I had the privilege to listen to the Assistant Commissioner of Privacy, Jon Duffy during National Privacy Week.
Jon started at the beginning by exploring what defines privacy simply put as, something that identifies a person. He then took us through a highlights real of what the legislation covers. I’ve encapsulated this in the bullet points below as many SME’s are unlikely, as I was, to be aware of the details:
- Breaches involving Serious harm need to be reported.
- Only collect information you need
- Collect it directly from the individual if you can
- Advise the individual you are collecting information and why
- Don’t do something illegal or unfair
- Secure access to the information is important
- The individual must have access to their information (Legal requirement) and must be able to have a disagreement to the accuracy of it recorded against it
- Only keep it for as long as you need it
- Only use it for what you gathered it for
- Don’t disclose it
My summation – Know why you need the information, what you are going to use it for and treat it as if it is your own.
Jon finished by highlighting some of the things in the GDPR (which is considered the leading privacy legislation globally) that are not in the new New Zealand Privacy Bill:
- Data portability
- Algorithmic transparency
- The right to be forgotten
- The lack of penalties
The NZ Privacy ACT 1993 was last reviewed by the Law Commission in 2011. The 2018 amendment bill is currently waiting its second reading in parliament.
We have written other blog posts on Privacy – you might like to check out this one on writing a good Privacy Statement.