Family Trusts
      • Churches Handbook
      • Start Ups Legal Toolkit
      • Social Enterprises in New Zealand Handbook
    • Articles
      • Charities in New Zealand
      • Guide to “Doing Business In New Zealand” Second Edition
      • Trustee Liabilities for Injuries: What is Covered?
      • Tomorrow’s Board Diversity: The Role of Creatives
      • Charting the Future: A framework for thinking about change
      • Resources for COVID-19 Related Issues
      • The new Finance Guarantee Scheme: Could it help your business during Covid-19?
      • COVID-19: Paying your employees
      • COVID-19: Key Legal Issues for Charities
      • Making Employees Redundant – The Importance of the “Why”
    • Templates
      • Terms and Conditions
      • Terms and Conditions Including Software
      • Non-Disclosure Agreement – Two Way
      • Independent Contractors Agreement
      • Shareholders’ Resolutions – Written resolution
      • Share Transfer
      • Incorporation – First Shareholder Resolutions
      • Incorporation – First Directors’ Resolutions
      • Non-Disclosure Agreement – One Way
    • Videos
      • COVID-19 and Commercial Leases
      • Force Majeure” clauses in Contracts and COVID-19
      • Buying your first home: Key issues (a practical guide from a first home buyer)
      • Property sale and purchases and COVID-19
      • Seeds Podcast
  • Careers
  • About
  • Contact
  • Search
  • Menu Menu

Breaches of Privacy and the new Privacy Act 2020: What are your obligations

Business

On 1 December 2020, the new Privacy Act comes into force. One of the significant changes is the requirement to report serious breaches to the Privacy Commissioner and the affected individuals.

What is a privacy breach?

A privacy breach is defined as:

1. unauthorised or accidental access to, or disclosure, alteration, loss or destruction of, the personal information; or
2. an action that prevents the agency from accessing the information on either a temporary or permanent basis.

When do I have to report a privacy breach?

A privacy breach becomes notifiable when it is reasonable to believe that the breach has caused serious harm to those affected, or is likely to do so.

How do I assess whether a privacy breach will cause serious harm?

When assessing the seriousness of a privacy breach, you will need to consider the following:

• any action you have taken to reduce the risk of harm following the breach;
• whether the personal information is sensitive in nature (e.g. financial/health information);
• the nature of the harm that may be caused to affected individuals;
• who obtained or may obtain personal information as a result of the breach (if known);
• whether the personal information is protected by a security measure (e.g. was the information encrypted?); and
• any other relevant matters.

How do I report the privacy breach?

As soon as practicable after becoming aware of the privacy breach, you must notify the Privacy Commissioner. You can do so at the Privacy Commissioner’s ‘NotifyUs’ page here.

You must also notify the affected individuals as soon as practicable after becoming aware, unless an exception applies.

What are the Exceptions?

You do not need to disclose the breach if disclosure would prejudice the security or defence of New Zealand, prejudice maintenance of the law, endanger the safety of a person or reveal a trade secret.

You may delay notification if you believe disclosure would risk the security of the personal information and those risks outweigh the benefits of informing the affected individuals. As soon as the grounds for delay no longer pose a risk, you must inform the affected individuals of the breach.

Even if you rely on an exception, you must always notify the Privacy Commissioners of the breach as soon as practicable.

What happens if I don’t comply?

Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

How can I prepare?

You should use this opportunity to make sure your privacy policy will comply with the Act. You should also consider the following:

• Make sure you have internal procedures in place to deal with how you become aware of a privacy breach;
• Assess the personal information you hold, the reason you collect it, where it is stored and who has access to it;
• Make sure your staff are aware of the new requirements.

This article is not a substitute for legal advice and you should contact your lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we would strongly encourage you to get in touch with us. Contact Steven Moe at stevenMoe@parryfield.com or Aislinn Molloy at aislinnMolloy@parryfield.com.

Share this entry
  • Share on WhatsApp
https://www.parryfield.com/wp-content/uploads/2019/08/plant-2401283_1920.jpg 1276 1920 Sarah McDermid https://www.parryfield.com/wp-content/uploads/2019/07/Parry-Field-Lawyers-Logo.png Sarah McDermid2020-11-06 10:46:492021-04-06 14:55:26Breaches of Privacy and the new Privacy Act 2020: What are your obligations

Related Lawyers

Aislinn Molloy
Email Aislinn
+6433488480
View Profile
Steven Moe
Email Steven
+6433488480
View Profile

Christchurch

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
1 Rimu Street, Riccarton,
Christchurch 8041

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440

Hokitika

PHONE: +64 3 755 8673
FAX: +64 3 755 8073

PHYSICAL ADDRESS:
26 Weld Street,
Hokitika 7810

POSTAL ADDRESS:
PO Box 44,
Hokitika 7842

Rolleston

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
68 Rolleston Drive,
Rolleston, 7614

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440

Make an enquiry

Parry Field Charitable Foundation

Parry Field charitable members of NZ LAw, Global Cross Legal and SCLA

Newsletter signup

70 Years of Excellence logo

© Copyright Parry Field Lawyers. All rights reserved. Privacy Policy. Terms of Engagement Brought to life by Happy Monday Ltd
Update on Trusts 2020 What is the difference between an assignment and novation?
Scroll to top