From 1 December 2020, businesses must adhere to the updated laws in the Privacy Act. The updates reflect changes in the way business is conducted online as well as offline.
- Business must not destroy personal information if someone asks for information held about them
- Businesses must report serious privacy breaches to the Office of the Privacy Commissioner
- They should also notify the affected people as soon as possible
- They must check personal information shared with overseas companies will have similar protection to New Zealand
- Overseas businesses operating in New Zealand must meet privacy requirements
- The act has extraterritorial effect, even businesses such as Google and Facebook are covered
If a person requests their personal information held by your business, you must respond within 20 working days. You must not delete personal information to avoid this request.
It will now be a criminal offense to mislead a business or organisation by impersonating someone or pretending to act with that person’s authority to gain access to their personal information or to have it altered or destroyed. The penalty in all cases is a fine up to $10,000.
Find more information and resources here.