5 Privacy Changes Your Business Needs To Make In 2020
The New Zealand Privacy Act is changing in 2020, with the Privacy Bill currently going through Parliament. Stay ahead of the curve and make changes to your processes now.
Here's what you need to do to make sure your business will stay compliant when the new changes come into effect.
1. Create a recurring session every 3 months to review your data breach process.
Organise a 1-hour session with key members of your organisation and run through potential scenarios, so that you all feel comfortable about what to do if there's a data breach.
Make sure everyone knows how to deal with a breach quickly and discretely, and help prevent it happening again.
The Privacy Commission has an e-Learning programme online as well as helpful guidance on the best way to handle a serious data breach, which you should run through with your team.
Remember to add this as a part of your induction process for new employees as well.
2. Report privacy breaches to everyone affected.
Any serious privacy breach will need to be reported to the Office of the Privacy Commissioner.
You'll also need to notify anyone who is affected by the breach.
For example, if a client's personal information has been leaked online or used in identity theft, you'll be required by law to let them know.
We suggest telling them as soon as you suspect it could be an issue, as they could take steps to reduce the harm it has, before something serious happens.
3. Appoint a privacy officer.
Every business is required to have a privacy officer, even small businesses.
The privacy officer will deal with any information requests, and ensure your business is complying with the Privacy Act.
But don't worry, you don't need to have any previous knowledge or experience in the privacy realm.
This person will need to understand the privacy principles set out in the Privacy Act, and there are free online learning modules so that anyone can get up to speed.
4. Make sure your overseas service providers are meeting NZ privacy laws.
A lot of business in New Zealand use overseas providers for services like cloud software.
With different rules and legislation between countries, they may not be aware of what the privacy obligations are here.
Review the 12 privacy principles of the Privacy Act to check which might apply to your overseas providers, then check in to make sure everything is compliant.
5. Review and update your privacy statement.
Your privacy statement outlines how you will collect, use and disclose people's information, as a business.
It's important to be transparent about how, when and why you're collecting personal information, so that your clients can have peace of mind about sharing this with you.
Go over your privacy statement to make sure that it's up to date and reflects how you're handling sensitive customer data.
If you don't have a privacy statement, you can create one with the help of the Privacy Commissioner's free tool.