PRIVACY ACT
5 reasons the new Privacy Act can impact your business New Zealand’s new Privacy Act became law at the beginning of December. It’s a good time to also consider whether your organisation is compliant with overseas privacy regulations, writes Planit Software Testing’s Dave Withers APP. New Zealand has ironically caught a lucky break with COVID-19. New Zealand businesses are now in a situation that we can all take advantage of. With many parts of the world in lockdowns, our workforce is now living their healthy normal lives. Teams can now meet in-person to collaborate on ideas and work together.
David Withers APP is a Security Consultant with experience in large CCTV installations. He has also worked for over 20 years in Quality Assurance. As a Shadow Committee member of the ASIS NZ Chapter, David establishes and supports Auckland-based ASIS certification study groups.
28
NZSM
The first wave forced most workers into remote working. As a result, going to a physical location to work is no longer a requirement for many assignments, and remote work is now an accepted work practice worldwide. Our workforce can now work with clients anywhere in the world, and we are well placed to grow our businesses outside our borders as a result. Given that from December businesses are required to adjust to New Zealand’s new Privacy Act 2020, in our globalised context it is recommended that you also look to become compliant for international markets as well. Privacy regulations worldwide are all based on the same ideal of collecting and securing appropriate personal and sensitive data correctly. This means for very little extra effort you can become complaint in other territories. Some examples are: • General Data Protection Regulation (GDPR): The European data privacy and
security law covers a market of 446 million people. Noncompliance costs for hundreds of companies were more than 114 million euros in fines in the law’s first 20 months. • Health Insurance Portability and Accountability Act (HIPAA): This US standard is designed to protect sensitive patient data in a market of 328 million people. Noncompliance costs companies an average penalty of USD1.2 million per violation. • California Consumer Privacy Act of 2018 (CCPA): This law protects the rights of consumers personal data. All the above could be addressed when making your company compliant with the new NZ Privacy Act. The new Act comes into effect on 1 December 2020, bringing with it a number of changes: • New privacy breach notification regime: If a privacy breach has caused (or is likely to cause) serious harm, the company must notify the Office of the Privacy Commissioner and affected individuals as soon as possible • Compliant notices: The Privacy Commissioner can issue compliance notices to organizations to require them to do something; or stop doing something • Enforceable access directions: The Privacy Commissioner can
December 2020/January 2021
