The government unanimously passed the Privacy Act 2020 which will become law on the 1st of December. You may already know about the upcoming changes, often called Privacy 2.0. This article talks about how we’ve been approaching these important legislative changes at Springload.

Privacy legislation states organisations must have someone who fulfils the role of privacy officer.  We’re meeting our legal obligation to have a privacy officer by having two of us in the role — Clare Everett from the operations team and myself, John Anderson, from the technology team. This way we combine both an external and internal organisation focus, which covers both our staff and clients.

Clare and I help staff and clients find the answers they need about the personally identifiable information (PII) Springload works with. Both of us have completed training available through the Privacy Commission website, and have gone on to review how Springload handles data and who can access it. Our work includes:

• revamping our onboarding process for new staff members by grouping together all the requests for personal data — this includes information such as home addresses, emergency contacts, and immigration status. Grouping requests for personal information together means we can clearly explain to new staff why we’re asking for each bit of information and clarify who will have access to their data.
  
• reviewing who has access to the places we keep our employee data and double-checking that only the correct people have access to our HR files. 
  
• deleting historical contact information and client files that we no longer need. Less data, less risk.
  

A lot has changed on the internet since 1993. The web was in its infancy and the legislation did not really cover the full extent of what New Zealanders private information would be available through public endpoints and stored all over the world.

The updated changes that begin on the 1st of December largely strengthen the power of the Privacy Commissioner to enforce the law and cross-border protections for New Zealanders when their personal data is stored overseas. 

We encourage you to ensure you have a nominated privacy officer or officers and look at the upcoming Privacy 2.0 changes and what they mean for you and your organisation. The key change is that it will be mandatory to report privacy breaches to the people affected and the Commissioner if you have a “privacy breach that causes serious harm or is likely to do so”.

The Privacy Commissioner website contains a wealth of information and their office is responsive to requests for information. On their site you can find free and useful content about:

• the roles and requirements of privacy officers
• free online privacy training
  
• Privacy Week 2020, which is happening from November 2nd - 6th. 

If you have further questions questions about how we handle data at Springload, please feel free to get in touch.