• Facebook
  • Twitter
  • Youtube
  • LinkedIn
Parry Field Lawyers
  • Home
  • About
    • Insights
    • Terms of Engagement
    • Testimonials
  • Our People
  • Services
    • Property Law
      • Residential Property
      • Property Construction
      • Commercial Property
        • Property Leasing
      • Subdivisions
      • Community Housing Information Hub
    • Advisory
      • Employment Hub
      • Sale and Purchase
      • Financing
      • Governance
      • Technology/ IT
    • Disputes
      • Court. Tribunals, Arbitrations
      • Estates and Wills
      • Divorce and Separation
      • Insurance
      • Employment Hub
      • Family
      • Company and Shareholding
      • Debt Collection
      • Construction
    • Trusts and Asset Planning
      • Wills and Enduring Powers of Attorney
      • Estates
      • Succession Planning and Asset Protection
      • Trust Management
    • Charities/For Purpose Organisations
      • Charities: Information Hub & Healthchecks
      • Governance Essentials
      • Incorporated Societies: Information Hub
      • Faith Groups: Information Hub
      • Impact Investing: Information Hub
      • Social Enterprises/Impact Companies
      • Start-ups and Capital Raising Hub
      • Schools & Education: Information Hub
    • Immigration and Migrants (移民)
      • Work Visas 工签
      • Family Visas 家庭签证
      • Skilled Migrants 技术移民
      • Business and Investment Visas 生意与投资签证
      • Potentially Prejudicial Information 回复移民局质疑 (PPI)
      • Employer Assistance 雇主协助
      • Overseas Investment 海外投资
  • Resources
    • Guides
    • Articles
    • Courses
      • Governance 101
    • Case Studies
    • Blog
      • Aotearoa Impact Sector Updates
    • Templates
      • Terms and Conditions
      • Terms and Conditions Including Software
      • Non-Disclosure Agreement – One Way
      • Non-Disclosure Agreement – Two Way
      • Independent Contractors Agreement
      • Shareholders’ Resolutions – Written resolution
      • Share Transfer
      • Incorporation – First Shareholder Resolutions
      • Incorporation – First Directors’ Resolutions
    • Videos
      • COVID-19 and Commercial Leases
      • Force Majeure” clauses in Contracts and COVID-19
      • Property sale and purchases and COVID-19
      • Seeds Podcast
  • Careers
    • Summer Clerk Programme
  • Contact
    • Healthcheck
  • Pay Online
  • Search
  • Menu Menu

Data breaches in New Zealand: You told what, to who?

Business, Governance

In an increasingly online world we are sharing and disclosing more and more online and that information is being held digitally. There are frequent examples in the news of leaks and data breaches. This article looks at this issue in detail and examines what the legal requirements are in this area.  Understanding what to do when there are data breaches is vital in these times when it is an increasingly common event.

So you’ve had a Data Breach. What are you legally required to do?

On 1 December 2020, the new Privacy Act came into force. One of the significant changes is the requirement to report serious breaches to the Privacy Commissioner and the affected individuals.

What is a privacy breach?

A privacy breach is defined as:

  1. unauthorised or accidental access to, or disclosure, alteration, loss or destruction of, the personal information; or
  2. an action that prevents the agency from accessing the information on either a temporary or permanent basis.

When do I have to report a privacy breach?

A privacy breach becomes notifiable when it is reasonable to believe that the breach has caused serious harm to those affected, or is likely to do so.

How do I assess whether a privacy breach will cause serious harm?

When assessing the seriousness of a privacy breach, you will need to consider the following:

  • any action you have taken to reduce the risk of harm following the breach;
    • whether the personal information is sensitive in nature (e.g. financial/health information);
    • the nature of the harm that may be caused to affected individuals;
    • who obtained or may obtain personal information as a result of the breach (if known);
    • whether the personal information is protected by a security measure (e.g. was the information encrypted?); and
    • any other relevant matters.

How do I report the privacy breach?

As soon as practicable after becoming aware of the privacy breach, you must notify the Privacy Commissioner. You can do so at the Privacy Commissioner’s ‘NotifyUs’ page here.

You must also notify the affected individuals as soon as practicable after becoming aware, unless an exception applies.

What are the Exceptions?

You do not need to disclose the breach if disclosure would prejudice the security or defence of New Zealand, prejudice maintenance of the law, endanger the safety of a person or reveal a trade secret.

You may delay notification if you believe disclosure would risk the security of the personal information and those risks outweigh the benefits of informing the affected individuals. As soon as the grounds for delay no longer pose a risk, you must inform the affected individuals of the breach.

Even if you rely on an exception, you must always notify the Privacy Commissioners of the breach as soon as practicable.

What happens if I don’t comply?

Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

How can I prepare?

You should use this opportunity to make sure your privacy policy will comply with the Act. You should also consider the following:

  • Make sure you have internal procedures in place to deal with how you become aware of a privacy breach;
  • Assess the personal information you hold, the reason you collect it, where it is stored and who has access to it;
  • Make sure your staff are aware of the new requirements.

This article is not a substitute for legal advice and you should contact your lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we would strongly encourage you to get in touch with us. Contact Steven Moe at stevenMoe@parryfield.com

 

 

Tags: Data Breaches, Privacy
https://www.parryfield.com/wp-content/uploads/2020/04/IMG_9184_Original-scaled.jpg 1707 2560 support@happymonday.co.nz https://www.parryfield.com/wp-content/uploads/2019/07/Parry-Field-Lawyers-Logo.png support@happymonday.co.nz2016-11-18 03:17:272023-05-12 13:46:34Data breaches in New Zealand: You told what, to who?

Christchurch CBD

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 60 Cashel Street
Christchurch 8013, New Zealand

POSTAL ADDRESS:
PO Box 744
Christchurch, 8140, New Zealand

Christchurch

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
1 Rimu Street, Riccarton,
Christchurch 8041, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Rolleston

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 80 Rolleston Drive,
Rolleston, 7614, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Hokitika

PHONE: +64 3 755 8673
FAX: +64 3 755 8073

PHYSICAL ADDRESS:
127 – 137 Revell Street,
Hokitika 7810, New Zealand

POSTAL ADDRESS:
PO Box 44,
Hokitika 7842, New Zealand

Parry Field Charitable Foundation

Parry Field charitable members of NZ LAw, Global Cross Legal and SCLA

© Copyright – Parry Field Lawyers     |     Privacy Policy

Overview of the New Zealand Takeovers RegimeEarthquake Response for Business Owners
Scroll to top