The new Privacy Act 2020 came into force in December, and significantly raised the standard of privacy when it comes to dealing with client information - standards which Buddle Findlay partner Scott Abel says are going to be significantly more enforceable, and will take more due diligence to ensure compliance.
Abel says that with the new Act, adviser businesses have put privacy much higher up on their agenda, particularly the ones that deal with companies overseas.
“I think previously nobody really put privacy at the top of their agenda, because it was really an Act without teeth,” Abel said.
“Now, the Commissioner has the ability to issue compliance orders, and also to publish those compliance orders to name and shame the firms that don’t comply with their obligations. So, there is now a great reputational risk around non-compliance.”
“Firms are now obliged to report breaches in privacy, which wasn’t the case before,” he added.
“Sending information overseas is also not allowed, except under certain circumstances. Businesses will really need to check their privacy processes above and beyond what they normally do.”
Compliance Refinery CEO Steven Burgess says that businesses need to assess their processes a lot more carefully now than they have done in the past, and that staying on top of security and IT processes will be key to ongoing compliance.
“We find that there are a number of businesses that are using people overseas, and we would encourage them to do additional due diligence to ensure they’re meeting the new New Zealand standard,” Burgess said.
Read more: Getting ready for the new Privacy Act 2020
“It’s a bit more complicated now, but it can be done.”
“You also need to document your processes, and ensure that you have a good privacy breach plan,” he explained. “Privacy breach reporting is a mandatory change in the regime, and you should have a plan for how you address and assess those breaches. Look at your security and IT processes - it’s very important that they act in conjunction with each other, and you need to understand what vulnerabilities you have.
“If you are doing business overseas, you will certainly need to do more planning now than you did in the past.”