Tūhono│Connect

10am

What's happening with Privacy in New Zealand?

Michael Webster and Liz MacPherson will open Privacy Week with a discussion on what's new and notable in privacy, and what updates they can share on current projects and topics of interest.

This webinar will be prerecorded and made available on this page at 10am Monday 12 May.

Michael Webster, Privacy Commissioner

Liz MacPherson, Deputy Privacy Commissioner

12pm - 1pm

TBC

Details coming soon.

Tahu Kukutai

Jesse Porter, Senior Advisor Privacy at Oranga Tamariki

1.30pm - 2.30pm

Privacy in the Age of New Tech: The Australia-New Zealand Regulatory Landscape

BEGINNER

This webinar offers a unique cross-jurisdictional analysis of privacy challenges and regulatory responses in the rapidly evolving Australia-New Zealand tech ecosystem. Drawing on our experience as former senior New Zealand government officials working on a specialised New Tech regulatory compliance consultancy in Melbourne, Australia, we provide an insider's perspective on both regulatory frameworks.

The session will explore how emerging technologies—particularly generative AI and biometrics —are reshaping privacy concerns across the region, and how organisational compliance strategies must evolve in response. We'll examine key differences between Australia's Privacy Act amendments and New Zealand's privacy framework, highlighting practical implications for businesses operating across both jurisdictions.This cross-disciplinary perspective combines technical, legal, and financial considerations to provide organisations with a comprehensive understanding of privacy obligations in the Australia-Aotearoa context.

Register for this webinar.

Adrian J. Carter, Governance and Strategy Lead at Headliners

Monica Carter, Strategic Operations Specialist at Headliners

3pm - 4pm

Navigating the Health Information Privacy Code 2020 in the Context of Research Ethics Applications

BEGINNER, INTERMEDIATE

This webinar explores and demystifies the role of research ethics committees under the Health Information Privacy Code 2020.The interaction between research ethics committees and obligations under the Health Information Privacy Code 2020 will be explained to help researchers navigate their dual responsibilities that span ethical and legal obligations.This webinar will highlight, through the use of some real world examples, the red flags and pitfalls applicants make in their research ethics submissions to support and uplift in understanding of the ethics committee process.

Register for this webinar.

Dana Wensley, Head of Research Ethics, University of Auckland

10am - 11am

AI and Privacy: The Foundation You Can't Ignore

BEGINNER

Ever feel like everyone's talking about AI while privacy takes a backseat?That's exactly where many organisations find themselves - racing to implement Copilot and GenAI without addressing the foundation that everything else builds upon.Drawing from our work with over 100 NZ organisations, I've discovered something fascinating: the biggest blocker to responsible AI isn't your technology stack - it's your information foundation.During this session, I'll share the three critical elements that make-or-break your AI privacy success:

1. Information Classification - Why sensitivity labels aren't just nice-to-have but essential for privacy-conscious AI

2. Data Quality & Protection - How to ensure your AI only accesses appropriate content

3. Governance Framework - Practical steps to implement privacy by design in your AI journey

Join me to discover how you can build privacy into your preparation for AI success.Because in the world of AI, good privacy practices aren't a must have.

Register for this webinar.

Sarah Heal, Chief Executive Officer, Information Leadership

12pm - 1pm

Proportionality in Biometrics & Beyond – Striking the Right Balance in Privacy Compliance

INTERMEDIATE

As organisations increasingly rely on data-driven decision-making, ensuring proportionality in data processing has never been more critical. From biometrics to behavioural tracking, privacy laws demand that data collection is necessary, justified, and fair. But how do you assess what is truly proportionate?In this webinar Paul Holmes from INFO by Design will explore the principles of proportionality in privacy compliance, with a core focus on the NZ Privacy Act 2020, the latest draft Biometrics Code, and global standards like GDPR. You’ll gain practical guidance on:- Assessing proportionality in data collection, processing, and retention

- The balance of power between organisations and individuals

- Key legal and ethical considerations under NZ and international privacy laws

- How proportionality applies to biometric data and high-risk processing

- Best practices for documenting proportionality assessments in PIAs

Register for this webinar.

Paul Holmes, Managing Director, INFO by Design

1.30pm - 2.30pm

Back to the Future: What have we learned from two years of popular AI tools?

BEGINNER, INTERMEDIATE, ADVANCED

AI is the big story in technology and privacy. Since ChatGPT launched in 2022 there have been lots of conversations about the future of this technology, but in this session we will take the chance to look back, asking what we have learned from two and a half years of public facing generative AI tools about their impacts on privacy?

Register for this webinar.

James Ting-Edwards, Senior Policy Advisor at the Office of the Privacy Commissioner

Andrew Chen, Chief Advisor: Technology Assurance at New Zealand Police

3pm - 4pm

Privacy considerations when using the information sharing provisions of section 66C of the Oranga Tamariki Act

BEGINNER, INTERMEDIATE, ADVANCED

There's a common misconception that the Privacy Act "doesn't apply" when disclosing personal information under section 66C of the Oranga Tamariki Act. A senior privacy advisor from Oranga Tamariki will discuss how and why Privacy Act requirements must still be considered when using section 66C to share information and share some of the privacy guidance that his team provides to front-line social workers and other colleagues relying on section 66C.

Register for this webinar.

Jesse Porter, Senior Privacy Advisor at Oranga Tamariki

3pm - 4pm

Registration begins at 2.30pm

IAPP Privacy Week 2025: Privacy Commissioner Keynote and Panel Discussion

In-person event, Auckland.

Join the Auckland Chapter of International Association of Privacy Professionals (IAPP) to hear Privacy Commissioner Michael Webster give his Privacy Week keynote. A panel discussion on the practicalities of AI due diligence will follow.

Read more information and register on the IAPP website.

Keynote: Michael Webster, Privacy Commissioner

Liz MacPherson, Deputy Privacy Commissioner

Michelle Dunlop, Simpson Grierson

Vivien Hii, Air New Zealand

Frith Tweedie, Simply Privacy

4.30pm - 5.30pm

IPP3A – discussing the indirect notification requirement coming soon to the Privacy Act

INTERMEDIATE

Join Steph Gregor, Manager of the Capability and Guidance team at OPC as she discusses the new indirect notification requirement that will be part of the Privacy Act from May 2026. Steph will explain the new requirements to help agencies start to think about how they might need to change their processes ahead of the law change. Her team is putting together guidance on the application of this new legal requirement, and she’ll talk about the process of putting this guidance together and OPC’s approach to writing guidance more generally.

Register for this webinar.

Steph Gregor, Capability & Guidance Manager at the Office of the Privacy Commissioner

10am - 11am

Privacy and the Media

BEGINNER, INTERMEDIATE

How does your right to privacy intersect with the right of media to gather, record and broadcast/publish material in the public interest? An overview by Stacey Wood, Chief Executive of the Broadcasting Standards Authority.

Register for this webinar.

Stacey Wood, Chief Executive, Broadcasting Standards Authority

12pm - 1pm

Deceived by Design Part II: The Impact of Dark Patterns on Consent and Privacy

BEGINNER

Have you ever been tricked into signing up for a newsletter because the “No, thanks” button was hard to find? Do you ever struggle to cancel a subscription because the option was buried deep within the website? Are you bamboozled by opt in/out questions? These deceptive tricks are known as “dark patterns”: interface design techniques that aim to trick or mislead Internet users.

During Privacy Week 2023, Alex showed that dark patterns are widespread across the New Zealand Internet. In this part II webinar, he reveals how effective dark patterns are in manipulating your consent and privacy. To do so, Alex will showcase an online experiment he devised that mirrors the online shopping experience and tests whether dark patterns work on unknowing Internet users. His research shows how dark patterns are highly effective at encouraging users to consent to commercial surveillance activities and continuous business communications. And he’ll finish the talk with a discussion about how to regulate dark patterns.

Register for this webinar.

Alex Beattie, Lecturer in Media & Communications

1.30pm - 2.30pm

Trust Over Tactics: Embedding Privacy into Everyday Property Management

BEGINNER, INTERMEDIATE

Privacy in the rental sector is more than a compliance obligation—it’s a business advantage. This session explores how landlords and property managers can embed privacy best practices into their everyday operations, fostering trust with tenants while protecting their businesses from legal and reputational risks.

Through real-world examples and actionable insights, attendees will learn:

- How to apply privacy principles to tenancy applications, tenant - communications, and record-keeping.

- Practical strategies for minimising data collection without compromising due diligence.

- Digital security best practices to safeguard tenant information.

- How to shift industry norms by making privacy a core part of professional property management.

This session is ideal for landlords, property managers, and industry professionals looking to modernise their approach to privacy, ensuring compliance while strengthening their reputation and relationships with tenants.

Register for this webinar.

Sarina Gibbon, Tenancy Specialist

3pm - 4pm

Owning Me, Owning You - how private companies acquire rights in our most intimate data

BEGINNER, INTERMEDIATE

This webinar will explore some of the problems raised by three industry case studies; commercial DNA tests, wearable tech, and online data. We will be using examples of licence clauses used by these companies that may significantly impact an individual's privacy.

Register for this webinar.

Dr Andelka Phillips, Technology Law specialist, academic researcher

10am - 11am

Private by design - how to bake privacy and security into thinking about, building and creating software.

BEGINNER

The barriers to creating software are lower than ever before, however there are security practices that are often overlooked, or applied after after software has been completed. This talk will take you on a technical dive into some of the fundamentals in designing robust, private and secure computer systems and software applications

We'll cover off some real world examples of where design failures have resulted in less than ideal end states within software, and allowed for potential breaches. We'll also cover the concept of threat modelling, and how this can be baked into the SDLC (Software Development Life Cycle).

Register for this webinar.

Jim Rush, Senior Security Consultant

12pm - 1pm

Enhancing your online privacy - tips to stay safer online

BEGINNER

This presentation will discuss ways you can protect your personal information online and what to do when things go wrong.

Register for this webinar.

Michael des Tombe Chief Legal Adviser at Netsafe

1.30pm - 2.30pm

Privacy on Purpose in AI Governance: Balancing Innovation and Protection

INTERMEDIATE

As organisations adopt AI-driven solutions, privacy and governance must be more than an afterthought—they need to be embedded from the start. This webinar explores how to establish AI governance systems that proactively safeguard privacy while fostering innovation. Join Dr. Marcin Betkier, an expert in AI governance and data privacy, as he shares practical strategies for integrating privacy into AI systems.

Register for this webinar.

Dr Marcin Betkier, AI governance and privacy expert

3pm - 4pm

The Government is Local – The Privacy is global

BEGINNER, INTERMEDIATE

Join Capability & Guidance Manager Steph Gregor and Compliance Officer Alex Robertson from OPC as they discuss privacy as it relates to local government.

- Overview of Privacy Law
- Local Govt privacy breaches (and things to avoid!)
- Interplay between the Privacy Act and other legislation e.g. LGOIMA
- Tips for protecting the privacy of individuals
- Common issues faced by elected members
- How Council officers can do privacy well

This webinar is intended for staff members at district councils, regional councils and unitary authorities, but elected members may also find it useful.

Register for this webinar.

Alex Robertson, Compliance Officer at the Office of the Privacy Commissioner

Steph Gregor, Capability & Guidance Manager at the Office of the Privacy Commissioner

3.30pm - 4.30pm

From Playtime to Profiling: How Biometric Tech is Shaping Children’s Digital Lives

BEGINNER

Biometric technology is becoming an increasing part of children’s everyday digital lives—through toys, games, learning apps, and social media. From facial recognition to voice analysis and emotion tracking, these tools promise convenience, personalization and safety, but also raise privacy and ethical concerns.

In this webinar, we will explore how biometric AI is being used in children's digital experiences—and what it means for their privacy. We will unpack the benefits as well as key issues like meaningful consent, data misuse, and bias, and offer practical steps for parents, educators, and policymakers to help protect children’s rights in this rapidly evolving technology landscape.

Register for this webinar.

Annette Mills, Professor of Information Systems, member of the Children’s Working Group of the Privacy Foundation NZ

Rebecca Hawkins, member of the Children’s Working Group of the Privacy Foundation NZ

9am - 10am

Hear from John Edwards, UK Information Commissioner

Join former Privacy Commissioner John Edwards, live from the UK, as he talks about his experience as their Information Commissioner. He’ll share his observations on, and comparisons between, UK and New Zealand privacy approaches – including those created by the different legislative frameworks. He’ll also answer any questions people have or you can send those in ahead of time to privacyweek@privacy.org.nz

Register for this webinar.

John Edwards, UK Information Commissioner

12pm - 1pm

Privacy Officers Role: Getting Ahead of Risks Before They Become Breaches

BEGINNER, INTERMEDIATE

Join Marcin and Laura for a practical session focused on strengthening your organisation’s approach to privacy, rooted in a thorough understanding of risks and applying targeted mitigation strategies. We’ll explore what purposeful privacy management looks like – from data-mapping and understanding the personal information you hold and use, to identifying risks, and responding effectively when things go wrong.

Register for this webinar.

Dr Marcin Betkier, AI governance and privacy expert

Laura Rodriguez, Senior Compliance Officer at the Office of the Privacy Commissioner

1.30pm - 2.30pm

Where is the line of creepy?

BEGINNER

Your data is collected in many places and by many different agencies. What are you happy with them doing with your data? your children’s data? your community’s data? When is it that things can start to feel a bit creepy?

The Privacy Act describes what we can do, legally, with personal information. But just because we can do something – should we do it?

With the lived wisdom of people from different communities, we will explore the human side of personal data collection and use. How do our worldviews shape how we see our data? What harm can occur from legal data use with good intentions? Where do our individual lines of creepy lie? And what can we do when faced with the question: “should we”?

Register for this webinar.

The Centre for Data Ethics and Innovation - with Friends

3pm - 4pm

Answering your questions about Māori data sovereignty

Join Chris Cormack and Ernestynne Walsh as they address a number of questions they received from their webinar in Privacy Week 2024 “Myth: Māori data sovereignty is too hard.”

Register for this webinar.

Ernestynne Walsh, Māori data service lead at Nicholson Consulting

Chris Cormack, Kaihuawaere Matihiko at Catalyst IT