Data Privacy: New Zealand’s Data Breach Laws Have International Implications
December 10, 2020DownloadsDownload Article
From 1 December 2020, New Zealand’s mandatory data breach notification laws take effect. If your organisation carries on business or is based in New Zealand, and you experience a data breach, you may be required to notify the regulator and affected individuals. If you don’t comply, you may face fines or other regulator action.
This is a brief snapshot of how you determine if you need to notify.
What is a ‘privacy breach’?
A privacy breach (commonly called a ‘data breach’) is the unauthorised or accidental access to, or disclosure, alteration, loss or destruction of personal information held by an ‘agency’ - any organisation or business, whether in the public sector or private sector. This includes government departments, companies and businesses, social clubs and other types of organisations.
A privacy breach also occurs when any action prevents a person from accessing their personal information that is held by an agency – for example, ransomware or denial of service attacks - s112 Privacy Act 2020.
What is ‘personal information’?
Personal information is “information about an identifiable individual” – s7 Privacy Act 2020.
The information does not need to name someone specifically to be personal, if they are identifiable in other ways, for example, through their home address.
Most Popular Insights
- 10 Global Cybersecurity Predictions for 2024
- Global CFO Survey 2024
- Bridging the Gap Between Artificial Intelligence Implementation, Governance, and Democracy: An Operational and Regulatory Perspective
- The Power of Positive Paranoia: A Key Trait for Every CEO and General Counsel in 2024
- A Targeted Approach is Key to Implementing AI