• About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
  • About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
NZBusiness Magazine

Type and hit Enter to search

Linkedin Facebook Instagram Youtube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
NZBusiness Magazine
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
Technology

SMBs and the new Privacy Act: will it affect you?

The year 2020 just keeps on giving. Now business owners must come to terms with the new Privacy Act. Ashwin Pal explains just what that means. The Privacy Act 2020 […]

Glenn Baker
Glenn Baker
December 3, 2020 4 Mins Read
375

The year 2020 just keeps on giving. Now business owners must come to terms with the new Privacy Act. Ashwin Pal explains just what that means.

The Privacy Act 2020 isn’t a bad thing. For the majority of the New Zealand’s population – those who do not engage in cybercrime as a vocation – this is good. It means people who are affected by a privacy breach have to be informed quickly of the said breach, to help minimise the impact of the breach. This is a critical component of building and keeping customer trust. Us Kiwis are well aware of how a privacy breach might impact us – even in 2020, dominated by COVID-19, New Zealanders’ concern about bankcard fraud and identity theft is only slightly lower than their concern about natural disasters such as pandemics1.

The new Privacy Act came into effect on 1 December and is an updated version of the 1993 Privacy Act, with new rules around mandatory disclosure of data breaches by businesses and other organisations. It brings New Zealand in line with laws in many other jurisdictions – such as Australia.

The new Act requires organisations to notify the Privacy Commissioner and any affected individuals as soon as possible after becoming aware of a privacy breach or loss of personal information. The Act also includes a new information privacy principle that focuses on the disclosure of personal information outside New Zealand. The aim is to ensure personal information sent offshore remains subject to comparable privacy safeguards as those that apply in New Zealand.

It also increases the Privacy Commissioner’s powers to publish compliance notices and fines for privacy breaches.

There have been several high profile incidents involving data breaches, misuse of personal information and malicious cyber-related attacks in New Zealand over the past year. In fact, reported cybersecurity incidents reached a record high, according to Cert NZ’s Q3 2020 report.

From 1 July to 30 September 2020, Cert NZ received more than 2600 incident reports from individuals and businesses – the highest number to date and a 33 percent increase on the second quarter. The reported financial loss was approximately NZ$6.4 million. This shows that the threat of cybercrime is very real, and that ultimately, the goal of the updated Privacy Act is to limit the number of data breaches in New Zealand and reduce the financial loss caused by cybercrime.

For a small business, staying on top of cybersecurity and privacy requirements is often a challenge as they’re unlikely to have a dedicated Chief Information Security Officer (CISO). In addition, many smaller businesses form part of the supply chain for large organisations, including government agencies, so breaches can have far reaching impact.

A 2019 Unisys cybersecurity survey found that nearly half (47 percent) of the respondents believed their company didn’t make it clear to customers when they were collecting personal data, and those working for small businesses were least likely to believe their approach was based on recognised industry frameworks.

 

Top tips for compliance

In summary, the new Privacy Act means preparation, internal training and ensuring supplier compliance is essential for all New Zealand companies – regardless of size. My top tips to effectively adapt to the new Privacy Act are:

  • Treat data privacy as a business issue – New Zealanders’ high level of concern about data security puts organisations on notice that they risk not just losing data, but also losing business.
  • Act with speed – be able to identify and isolate breaches quickly to minimise the impact and to speed recovery.
  • Prepare, prepare, prepare – know what the changes are and work towards compliance. First place to start is to update your Privacy Policy and related internal policies and procedures.
  • Know your data – find out what Personally Identifiable Information (PII) data you are storing, and where and how is it secured. If it’s not needed, delete it. Don’t keep data “just in case” unless you have a legitimate purpose. You shouldn’t be holding it.
  • Understand your third-party suppliers – it is important to know how your third party suppliers are handling PII data as the responsibility for the security of these remains with you.
  • Review the personal information your business holds and your information management practices. For example, could you provide someone with their personal information in a timely manner if requested?
  • Develop a privacy breach response plan – who needs to be aware and involved?

To effectively comply with the new privacy requirements, even small businesses will most likely need to change how they record and store customer and client data to ensure it’s protected from cybercriminals. For SMBs, one of my key pieces of advice is to move your business to the cloud if you haven’t already done so, as this allows you to leverage the security provided by the cloud vendor. However, you still have to define the security you need and ensure this is provided by the cloud vendor you select. You can outsource responsibility, but not accountability.

Aside from privacy concerns, the cloud can help provide improved access and flexibility, and be an important component in cybersecurity for SMBs. In fact, I’m not alone in favouring the cloud for data storage, as Unisys recently conducted a Cloud Barometer Survey where it polled 88 New Zealand IT and business leaders. More than half said they thought the company’s data was more secure in the cloud than in-house, and cited security as the top reason for moving their apps, data and processes to the cloud.

Lastly, the 2020 Privacy Act will affect you as a business – regardless of size – and the only thing better than a cure, is prevention.

 

Ashwin Pal (pictured below) is director of cybersecurity at Unisys.

1 – Unisys Security Index 2020: New Zealand – www.unisyssecurityindex.co.nz

Share Article

Glenn Baker
Follow Me Written By

Glenn Baker

Glenn is a professional writer/editor with 50-plus years’ experience across radio, television and magazine publishing.

Other Articles

Richard Conway (2)
Previous

How to boost your online presence

Deb Workman 4
Next

How to ditch your ‘To Do’ list

Next
Deb Workman 4
December 7, 2020

How to ditch your ‘To Do’ list

Previous
December 2, 2020

How to boost your online presence

Richard Conway (2)

Subscribe to our newsletter

NZBusiness Digital Issue – March 2025

READ MORE

The Latest

From redundancy to resilience

May 16, 2025

Episode 16: Bryce Marsden on sustainable impact through education, youth and environment

May 15, 2025

The high cost of leadership neglect

May 14, 2025

Why making Auckland a Tech Hub makes sense

May 14, 2025

Is AI making us happier? Why some Kiwi leaders would trade coffee for Generative AI

May 13, 2025

Step back to move forward – how Kiwi business owners can unlock growth

May 12, 2025

Most Popular

NZBusiness Digital Issue – June 2024
Understanding AI
Navigating economic headwinds: Insights for SME owners
How much AI data is generated every 60 seconds? New report reveals global AI use
Nourishing success: Sam Bridgewater on his entrepreneurship journey with The Pure Food Co

Related Posts

Why making Auckland a Tech Hub makes sense

May 14, 2025

Is AI making us happier? Why some Kiwi leaders would trade coffee for Generative AI

May 13, 2025

Samsung CSP: Leading the way in tech repairs across New Zealand

May 12, 2025

Cyber security in 2025: A guide on how to protect your business

April 22, 2025
NZBusiness Magazine

New Zealand’s leading source for business news, training guides and opinion from small businesses to multi-national corporations.

© Pure 360 Limited.
All Rights Reserved.

Quick Links

  • Advertise with us
  • Magazine issues
  • About us
  • Contact us
  • Privacy policy
  • Sitemap

Categories

  • News
  • Entrepreneurship
  • Growth
  • Finance
  • Education & Development
  • Marketing
  • Technology
  • Sustainability

Follow Us

LinkedIn
Facebook
Instagram
YouTube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability