Blog home
It’s personal: data protection and privacy in Aotearoa New Zealand
May 25, 2021

It’s not Tech Week without a discussion about data protection and privacy. The latest in the news features a ransomware attack taking down Waikato Hospital’s computer and phone systems and seriously impacting service delivery, with big questions also being asked about the security of patient data.

Rapid changes in technology have led to changes in privacy, and it’s now standard practice for organisations to collect a lot of information about us, including for anti-money laundering (AML) and customer due diligence (CDD) requirements within the financial services industry.

With hacking attempts and cyber attacks ever increasing, businesses protecting personal information is not just an ethical choice, it’s legally required.

The Privacy Act 2020

A lot has changed since 1993 – the last time the Privacy Act was updated. Coming into effect on December 1st last year, the Privacy Act of 2020 brings stronger protections to personal information in the digital age with updated rules about privacy breaches and 13 updated privacy principles.

It is now mandatory for organisations to tell the Privacy Commissioner, and the affected people, if they have experienced a privacy breach that has caused serious harm, or is likely to do so. Businesses and organisations that fail to report a notifiable privacy breach can receive a fine of up to $10k.

The Privacy Commissioner can issue compliance notices and access directions for individuals wanting to access data held about them. There are also a number of criminal offences that have been introduced, such as misleading an agency to get someone’s personal information, or destroying personal information, knowing a request has been made to access it.

Overseas companies that provide services within Aotearoa New Zealand, who previously could get away with ignoring our Privacy Act, now need to comply.

The Privacy Commissioner states that for the first six months since the introduction of the new Privacy Act, their office has been focused on compliance and is educating organisations and businesses to help them understand their new legal responsibilities. Everyone from the local cornerstore right through to big corporations need to ensure they abide by the rules.

Interestingly, email errors made up 25% of all serious breaches in this first quarter.

Privacy and data protection is more important than ever – especially in the financial services industry. Here at Catalist, we set ourselves up to treat private information with the highest level of care – and these extra protections in the law now improve confidence for investors.

If you’re interested in knowing how we handle your privacy, take a look at our privacy policy and get in touch if you have any questions.

By Michelle Polglase