![\"\"](\"http:\/\/kinetics.co.nz\/wp-content\/uploads\/2019\/05\/private-300x200.jpg\")
<\/p>\n[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22″][et_pb_row admin_label=”row” _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.9.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ sticky_enabled=”0″]<\/p>\n
<\/p>\n
Overshadowed by overseas privacy law changes like GDPR, our own NZ Privacy legislation has flown a little under the radar. But rest assured, changes are coming here as well.<\/p>\n
The last change in NZ Law was 1993, and it was world-leading at the time. Then in 2011, the Law Commission suggested an update, and that\u2019s where we are now. The expectation is that the bill will become law mid-2019, with the key aim to ensure we can be confident that our personal information \u2013 online or elsewhere \u2013 is safe and treated\u00a0well.<\/p>\n
The key change, like the Australian Notifiable Breaches legislation, is to require a notification in the event of a data breach. There is a trigger for this \u2013 the breach must pass a certain threshold, and if it does, the agency holding the data must let the impacted individual know, and notify the Privacy Commission . There are a couple of exceptions to this, but nothing significant.<\/p>\n
You must notify if the breach may cause (or the potential risk) of:<\/p>\n
That of course raises the question as to what \u2018potential risk\u2019 is and how on earth you can decide that. But with a $10,000 potential fine, this will be significant for any business, especially a small business.<\/p>\n
There are legal scenarios, presumably a warrant or similar, that require you to hand over information to law enforcement authorities that may include information about individuals that would fall under the act. If you find yourself in this position, you must only hand over exactly what is required and nothing extra, otherwise this too would be a breach.<\/p>\n
The bill is currently at it\u2019s second reading \u2013 so some of the points above are subject to the select committee and may yet change. One example is the limit of the fines for non-compliance with the Privacy Commissioner reported to be trying to increase these to a maximum of $100,000. You can learn more on the parliamentary website<\/a>.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" Overshadowed by overseas privacy law changes like GDPR, our own NZ Privacy legislation has flown a little under the radar. But rest assured, changes are coming here as well. The last change in NZ Law was 1993, and it was world-leading at the time. Then in 2011, the Law Commission suggested an update, and that\u2019s […]<\/p>\n","protected":false},"author":5,"featured_media":3489,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"\n\nOvershadowed by overseas privacy law changes like GDPR, our own NZ Privacy legislation has flown a little under the radar. But rest assured, changes are coming here as well.\n\nThe last change in NZ Law was 1993, and it was world-leading at the time. Then in 2011, the Law Commission suggested an update, and that\u2019s where we are now. The expectation is that the bill will become law mid-2019, with the key aim to ensure we can be confident that our personal information \u2013 online or elsewhere \u2013 is safe and treated\u00a0well.\n\n[header2 text=\"Notifiable Breaches\" align=\"left\" color=\"#336A40\" margintop=\"\"]\n\nThe key change, like the Australian Notifiable Breaches legislation, is to require a notification in the event of a data breach. There is a trigger for this \u2013 the breach must pass a certain threshold, and if it does, the agency holding the data must let the impacted individual know, and notify the Privacy Commission . There are a couple of exceptions to this, but nothing significant.\n\nYou must notify if the breach may cause (or the potential risk) of:\n\n \t