New Zealand’s Parliament has passed a Privacy Bill to replace the Privacy Act of 1993.
Among new features in the act which enters into force on 1 December, are:
- any organisation carrying out business in New Zealand, and handling New Zealanders’ personal information, is obliged to comply with the country’s law regardless of where they or their servers are based;
- before disclosing New Zealanders’ personal information overseas, the country’s organisations have to ensure overseas entities have similar levels of privacy protection to those in New Zealand;
- mandatory notification of a privacy breach which poses a risk of serious harm;
- introduction of compliance orders, with a fine of up to NZ$10,000 for failure to follow one; and
- it becomes an offence to mislead an organisation or business in a way which affects someone’s personal information, or to destroy personal information if a request has been made for it. The maximum fine is NZ$10,000.
Privacy Commissioner John Edwards said: “The new Privacy Act provides a modernised framework to better protect New Zealanders’ privacy rights in today’s environment … It is an endorsement of the significance of privacy as a universal human right that the Bill was passed with the multi-party support.”
On the mandatory notification regulation, he said the change brings New Zealand in line with international best practice.
The largest data protection, privacy and security event of 2020, now available on-demand!
Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.
You can access the content from all four days, by registering for access to our PrivSec Global platform below.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.