The Privacy Act 2020 and Your Responsibilities to Protect Digital Assets

New Zealand has had a Privacy Act since 1993. It was introduced to promote and protect individual privacy; to establish principles on collection, use, and disclosure of information relating to individuals; and access by individuals to information held about them. (Source: Office of the Privacy Commissioner)

On 1st December this year the updated Privacy Act 2020 comes into force. There are significant changes being made that will affect your business, specifically around what personal information you collect and store, and your responsibilities regarding the storage, access and protection of that information.

Under the new Privacy Act 2020 if personal data that you hold is compromised or unlawfully accessed it is mandatory to report this to the Privacy Commission and any people affected. Failure to do so will result in hefty penalties.

We recommend visiting the Privacy Commission’s website privacy.org.nz where you will find an excellent resource bank of helpful information sheets, videos and training materials.

Our IT Provider Stratus Blue has provided some simple tips to assist your business maintain data security and avoid risk.

1. Secure your computer network.

2. Implement security awareness training for your staff.

3. Keep all operating system and application updates up to date.

4. Ensure that all key data including email and documents in the cloud are backed up.

5. Implement multi-factor authentication (MFA or 2FA) across your systems.

6. Appoint a staff member as your designated Privacy Officer and have a privacy statement.

7. Ensure that staff working from home are keeping your company data secure. 

If you have any questions about how this could affect your business or if you are vulnerable in any way please contact your IT support provider or feel free to contact Yvonne Blanch at Stratus Blue, Whakatane on 0800 227747.