Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Privacy 2.0: Tracking progress Annabel Fordham
4 December 2019 at 16:28

Privacy 2.0 blog logo

This is the second update in our Privacy 2.0 series.

Timing

The end of 2019 is rolling in, and the Privacy Bill is in the House awaiting the Committee of the Whole House stage, and then its 3rd reading.

A few commentators have referred to March 2020 as a commencement date, but we are expecting that date will shift by a few months.

The Government has signalled a six-month implementation period so, whenever it does pass, you can count on a solid six-months to adjust any administrative systems, or re-think business processes.

As it’s already December, with few Parliamentary sitting days left, the earliest possible commencement would be July 2020.

AskUs: Is the Privacy Act changing?

One key change

One of the key changes in the new law is the requirement to report privacy breaches to the Privacy Commissioner if they have caused, or may cause, serious harm.

AskUs: Do we have to report data breaches?

AskUs: What is privacy breach reporting?

For more information on the changes in the Privacy Act see this:

What are the key changes in the Privacy Act?

Can the Privacy Commissioner fine or prosecute an organisation or individual?

Further updates will follow on the other major changes.

What we are building

We want to make the breach reporting process as easy to navigate as we can. We’re developing the specifications for an online reporting tool. It’ll be available on our website, and will help businesses, organisations and individuals to report matters to us when a breach occurs.

The online tool will step you through a series of questions and will help you decide whether the harm from the breach is serious enough to warrant reporting. We realise it can be a tricky assessment to make – especially in the midst of trying to deal with the fallout of a privacy breach.

Let us know if there is specific guidance you need, or any feedback you want to give – contact: media@privacy.org.nz.

Reviewing what we do

Within the Office, we’ve been reviewing how we work and what we can do to become a more effective modern regulator within our current funding levels. The law change is a catalyst to refresh our approaches and re-set on privacy.

See John Edwards’ blog on comparative funding levels.

Post script: Our Annual Report 2018/19 is just out, and notes some of the highlights from the current regime: read the annual report here.

See earlier Privacy 2.0 update advisories: Privacy 2.0 - the beginning.

Back