• About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
  • About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
NZBusiness Magazine

Type and hit Enter to search

Linkedin Facebook Instagram Youtube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
NZBusiness Magazine
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
Management

Practical tips to proactively manage privacy risk

With the new Privacy Bill due to impact business later this year, Hamish Kynaston explains what businesses can do to proactively protect themselves. In preparation for the new Privacy Bill, […]

Glenn Baker
Glenn Baker
April 18, 2018 3 Mins Read
363

With the new Privacy Bill due to impact business later this year, Hamish Kynaston explains what businesses can do to proactively protect themselves.

In preparation for the new Privacy Bill, which is set to replace the 25-year-old Privacy Act later this year, and as a matter of good practice, it is essential for agencies to proactively manage privacy risks. Given the speed at which information is being created, reproduced, disseminated and stored, the new Bill is long overdue. 

We are now living in the age of ‘Big Data,’ which brings both great benefits and significant risks. The Law Commission recommended the Bill be renewed in a 2011 review, and we are falling behind other countries, and privacy law reform has become urgent. 

So what can businesses do to proactively protect themselves? 

KNOW THE RISKS

• Know your data – Find out what information is held, why and whether it is needed. What are the potential consequences of disclosure?

• Be aware of all risks, not just the obvious ones. Security incidents can come from within – for example, opportunistic or careless employees, service providers or any third parties who have access to your systems.

• Consider the entire data lifecycle. Be aware of the risks during all stages of the data’s life cycle, from collection, use, sharing and storage, to destruction.

• Consider any appropriate measures to minimise risk. These should include a blend of technical, organisational, and physical measures.

DEVELOP A PRIVACY MANAGEMENT PROGRAMME OR PLAN

Businesses need to be proactive in this area, rather than waiting for a data or privacy breach to occur.  While not currently mandatory in New Zealand, designing privacy and data security into a business’ systems will naturally better equip it to deal with these risks. Further, implementing a privacy management programme or plan will assist in identifying and responding to issues as they arise.  

A privacy management programme or plan should be tailored to the structure, volume and sensitivity of your operations, and the considerations above will inform its development. Careful planning is necessary to ensure processes are put in place to prevent data breaches and respond appropriately should they occur. When a breach occurs, it is hugely beneficial to have a clear and common understanding internally as to what steps to take.  

KNOW WHAT TO DO WHEN A DATA BREACH OCCURS

The following is abridged from the Privacy Commissioner’s current ‘Data Toolkit’, which sets out the recommended process to be followed in the event of a data breach:  

Take immediate steps to limit the breach – can the information be retrieved, or other steps be taken to prevent any further disclosure or harm?  

Notify the affected individuals directly, whether it be by phone, letter or email. An indirect notification is less sincere and should be used as a last resort. A genuine and prompt apology, where appropriate, is also preferable. 

A notification should come from the agency with a direct relationship with the affected individual – for example, if a credit card information breach comes from a retailer, the credit card issuer would be the best agency to inform the affected individual.

Be aware of what breach notifications should contain – given that time is often of the essence where a breach has occurred, it is important to plan ahead so that the notification is comprehensive and can be made quickly. Generally, notifications should include:

–    A description of the incident, including when it occurred and the type of information disclosed.

–    The agency’s response to the breach, what it is doing to control or reduce harm, any assistance offered, and personal steps to take for protection.

–    Contact details of the Office of the Privacy Commissioner.

–    How to lodge a complaint to the Commissioner.

Notify the Office of the Privacy Commissioner – the OPC can provide helpful advice on what to do, and is able to assist in the management of a complaint if it has been advised in advance by the agency responsible for the breach. Notifying affected individuals and the Privacy Commissioner about any breach is currently recommended, but these steps are likely to become mandatory when the Bill becomes law (with only a few exceptions).   

Prevent a repeat – After a breach occurs, agencies should take time to fully investigate the cause of the breach, review policies and practices and make any changes necessary to prevent future breaches

Hamish Kynaston (pictured) is a partner at Buddle Findlay. 

 

Share Article

Glenn Baker
Follow Me Written By

Glenn Baker

Glenn is a professional writer/editor with 50-plus years’ experience across radio, television and magazine publishing.

Other Articles

Springload Touchtech Merger team photo
Previous

Wellington digital agencies merge

Polycom18 realpresence-trio-02
Next

Why managing a multi-gen team’s not rocket science

Next
Polycom18 realpresence-trio-02
April 18, 2018

Why managing a multi-gen team’s not rocket science

Previous
April 18, 2018

Wellington digital agencies merge

Springload Touchtech Merger team photo

Subscribe to our newsletter

NZBusiness Digital Issue – March 2025

READ MORE

The Latest

A business journey from surgeon to CEO

May 9, 2025

Entries open for 2025 Sustainable Business Awards

May 8, 2025

The new concrete flooring system that won’t end up in landfill

May 8, 2025

The business of saving lives

May 7, 2025

Breaking the mould

May 6, 2025

A business built to last

May 6, 2025

Most Popular

NZBusiness Digital Issue – June 2024
Understanding AI
Navigating economic headwinds: Insights for SME owners
Nourishing success: Sam Bridgewater on his entrepreneurship journey with The Pure Food Co
Navigating challenges: Small business resilience amidst sales decline

Related Posts

Main photo by BoliviaInteligente on Unsplash

B2B sector urged to adapt or die in 2024

January 8, 2024
Holidays no time for despair for SMEs

Holidays no time for despair for SMEs

December 22, 2023

Time to adopt steward ownership?

December 6, 2023
Katie Simmonds

Developing a taste for M&A

November 15, 2023
NZBusiness Magazine

New Zealand’s leading source for business news, training guides and opinion from small businesses to multi-national corporations.

© Pure 360 Limited.
All Rights Reserved.

Quick Links

  • Advertise with us
  • Magazine issues
  • About us
  • Contact us
  • Privacy policy
  • Sitemap

Categories

  • News
  • Entrepreneurship
  • Growth
  • Finance
  • Education & Development
  • Marketing
  • Technology
  • Sustainability

Follow Us

LinkedIn
Facebook
Instagram
YouTube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability