Experts Insight on the recent news regarding New Zealand’s Privacy Laws which delivers six major changes which are:
1. Reporting obligation for new privacy breach;
2. Criminal offence to access someone’s private information without entitlement (fines up to $10,000);
3. Compliance notice to businesses or organizations to comply with Privacy Act 2020;
4. Providing access to individuals whoes information is held by bsuinesses or organizations;
5. Disclosing private information of individuals sent overseas;
6. Overseas businesses or organizations doing business in New Zealand also have to comply with Privacy Act 2020 even if no physical presence.
New Zealand\’s new personal privacy laws went into effect on 30 November 2020. These new laws affect any organization doing business in New Zealand, much as GPDR regulations affect business operations in the EU. From a personal privacy perspective, these laws are a win for the citizens in general and are part of a trend towards increased personal privacy in a significant part of the world. While US privacy laws lag at the Federal level, state laws are following the trend of improving the protections afforded their citizens. While this is great news for the people, it does add challenges to organizations that need to comply with these new regulations.
Fortunately, many of the tools we have in place to improve our information security stack, such as behavior analytics, can help organizations meet the new compliance challenges. As the trend continues, it will service businesses to get ahead of the curve and offer their customers better security and privacy. It will help improve customer confidence and can put them ahead in the face of tightening regulations.
I say “good job!” to New Zealand. I wish the fine was a little bit higher, but this will definitely help force companies to be more accountable when there are data breaches. The government tool they’ve released for companies to notify the public about any breaches, NotifyUs, looks fairly intuitive to use, so it seems like it should be pretty easy for anyone at an organization to know when and how to report a breach.
Absolutely love the campaign – Privacy is Precious. And that’s an important thing for people to understand. You have to protect people. This is people’s private information you’re dealing with. It’s people’s lives. You have so many companies out there that never report a breach. But the reality is that all organizations have a responsibility to protect their consumers, and this is a great step towards fulfilling that responsibility.