Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View
Contact Us See a demo

Understanding New Zealand’s Privacy Act 2020: Key Changes and Compliance Strategies

New Zealand’s New Privacy Act banner
Published July 8, 2020
Author

Muhammad Faisal Sattar

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/Asia

Listen to the content

The Privacy Act 2020 was passed by the New Zealand Government in June 2020. The new Act will introduce several key changes that will significantly improve privacy protections for individuals in New Zealand. Organisations will need to ensure compliance with the changes introduced by the Act before it comes into effect on 1 December 2020.

The new Act applies to all organisations that undertake business in New Zealand, no matter their size or geographic location. The Act also applies to all categories of personal information they hold, including customer, employee and supplier information. The key changes introduced in the new Act include:

Privacy Bill summary of key changes

people data grapher

These changes form part of a global regulatory movement to improve privacy protections and ensure individuals’ right to privacy is upheld. It is mirrored in shifting customer expectations and taking a minimum compliance approach is no longer good enough. Leading organisations now realise that good privacy management is a competitive advantage if done right and are investing in systems and processes that help to build trust and transparency with their customers, employees and partners.

Over the next five weeks we will be publishing a series of articles that discuss the practical implications of the changes that the new Privacy Act introduces and what steps organisations will need to take to ensure that they are compliant. We will also discuss the role that AI and automation can play in helping organisations to reduce their compliance overheads, both in NZ and internationally, while maximising the business value that can be derived from these changes.

The articles will cover:

  • More Protection for Information Moving Overseas
  • Accountability for Data Breaches by Third Parties
  • Strengthening People’s Rights to Access and Correct their Information
  • Click to Consent is not Enough
  • Mandatory Data Breach Notification

Also join us at 10:30am on 11 August 2020 for a webinar where we will host a panel of experts who will discuss the changes and the practical implications for organisations in more detail. Further information and registrations are available at <……..>

Frequently Asked Questions (FAQs)

The New Zealand Privacy act modernizes the country's privacy laws, introducing new provisions for mandatory breach reporting and enhancing individuals' rights regarding their personal information.

While both the GDPR and the New Zealand Privacy Act aim to protect individuals' privacy rights, they are separate legal frameworks. GDPR applies in the European Union, and the New Zealand Privacy Act applies to the processing of personal information of data subjects in New Zealand. They have differences in specific requirements and enforcement mechanisms.

Principle 7 of the New Zealand Privacy Act guarantees individuals the right to request corrections to any inaccurate information held about them by an organization or business. If the organization disputes the need for correction, individuals can request that an agency append a correction statement to their records. The agency must then take reasonable steps to fulfill this request.

Principle 5 of the New Zealand Privacy Act mandates that organizations implement reasonable safeguards to prevent the loss, misuse, or unauthorized disclosure of personal information. In the event of a significant privacy breach, the organization must promptly notify the Office of the Privacy Commissioner within 72 hours.

Breach of the Privacy Act in New Zealand can lead to investigations by the Privacy Commissioner. The Commissioner has the authority to make determinations, seek compliance, and, in some cases, seek remedies for affected individuals. Penalties may apply for serious breaches.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share
More Stories that May Interest You
New Zealand Privacy Act compliance checklist banner View More
December 3, 2020
Compliance Checklist for New Zealand’s new Privacy Act
On 1 December 2020, New Zealand’s new Privacy Act 2020 came into effect. Our experts at Securiti have compiled the following list of compliance...
data transfers under New Zealand Privacy Act banner View More
December 3, 2020
International data transfers under New Zealand’s new Privacy Act
From 1 December 2020, an organization that is subject to New Zealand’s new Privacy Act 2020 can transfer personal information outside New Zealand only...
Please enter a minimum of 3 characters to begin your search.
Videos
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
October 17, 2023
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
Shrink The Blast Radius: Automate Data Minimization with DSPM View More
August 27, 2025
Shrink The Blast Radius
Recently, DaVita disclosed a ransomware incident that ultimately impacted about 2.7 million people, and it’s already booked $13.5M in related costs this quarter. Healthcare...
Why I Joined Securiti View More
August 11, 2025
Why I Joined Securiti
I’m beyond excited to join Securiti.ai as a sales leader at this pivotal moment in their journey. The decision was clear, driven by three...
Data Leakage View More
September 16, 2025
What is Data Leakage? A Complete Guide
Learn what data leakage is, common causes, different types, and effective ways to prevent data leaks in your organization.
Data Masking View More
September 14, 2025
Data Masking: Protecting Sensitive Data from Unauthorized Access
Learn how data masking helps protect sensitive data from unauthorized access. Explore data masking types, benefits, challenges, best practices and more.
A Compliance Primer For The AI Act’s GPAI Code Of Practice View More
September 14, 2025
A Compliance Primer For The AI Act’s GPAI Code Of Practice
Securiti's latest whitepaper provides a detailed overview of the GPAI Code of Practice issued to help organizations meet their legal obligations per the AI...
View More
September 7, 2025
The Rise of AI in Financial Institutions: Realignment of Risk & Reward
Learn how AI is transforming financial institutions by reshaping risk management, regulatory compliance, and growth opportunities. Learn how organizations can realign risk and reward...
7 Data Minimization Best Practices View More
September 10, 2025
7 Data Minimization Best Practices: A DSPM Powered Guide
Discover 7 core data minimization best practices in this DSPM-powered infographic checklist. Learn how to cut storage waste, automate discovery, detection and remediation.
Navigating the Minnesota Consumer Data Privacy Act (MCDPA) View More
August 12, 2025
Navigating the Minnesota Consumer Data Privacy Act (MCDPA): Key Details
Download the infographic to learn about the Minnesota Consumer Data Privacy Act (MCDPA) applicability, obligations, key features, definitions, exemptions, and penalties.
The DSPM Architect’s Handbook View More
June 16, 2025
The DSPM Architect’s Handbook: Building an Enterprise-Ready Data+AI Security Program
Get certified in DSPM. Learn to architect a DSPM solution, operationalize data and AI security, apply enterprise best practices, and enable secure AI adoption...
Gencore AI and Amazon Bedrock View More
January 7, 2025
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
What's
New