What Does The New Privacy Act Mean For International Businesses?

The New Zealand government has just passed The Privacy Act of 2020, which will take effect on 1 December 2020. This new policy aligns the privacy laws around customer protection and privacy in the digital age. 

Under this act, concerned agencies and organisations swear to protect your personal information — including but not limited to complete name, phone number, email address, and other identifiable information — from any breach or unauthorised access. If an unlikely event has compromised your data, they need to notify you immediately.

For most individuals, organisations, and government agencies, the act is pretty straightforward. They may even do this protocol even without consulting a lawyer. However, this new act can be complicated for international businesses operating in New Zealand. They may need to change their privacy and security policies accordingly.

So, what will change and what’s at stake for global businesses with the passing of The Privacy Act of 2020? Take a closer look.

Will this change the way international companies handle data?

The simple answer is yes, but it gets more specific. The Privacy Act of 2020 has specified different reforms on how international organisations can collect, use, and disclose data. Here are the following laws on how they are planning to manage data:

The Privacy Act has an extra-territorial scope

The NZ Privacy Act clarifies the inclusion of global companies in the act. As long as they “conduct business within New Zealand” and handle personal data, they’re subject to the laws and regulations under this act. 

“Conducting businesses within New Zealand” includes even businesses that don’t have physical operations in the country. As long as they receive monetary payment from their goods and services sold within NZ territory, it’s considered in scope.

The new act introduces IPP

Under the Information Privacy Principle, transferring and disclosing of data to an organisation outside of NZ is prohibited. It can be allowed, however, given that the receiver of the data is also subject to the laws and regulations of the Privacy Act.

If the receiver of data isn’t bound by the new privacy act, the owner of the information must be informed. They must consent to their information being disclosed. It’s important to note that offshore transfer to data processors — like cloud storage — isn’t covered by the IPP.

What are the new powers of the NZ Office of the Privacy Commissioner?

The Privacy Act requires businesses to report any privacy breaches that may compromise the security of the persons owning the data. They must notify individuals about the status of their data, and measures to limit the compromise. Failure to do so will lead to the following:

Face criminal charges

The Privacy Act 2020 imposes criminal offence if the Commissioner finds an intentional breach and destroying of information. Misleading statements to the legislation count as an offence as well. If ruled guilty, an offender may face a fine of up to $10,000.

Grant power to the concerned individual

Concerned individuals may raise their concerns to the Human Rights Review Tribunal for their compromised security due to privacy breach. This is on top of the legal charges that the Commissioner will file against the organisation.

What does this new law mean for Australian businesses?

Australia is one of the biggest business partners of New Zealand. With the Privacy Act of 2020 commencing soon, it has raised concerns about how they can keep operating in NZ. To answer, the new act covers all Australian businesses operating in the country. However, there are more factors to consider.

Cope with the cross border disclosure rules

The cross border transfer of data outside New Zealand territory under IPP is one of the key regulations of this act. For OZ businesses operating in NZ, they need to evaluate whether they really need the data and whether they really need to disclose it outside the border. 

If this is vital for their business, they need to gain the Kiwis’ confidence about their information being disclosed. The best way to do this is by informing the owner of the data about similar and comparable Australian laws to the Privacy Act of 2020.

Revisit your organisational data processing

Before the act fully commences, Australian businesses may need to revisit their data breach responses and safekeeping. Check if the data collection and disclosure activities — whether internal or external — oppose the new act. Also, consider tweaking your data collection, usage, and disclosure to align with The Privacy Act of 2020.

Know the latest updates about this new act

For now, this is all we know about how The Privacy Act of 2020 may affect international businesses with operations in New Zealand. As the start date draws nearer, there may be more information about this new act — so keep yourself posted! 

Stay updated about the new Privacy Act of New Zealand and all the latest news through fast and secure broadband. Compare the best broadband deals for your business using our comparison tool, here at CompareBear!