New privacy law delivers six major changes

New privacy law delivers six major changes

Organisations need to understand and address a suite of new compliance obligations

John Edwards (Privacy Commissioner)

John Edwards (Privacy Commissioner)

Credit: Supplied

The new Privacy Act 2020 has come into force, ushering in new obligations on organisations and businesses when handling personal information. 

The new Act, which affords New Zealanders better privacy protections, also gives the Privacy Commissioner greater powers to ensure organisations and businesses comply.

Key changes include:

New privacy breach reporting obligations

If a business or organisation has a privacy breach that it believes has caused, or is likely to cause, serious harm, it will need to notify the Office of the Privacy Commissioner and affected individuals as soon as possible. The Commissioner has deployed a new tool on its website for reporting a privacy breach.

New criminal offences

It will now be an offence to mislead an agency to access someone else’s personal information – for example, impersonating someone in order to access information that you are not entitled to see. It will also be an offence for an organisation or business to destroy personal information, knowing that a request has been made to access it. The penalty for such offences is a fine of up to $10,000.

Compliance notices

The Privacy Commissioner will be able to issue compliance notices to businesses or organisations to require them to do something, or stop doing something, to comply with the Privacy Act 2020.

Enforceable access directions

The Privacy Commissioner will be able to direct an organisation or business to confirm whether they hold personal information about an individual and to provide the individual with access to that information.

Disclosing information overseas

A new privacy principle 12 has been added to the Privacy Act to regulate the way personal information can be sent overseas. From today, such information can be disclosed to an agency outside of New Zealand if the receiving agency is subject to similar safeguards to those in the Privacy Act 2020.

Extraterritorial effect

An overseas business or organisation that is "carrying on business" in New Zealand will be subject to the Act’s privacy obligations even if it does not have a physical presence in New Zealand.

Privacy Commissioner John Edwards said the new law reflected the changes in New Zealand’s wider economy and society as well as a modernised approach to privacy. 

“The new Act brings with it a wider range of enforcement tools to encourage best practice, which means we are now able to take a different approach to the way we work as a regulator,” he said.

The Office of the Privacy Commissioner has produced resources and guidance to help people and organisations understand the changes.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags disclosureprivacydata breach notification



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments