• Facebook
  • Twitter
  • Youtube
  • LinkedIn
Parry Field Lawyers
  • Home
  • About
    • News & Insights
    • Terms of Engagement
  • Our People
  • Services
    • Property
      • Residential
      • Construction
      • Subdivisions
      • Commercial
      • Leasing
      • Community Housing Information Hub
    • Advisory
      • Employment
      • Sale & Purchases
      • Financing
      • Governance
      • Technology/IT
      • Start-ups and Capital Raising Hub
    • Disputes
      • Employment
      • Court, Tribunals and Arbitrations
      • Estates & Wills
      • Divorce & Separation
      • Insurance
      • Family
      • Company & Shareholding
      • Debt Collection
      • Construction
    • Trusts & Asset Planning
      • Wills & Enduring Powers of Attorney
      • Estates
      • Succession Planning
    • Charities/For Purpose Organisations
      • Incorporated Societies: Information Hub
      • Charities: Information Hub & Healthchecks
      • Governance Essentials
      • Faith Based Groups: Information Hub
      • Impact Investing: Information Hub
      • Hybrid Solutions: Charity/Business
      • Not for Profits
      • Churches
      • Sports Groups
      • Social Enterprises/Impact Companies
      • Community Groups
    • Migrants
    • Immigration
      • Work Visas
      • Family Visas
      • Skilled Migrants
      • Business and Investment Visas
      • Potentially Prejudicial Information
      • Employer Assistance
      • Overseas Investment
  • Resources
    • Guides
      • Capital Raising Guide
      • Resources for the Incorporated Societies Act 2022
      • Doing Business In New Zealand
      • Start Ups Legal Toolkit
      • Buying & Selling Property
      • Charities In New Zealand
      • Social Enterprises in New Zealand Handbook
      • Family Trusts
      • Death & Estates
      • Churches Handbook
    • Articles
      • Heat of the moment resignations – do employees need to be given a chance to cool off?
      • The new Incorporated Societies Act 2022: When will the new Act affect my Society?
      • Racial Harassment in the Workplace
      • Built up annual leave – does an employee have to use it?
      • Resources for the Incorporated Societies Act 2022
      • When can a Trustee delegate their powers?
      • Buying your first home: Key issues (a practical guide from a first home buyer)
      • The new Incorporated Societies Act 2022: What it means for your Incorporated Society
      • The Addington Farm: A case study in setting up a Charity
      • The Bright-Line Test
      • Funds that advance charity: How do they work? 
      • What is a LIM?
      • Charity Founders’ Ongoing Relationship With The Charity They Start: Key points to know
    • Blog
    • Templates
      • Terms and Conditions
      • Terms and Conditions Including Software
      • Non-Disclosure Agreement – One Way
      • Non-Disclosure Agreement – Two Way
      • Independent Contractors Agreement
      • Shareholders’ Resolutions – Written resolution
      • Share Transfer
      • Incorporation – First Shareholder Resolutions
      • Incorporation – First Directors’ Resolutions
    • Videos
      • COVID-19 and Commercial Leases
      • Force Majeure” clauses in Contracts and COVID-19
      • Property sale and purchases and COVID-19
      • Seeds Podcast
  • Careers
  • Contact
    • Healthcheck
  • Pay Online
  • Search
  • Menu Menu

Breaches of Privacy and the new Privacy Act 2020: What are your obligations

Business

On 1 December 2020, the new Privacy Act comes into force. One of the significant changes is the requirement to report serious breaches to the Privacy Commissioner and the affected individuals.

What is a privacy breach?

A privacy breach is defined as:

1. unauthorised or accidental access to, or disclosure, alteration, loss or destruction of, the personal information; or
2. an action that prevents the agency from accessing the information on either a temporary or permanent basis.

When do I have to report a privacy breach?

A privacy breach becomes notifiable when it is reasonable to believe that the breach has caused serious harm to those affected, or is likely to do so.

How do I assess whether a privacy breach will cause serious harm?

When assessing the seriousness of a privacy breach, you will need to consider the following:

• any action you have taken to reduce the risk of harm following the breach;
• whether the personal information is sensitive in nature (e.g. financial/health information);
• the nature of the harm that may be caused to affected individuals;
• who obtained or may obtain personal information as a result of the breach (if known);
• whether the personal information is protected by a security measure (e.g. was the information encrypted?); and
• any other relevant matters.

How do I report the privacy breach?

As soon as practicable after becoming aware of the privacy breach, you must notify the Privacy Commissioner. You can do so at the Privacy Commissioner’s ‘NotifyUs’ page here.

You must also notify the affected individuals as soon as practicable after becoming aware, unless an exception applies.

What are the Exceptions?

You do not need to disclose the breach if disclosure would prejudice the security or defence of New Zealand, prejudice maintenance of the law, endanger the safety of a person or reveal a trade secret.

You may delay notification if you believe disclosure would risk the security of the personal information and those risks outweigh the benefits of informing the affected individuals. As soon as the grounds for delay no longer pose a risk, you must inform the affected individuals of the breach.

Even if you rely on an exception, you must always notify the Privacy Commissioners of the breach as soon as practicable.

What happens if I don’t comply?

Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

How can I prepare?

You should use this opportunity to make sure your privacy policy will comply with the Act. You should also consider the following:

• Make sure you have internal procedures in place to deal with how you become aware of a privacy breach;
• Assess the personal information you hold, the reason you collect it, where it is stored and who has access to it;
• Make sure your staff are aware of the new requirements.

This article is not a substitute for legal advice and you should contact your lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we would strongly encourage you to get in touch with us. Contact Steven Moe at stevenMoe@parryfield.com

https://www.parryfield.com/wp-content/uploads/2019/08/plant-2401283_1920.jpg 1276 1920 Tasha Fraser https://www.parryfield.com/wp-content/uploads/2019/07/Parry-Field-Lawyers-Logo.png Tasha Fraser2020-11-06 10:46:492023-05-12 13:25:47Breaches of Privacy and the new Privacy Act 2020: What are your obligations

Related Lawyers

Steven Moe
View Profile

Christchurch CBD

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 60 Cashel Street
Christchurch 8013, New Zealand

POSTAL ADDRESS:
PO Box 744
Christchurch, 8140, New Zealand

Christchurch

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
1 Rimu Street, Riccarton,
Christchurch 8041, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Rolleston

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 80 Rolleston Drive,
Rolleston, 7614, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Hokitika

PHONE: +64 3 755 8673
FAX: +64 3 755 8073

PHYSICAL ADDRESS:
26 Weld Street,
Hokitika 7810, New Zealand

POSTAL ADDRESS:
PO Box 44,
Hokitika 7842, New Zealand

Parry Field Charitable Foundation

Parry Field charitable members of NZ LAw, Global Cross Legal and SCLA

© Copyright – Parry Field Lawyers     |     Privacy Policy

Update on Trusts 2020What is the difference between an assignment and novation?
Scroll to top
  • Share on Facebook
  • Share on LinkedIn
  • Share on Email