• Facebook
  • Youtube
  • LinkedIn
Parry Field Lawyers
  • Home
  • About
    • Insights
    • Terms of Engagement
    • Testimonials
  • Our People
  • Services
    • Property Law
      • Residential Property
      • Property Construction
      • Commercial Property
      • Property Leasing
      • Subdivisions
      • Community Housing Information Hub
    • Advisory
      • Employment Hub
      • Sale and Purchase
      • Financing
      • Governance
      • Technology/ IT
      • Artificial Intelligence (AI) Hub
    • Disputes
      • Court. Tribunals, Arbitrations
      • Estates and Wills
      • Divorce and Separation
      • Insurance
      • Employment Hub
      • Family
      • Company and Shareholding
      • Debt Collection
      • Construction
    • Trusts and Asset Planning
      • Wills and Enduring Powers of Attorney
      • Estates
      • Succession Planning and Asset Protection
      • Trust Management
    • Charities/For Purpose Organisations
      • Charities: Information Hub & Healthchecks
      • Governance Essentials
      • Incorporated Societies: Information Hub
      • Faith Groups: Information Hub
      • Impact Investing: Information Hub
      • Social Enterprises/Impact Companies
      • Start-ups and Capital Raising Hub
      • Schools & Education: Information Hub
    • Immigration and Migrants (移民)
      • Work Visas 工签
      • Family Visas 家庭签证
      • Skilled Migrants 技术移民
      • Business and Investment Visas 生意与投资签证
      • Potentially Prejudicial Information 回复移民局质疑 (PPI)
      • Employer Assistance 雇主协助
      • Overseas Investment 海外投资
  • Resources
    • Guides
    • Articles
    • Case Studies
    • Blog
      • Aotearoa Impact Sector Updates
    • Templates
    • Videos
    • Seeds Podcast
  • Careers
    • Careers at Parry Field
    • Current Opportunities
    • Summer Clerk Programme
  • Contact
    • Healthcheck
  • Pay Online
  • Search
  • Menu Menu

Privacy is Everyone’s Business: How to Keep Your Organisation Safe  

Business, Charities/NFP, Impact Investment

Privacy for organisations is important and should be taken seriously. In this article we show you how.

We all value our personal information. No one wants their personal details accessed or used inappropriately. It can lead to spam or more worryingly, identity theft or fraud. It can also exact an emotional toll.

The Privacy Act 2000 (Act) is all about helping to protect individuals and keeping the organisations who collect personal information accountable. The amended Act came into force on 1 December 2020, so you need to be following it now.

Top tips

  • Treat other people’s information as if it were your own—with care and respect.
  • Follow the rules. If unsure what to do, seek help.
  • Adopt or update your Privacy Policy and appoint a Privacy Officer.
  • Consider doing a Privacy Impact Assessment to inform projects or proposals. This may save time and money. Use the toolkit.
  • Make use of the resources available. Seek legal advice for more serious matters.

Who has responsibilities?

The Act refers to ‘agencies’. This is any organisation or person that collects and holds personal information about people, whether private or public sector. Some examples are companies, businesses (including small businesses), clubs, charities and community groups.

The Privacy Commissioner’s Compliance and Regulatory Action Framework says that its goal is to achieve high levels of voluntary compliance by seeking to make the regulatory approach as clear as possible.

If your organisation breaches privacy rules there can be consequences, such as a failure to report a notifiable breach will be punishable on prosecution with a fine of up to $10,000.

A word of caution – privacy covers all you do so includes emails and texts. Be careful what you say as those might need to be disclosed in a person asks for these records. Also, if a reporter is writing about your organisation, avoid using their real name in internal communications – use a pseudonym instead. Their name is an example of personal information and the journalist is therefore entitled to see the number of times they have been referred to in communication. Furthermore, they may be entitled to see what has been written about them, so our advice is to be scrupulously professional in all communication.

What do agencies need to do?

At the heart, this is about being respectful and careful. Imagine it is your personal information and treat it accordingly. Follow the links below to the Privacy Principles for more detail. What you need to consider falls into these categories.

1. Collecting personal information

  • Only collect information that you really need. The more you collect, the more care is needed. (Privacy Principle 1). We do see clients collecting more than is necessary so ask yourself if it is needed.
  • Collect information from the person directly (or their authorised representative). (Privacy Principle 2)
  • Tell people why you are collecting the information. Having a Privacy Statement is a good idea. You can develop one using the Privacy Commissioner’s generator or we can draft a complete and bespoke version specifically for your circumstances. (Privacy Principle 3)
  • Collect information lawfully and fairly, or there may be consequences. (Privacy Principle 4)

2. Storing personal information

  • Keep information genuinely Lock it up or password protect it, and limit access. Ensure staff know what they can and cannot access. (Privacy Principle 5)
  • Ensure you can provide it promptly to a person on their request. Charges should generally not apply, and if they do they must be reasonable. (Privacy Principle 6)
  • Correct personal information if it is not correct. (Privacy Principle 7)
  • Keep personal information accurate. (Privacy Principle 8)
  • Keep information only as long as you need to and dispose of it carefully. (Privacy Principle 9)
  • Use the information only for the purpose it was collected. (Privacy Principle 10)
  • Disclose personal information only for a valid reason, for example, when required by law. (Privacy Principle 11)
  • Follow the rules for sending personal information out of New Zealand, including digitally. (Privacy Principle 12)
  • Only use a ‘unique identifier’ (something that is unique to a person such as a drivers licence), when necessary. (Privacy Principle 13)

FAQs

 How do you ask an agency for your information?

Use this form, or request the information by phone, email or letter. Agencies must reply within 20 working days, or 10 days for urgent requests, but can refuse for valid reasons.

 1. How do you correct your information?

Contact the agency, explain the error, and ask for it to be corrected. If the correction is refused, you may complain to the Privacy Commissioner.

 2. How do you make a complaint?

Try to resolve it with the agency first. If that doesn’t work, complain to the Privacy  Commissioner. They will not investigate situations from long ago or that didn’t cause you harm, or things like family disputes, someone else’s personal information, or vexatious matters.

 3. Are there any special rules for sensitive personal information?

Codes of practice exist for some sensitive types of personal information, such as for health, credit and superannuation.

4. How can you check if your information has been leaked?

Check at haveibeenpwned.com

5. What happens if your privacy is breached?

Contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068.

 6. How do you keep your own information safe?

Your personal information is important to you and may be valuable to others who can benefit from it. Be thoughtful about giving out your personal information. Many agencies provide a discount when your join their ‘club’. Ask yourself if it is really worth it.

  • When asked for your details by email or phone, question why it is needed and confirm the collection is valid.
  • Monitor your email and bank accounts and be alert for any suspicious behaviour.
  • Use complex passwords and change them monthly—it’s worth the effort.
  • Report breaches.

7. What if you need to breach a privacy obligation?

Look at the guidance and contact the Privacy Commissioner’s Office for clarification.

A key change – Reporting privacy breaches

Agencies must report serious breaches to the Privacy Commissioner and the affected individuals. A serious breach is one that has or is likely to cause serious harm to those affected. Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.

Read more on your personal information rights here.

—-

This article is merely on overview of the Privacy Act. We recommend visiting the Privacy Commissioner’s website.

It is not a substitute for legal advice and you should contact a lawyer about your specific situation. If you think your privacy policy is insufficient (or non-existent!), we strongly encourage you to get in touch with us. We’d love to help. Contact Steven Moe at stevenMoe@parryfield.com or Aislinn Molloy at aislinnMolloy@parryfield.com.

https://www.parryfield.com/wp-content/uploads/2024/05/siarhei-horbach-xJc-frJbuw-unsplash-scaled.jpg 1707 2560 Tasha Fraser https://www.parryfield.com/wp-content/uploads/2019/07/Parry-Field-Lawyers-Logo.png Tasha Fraser2024-05-28 15:11:062024-05-28 15:20:43Privacy is Everyone’s Business: How to Keep Your Organisation Safe  

Contact our Team


0 / 180

Christchurch CBD

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 60 Cashel Street
Christchurch 8013, New Zealand

POSTAL ADDRESS:
PO Box 744
Christchurch, 8140, New Zealand

Christchurch

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
1 Rimu Street, Riccarton,
Christchurch 8041, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Rolleston

PHONE: +64 3 348 8480
FAX: +64 3 348 6305

PHYSICAL ADDRESS:
Level 1, 80 Rolleston Drive,
Rolleston, 7614, New Zealand

POSTAL ADDRESS:
PO Box 8020, Riccarton,
Christchurch, 8440, New Zealand

Hokitika

PHONE: +64 3 755 8673
FAX: +64 3 755 8073

PHYSICAL ADDRESS:
127 – 137 Revell Street,
Hokitika 7810, New Zealand

POSTAL ADDRESS:
PO Box 44,
Hokitika 7842, New Zealand

Parry Field Charitable Foundation

Parry Field charitable members of NZ LAw, Global Cross Legal and SCLA

© Copyright – Parry Field Lawyers     |     Privacy Policy

The Tax Benefit of Making Donations: How Does it Work?Privacy: Use of Your Personal Information
Scroll to top