The question of how our data is collected, stored and distributed has been a well-documented, global topic in recent years. Arguably spurred by the EU’s General Data Protection Regulation (GDPR) that came into place in 2018, requiring that people know, understand and consent to the data collected about them. Closer to home we’ve experienced targeted cyber-attacks on the NZX and other financial institutions, prompting organisations to increase their cybersecurity measures and reminding us as individuals to be aware of the policies, tools and monitoring that protect us. It seems a lot of people know that their data is being collected but don’t know how it is being used and what their rights are. Living in a digital age has made acquiring, storing and transferring data easier than ever and by upgrading our Privacy Act that came into effect in 1993, the changes are to serve as a framework for the standards that we want to uphold as businesses and individuals. With these changes on the horizon, we take a look at what this means for all of us when the new Privacy Act 2020 (“the Act”) comes into force on 1 December 2020.
How your data is currently being collected, stored and distributed.
Your personal information that you might willingly give over the internet or through any other channel is subject to 12 principles falling under the Act.
The Act includes the following provisions:
- An organisation needs a good reason to collect your personal information
- You must provide your personal information directly or consent to your information being handed over
- You should have access to your personal information and you should be made aware what it will be used for
- An organisation can’t use your personal information without taking reasonable steps to ensure it’s accurate and up-to-date
- You are entitled to know how your personal information is stored
There is currently no onus on an organisation to notify users of a breach nor any regulation on how your information is transferred overseas. The Privacy Act 2020 aims to remove these grey areas by encouraging businesses to take a proactive approach to privacy and holding them accountable to do so.
Key changes coming to the Privacy Act
- Any breach will sit with a business and not an individual employee
- It will be a criminal offence not to report and notify those affected about a breach, if it’s going to cause serious harm
- The Privacy Commissioner will be able to issue compliance notices to businesses to require them to do something, or stop doing something, in order to comply with the Act
- Any business operating in NZ will be subject to the Act even if that business is based overseas
- It will be a criminal offence to mislead an organisation or business to acquire someone’s personal information or to destroy personal information if a request has been made for it
How we at Public Trust keeps your personal information safe and secure
What we collect from you will be based on the necessary information needed to provide you with the best possible service and can span from basic information such as your name, address, date of birth, to information about your financial circumstances and family history. We will also store your e-copy information within NZ hosted data centres. Find out about what we do in the case of a breach here.
You are entitled to have access to any information a business holds for you, subject to any limitations outlined in the Act. You can also request for your personal information to be updated at any time. If you wish to make a privacy related complaint, you may contact Public Trust’s Privacy Officers using firstname.lastname@example.org, or the Privacy Commissioner on 0800 803 909 or visit www.privacy.org.nz.
Concerns about privacy, specifically online privacy continue to escalate among Kiwis and there is a collective call for transparency and protection. The threat of breaches and cybercrime continues to rise so efforts towards safeguarding personal information is more important than ever. With the upcoming changes to the Privacy Act we will see businesses take an obliged approach to protecting their customers information, for which the Privacy Commissioner will have more power to make sure everyone complies. For us at Public Trust, this means reviewing our systems and processes to ensure the continued protection and respect for our customers and their information.