In 2020, the New Zealand Government updated the Privacy law that applies to all organisations operating in Aotearoa.  Under the updated law organisations must:

• Not destroy personal information if someone asks for information held about them.
• Report serious privacy breaches.
• Check personal information they share with overseas companies will have similar protection to New Zealand.

The Privacy Commissioner also recommends appointing a Privacy Officer to make sure someone is responsible for compliance.

Overseas businesses operating here must meet NZ privacy requirements, including multi-nationals offering services like cloud software or social media.

As prior to this law update you must also still:

• Only collect the personal information needed for business reasons and only ever share it for specified reasons.
• Tell people what you collect, including if you use cookies on your website.
• Store personal information safely and securely.
• Only keep information while you need it or are legally allowed to keep it.
• Respond to someone’s request for personal information within 20 working days.
• Update or correct personal information as required, eg a new phone number.

If your business doesn’t have a privacy statement, use this free online tool by the Privacy Commissioner to create one. It only takes 5 mins.

Customers increasingly want to know you are careful, not cavalier with their data so it’s not only the legal and ethical thing to do but also better for business.

You can read more on the updated Privacy Law here.