Privacy Officer Alert

7 Dec 20

Every agency must have a Privacy Officer, who must be actively managing and protecting personal information.

In our Spring Bulletin we identified the top five changes under the new Privacy Act, which came into force on 1 December.  With mandatory reporting of significant breaches and potential criminal offences the role of the Privacy Officer is crucial.  Yet some organisations still seem unaware that they must have a Privacy Officer, or if they do have one, who that person might be.

Every agency (including every business, or organisation that collects and holds personal information about other people), must have a Privacy Officer.

Privacy Officers must;

  • encourage the agency to comply with the Information Privacy Principles;
  • take responsibility for dealing with requests for information under the Act;
  • work with the Privacy Commissioner in relation to investigations into complaints; and
  • ensure the agency complies with the provisions of the Act.

It is not a token position.  All agencies will need to ensure that their Privacy Officer is adequately trained and resourced, and that they have a good understanding of their obligations and responsibilities.

Now is a good time to check.   If you already have a Privacy Officer does everyone know who that is?  Do you have appropriate policies and a privacy statement?

Goals for early 2021 should include ensuring that the Officer is allocated resources and time to undertake training.  Once trained and up to speed the Officer can review policies and processes for the collection, use, and retention of personal information, and provide leadership and support to other staff.

In particular the agency should have a policy in place for dealing with information requests under principle 6 (access to personal information).

The Office of the Privacy Commission has prepared a number of training modules which are available on their website.   This is a good place for your Privacy Officer to start.

Given the potential consequences of a breach, and the enhanced powers of the Privacy Commissioner, we suggest that you take specific advice before responding to any queries, requests for information, or complaints.

 

Want to know more?

If you have any questions about Privacy Officer requirements please contact our Employment Team.

 

PDF version: Privacy Officer Alert

This article was included in Edition 10 of our employment newsletter – Employment News which you can read here.

For more information contact:

Fi McMillan

fiona.mcmillan@al.nz