Privacy+Law+in+New+Zealand+-+How+complaint+is+your+business+with+Privacy+Laws?



**﻿ ** by Kim Pereira
 * How compliant is your business with Privacy Laws? **


 * Privacy Law **

[|Privacy law] is the area of law which is concerned with the protection and preservation of the [|privacy] rights of individuals. The collection of vast amounts of personal information about individuals is increasing, as governments and other public as well as private organizations try to obtain this for a variety of purposes. The law of privacy regulates the type of information which may be collected and how this information may be used and stored.

 The [|Privacy Act] was passed in April 1993 in New Zealand and it applies to almost every person, business or organisation in New Zealand. The introduction of the Act into the New Zealand common law of a tort had the main aim of promotion and protection of individual privacy. Its primarily concerned with good personal information handling practices. The Act contains twelve information privacy principles dealing with collecting, holding, use and disclosure of personal information and assigning unique identifiers. These principles also give individuals the right to access personal information and to request correction of it.
 * The Privacy Act 1993 **


 * The 12 Information Privacy Principles **

These twelve information privacy principles as set out in the Privacy Act are summarised below. They are guidelines as to how confidential information should be dealt with. [|Principle 1], [|Principle 2], [|Principle 3] and [|Principle 4] govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected. [|Principle 5] governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure. [|Principle 6] gives individuals the right to access information about themselves. [|Principle 7] gives individuals the right to correct information about themselves. [|Principle 8] and [|**Principle 9**], [|Principle 10] and [|Principle 11] place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed. [|Principle 12] governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used. <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">For a detailed view of [|Section 6], Information privacy principles, see attached link: [|Legislation] <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">"Agencies" that have to comply with the Privacy Act come in all shapes and sizes – clubs, businesses and government departments alike. Even an individual can be an "agency". Almost everyone is covered if they hold personal information (privacy.org.nz). Therefore as businesses you are obligated to respect the rules of privacy, keep and treat personal information about others as confidential. After all, the Privacy Act’s twelve information privacy principles model the way in which good businesses handle personal information. Human rights are the most basic right of every person and the need for privacy protection should be taken just as seriously. But there are those who may believe that privacy law gets in the way of business and government efficiency. There is a tendency to dismiss privacy. However privacy and the Privacy Act can benefit efficiency, particularly by protecting the reputation of your organisation, and building productive relationships with clients and staff alike. People care about privacy – and they are wary about organisations misusing their personal information. To get the full benefits of new technologies and modern information opportunities, consumers need to trust that their privacy will be protected. Therefore building in privacy to business processes makes sense. Australian Privacy Commissioner, Karen Curtis, said at the 2006 Privacy Issues Forum: “good privacy is good business”.

<span style="background-color: transparent; color: #669900; font-family: Verdana; font-size: 7pt; font-style: normal; font-weight: normal; vertical-align: baseline;">[|Good privacy is good business (Karen Curtis)__] <span style="background-color: transparent; color: #333333; font-family: Verdana; font-size: 7pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;"> DOC, 501 KB <span style="background-color: transparent; color: #0000ff; font-family: Times New Roman; font-size: 11pt; font-style: normal; font-weight: normal; vertical-align: baseline;">[]

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">


 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 140%;">Do you know your obligations? **

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Agencies – that is, almost everyone holding personal information about others – have to comply with the Privacy Act. The information privacy principles model the way in which good businesses handle personal information.

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">If you are collecting or using information about people, you need to think about how you're handling that information. An easy way to help you get privacy right in your business:




 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Purpose: your business must be clear on what it is trying to achieve and why it requires personal information.
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Responsibility: is the information you are holding accurate, Will individuals be able to access and correct it, how will you keep this information securely and for how long?
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Managing risk: what are the risks around holding personal information and how can these be lessened?
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Fair collection: is the information required, how is this information being collected, can you collect it directly from the person, what do you tell them when obtaining this information?
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Justified use: how will this information be used, does anyone else require it, do you have a lawful reason to disclose it.
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Appropriate disposal: what do you do with the information you collected when you no longer need it.

<span style="background-color: transparent; color: #333333; font-family: Verdana; font-size: 9pt; font-style: normal; vertical-align: baseline;">__**Summary of Privacy Risks and Mitigations**__ know why we are collecting their personal information and what happens to it afterwards ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">We have an information use statement and privacy notice available on our website, and in print form at our office || (security) ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">A disk containing personal files may be lost ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">All disks are encrypted, and kept in a secure place. Disks cannot be taken off-site || browse through personal files for reasons not connected with their job ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Only authorised people have permissions to access personal files. Run an audit programme to identify who has accessed which files at what time and spot any irregular or unusual uses || information ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">We are getting new computers and getting rid of the old ones ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Once information is transferred to our new computers, the old computer drives will be professionally wiped || <span style="background-color: transparent; color: #0000ff; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; vertical-align: baseline;">[]
 * =  ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; text-decoration: none; vertical-align: baseline;">**Type of Risk**  ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; text-decoration: none; vertical-align: baseline;">**Risk**  ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; text-decoration: none; vertical-align: baseline;">**Mitigation(s)**  ||
 * = <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">1 ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Purpose  ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Individuals may not
 * = <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">2 ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Our responsibilities
 * = <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">3 ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Use of information  ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Employees may
 * = <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">4 ||= <span style="background-color: transparent; color: #666666; font-family: Verdana; font-size: 8pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Disposal of


 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 140%;">Your organisation and technology **

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">“The digital information generated about the average person on a daily basis now surpasses the amount of digital information individuals actively create about themselves. Agencies cannot avoid personal information; therefore they need to be able to design, recommend or install systems which manage personal information in a privacy protective way.” (Privacy Commission)

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Businesses are to ensure that their staff are aware of Privacy laws and how to conduct appropriate checks and not disclose personal information. A good way for a business to create awareness is to draft a policy on Privacy and Privacy Laws and circulate it to employees and discuss it with them.


 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 130%;">Privacy Commissioner **

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">The [|Privacy Commissioner] administers the Privacy Act 1993. The Office is an independent Crown Entity and was set up in 1993. The Privacy Commissioner's Office has a wide range of functions which include investigating complaints about breaches of privacy, running education programmes, and examining proposed legislation and how it may affect individual privacy. The Privacy Act gives the Privacy Commissioner the power to issue codes of practice that become part of the law.

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">For more information refer to the following sites: [|Privacy Law], [|New Zealand Legislation] and [|Privacy Commissioner]
 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 130%;">Require more information? **

__


 * <span style="font-family: Arial,Helvetica,sans-serif; font-size: 130%;">References: **

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Wikipedia.The Free Encyclopedia. 2010. Privacy Law. Retrieved October 11, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy Act and codes. Retrieved October 17, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy Act and codes. Retrieved October 11, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">New Zealand Legislation. Acts. 2010. Privacy Act 1993 No 28. Part 2 Information Privacy Principles. Section 6. Retrieved October 13, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy Act and Codes. A Thumbnail sketch of the privacy principles. Retrieved October 28, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). How To Comply. Retrieved October 28, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy Act and Codes. Codes of Practice. Retrieved October 28, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy Act and Codes. Codes of Practice. Retrieved October 28, 2010 from []

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy. Your obligations. Retrieved October 28, 2010 from <span style="background-color: transparent; color: #0000ff; font-family: Times New Roman; font-size: 11pt; font-style: normal; font-weight: normal; vertical-align: baseline;">[|__http://privacy.org.nz/your-obligations/__]

<span style="font-family: Arial,Helvetica,sans-serif; font-size: 120%;">Privacy Commissioner. Te Mana Matapono Matatapu. (n.d). Privacy. Getting started. Retrieved October 28, 2010 from []