New obligations under the Privacy Act 2020 bring some challenges but here at 5th Consulting we see these as an opportunity to build trust with the people who work with us. We attended the Privacy Forum 2021 and would like to share with you some key takeaways from Privacy Commissioner John Edwards’ presentation.
Here are some points that all organisations should be aware of:
- Complainants will initially be asked to refer to the privacy officer of the organisation in question – giving them the opportunity to resolve the matter in the first instance.
- The Commissioner is now able to issue compliance notices to compel organisations to do something and to act and direct organisations to release personal information.
- If your organisation has suffered a breach of privacy or a loss of personal information in a way that could cause serious harm, there is now a legal obligation to let the Commissioner know.
- One question that was asked through the forum was: “If you could have any power added to the Privacy Act would what it be?” The Commissioner said “it would be the power to go back in time and reinvent email….” 25% of breaches come from emails and it is the responsibility of all of us to learn from it and improve our email privacy practices.
- Registers (including contact tracing registers) must be set up in a way that protect a person’s details from being accessed and misused by others.
- According to the Commissioner, the rental sector needs some clear boundaries. New Privacy Act guidelines for landlords and tenants will be issued very soon. Watch this space!
- The Commissioner also expressed a commitment to consider different cultural perspectives on privacy such as those from Tāngata Māori. This comes as part of an initiative to make sure all communities are being served equally.
Having a privacy officer is now a requirement – here is a link to free online training on this as well as other privacy topics.