Another area of law which is undergoing rapid change thanks to technology is privacy. The new Privacy Act 2020 is now in place, and aims to create greater privacy protections for individuals, and place new obligations on businesses and organisations.
The Office of the Privacy Commissioner explores the changes in detail, but in summary:
- Notifiable privacy breaches: Businesses or organisations will be required to notify the Office of the Privacy Commissioner as soon as possible if they experience a privacy breach that causes serious harm to someone, or is likely to do so.
- Compliance notices: The Privacy Commissioner can require a business or organisation to do something or stop doing something if it is not meeting its Privacy Act obligations.
- Binding decisions on access requests: The Privacy Commissioner can make binding decisions on complaints relating to access to information.
- Disclosing information overseas: New Zealand businesses or organisations may only disclose personal information to an overseas agency if it has a similar level of protection to New Zealand, or the person to whom the information pertains allows it.
- Extraterritorial effect: The Privacy Act applies to overseas businesses or organisations dealing with New Zealanders, even if those businesses or organisations do not have physical presences in New Zealand.
- New criminal offences: It's now a criminal offence to mislead a business or organisation by impersonating someone, or pretending to act with another person's authority, to gain access to their personal information. It's also an offence to destroy a document containing personal information, knowing that someone has requested access to that information.