After 27 years, the Privacy Act has been refreshed and modernised
Parliament has passed the Privacy Act 2020 with unanimous support.
The Privacy Act 2020 comes into force on 1 December 2020. The key reforms of the new Act include:
Mandatory notification of harmful privacy breaches
If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
Introduction of compliance orders
The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
Binding access determinations
If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
Controls on the disclosure of information overseas
Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
New criminal offences
It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it. The maximum fine for these offences is $10,000.
Explicit application to businesses whether or not they have a legal or physical presence in New Zealand
If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.
Want to know more?
If you have any questions about your rights or obligations under the current or new Privacy Act, please contact our specialist Employment Team.
PDF version: Privacy Act 2020 docx