Privacy Breach Reporting

Privacy Breach Reporting

The Importance of Protecting Your Business Against Privacy Breaches.

The year 2020 saw an unprecedented number of hacking and ransomware attacks in New Zealand. These incidents prompted the government to introduce new legislation that requires every business operating in the country to report any data loss. Failure to comply with this legislation can result in hefty fines of up to $350,000.

The Privacy Act 2020, which came into effect on December 1, 2020, outlines the core principles that every business needs to adhere to in order to protect their customers' data. It is essential for businesses to understand these principles and take measures to minimise the risk of data breaches.

Fines of up to $350k!
With the new legislation in place, the Human Rights Review Tribunal now has the power to award up to $350,000 to each member of a class action. This means that businesses need to take privacy breaches seriously and implement measures to prevent them from occurring.

Protecting your customers' data is not just a legal requirement; it is also an ethical obligation. By implementing robust security measures, businesses can protect their customers' privacy and avoid the potentially devastating consequences of a privacy breach.

Understanding the 13 Core Principles of the Privacy Act 2020
The Privacy Act 2020 outlines 13 core principles that every business needs to be aware of when collecting, holding, using, and disclosing personal information. These principles are designed to ensure that businesses handle personal information in a way that is lawful, fair, and respectful of individual privacy.

Collecting Personal Information
The first four principles relate to the collection of personal information. Businesses must only collect personal information if it is necessary, and they must collect it directly from the individual. They must also inform individuals why their data is being collected and who can access it, and ensure that they collect it lawfully and fairly.

Holding Personal Information
The next three principles relate to the holding of personal information. Businesses must store personal information securely, provide individuals with access to their personal information, and allow them to correct it if it is wrong.

Using and Disclosing Personal Information
The remaining six principles relate to the use and disclosure of personal information. Businesses must ensure that personal information is accurate and up-to-date, not kept for longer than necessary, and only used for the purpose for which it was collected. If personal information needs to be disposed of, it must be done securely. Personal information can only be disclosed if there is a good reason for doing so, and only to organisations that are subject to the Privacy Act or similar laws. Unique identifiers, such as a driver's license number, can only be used when necessary.

By adhering to these core principles, businesses can minimize the risk of privacy breaches and protect the personal information of their customers.

You can see a full list of your responsibilities on the Privacy Commissioner website here.

Expert Advice

While compiling this article, We spoke with Alex Teh, CEO of cybersecurity specialists Chillisoft, who had the following advice for our readers:

“The NZ privacy bill 2020 comes into law this month. This new bill provides the Information Commissioner additional legal rights to do things like issue a mandatory disclosure notice to any companies that have had a data breach and it resulted in the loss of personally identifiable information (PII). If that data breach and loss of PII information result in the potential harm to the public, he then has the right to issue a notice that will result in a fine of $10,000. More importantly, the organisation that lost the data will need to notify all their customers whose PII information they lost, potentially causing massive reputational damage that could result in loss of business.”

“When looking at how other countries like the UK and Europe have dealt with their privacy bills, those markets have fully embraced the use of encryption to negate the need to disclose. If a company can prove that the stolen data was encrypted, they are not required to disclose. The use of data loss prevention (DLP) product like ESET Safetica is also needed for discovery. Most IT managers, CIO’s and CISO’s actually struggle when asked where their PII information resides on their network. DLP product provides good auditing and reporting functionality that can be used to track where the PII information is. Once there is an understanding of where the data is, the company can then classify that data and take action like block, take a copy or report.”

Useful Tools to Help You Manage Privacy Breaches.
Managing privacy breaches can be overwhelming, especially if you're not sure whether or not to report them. Fortunately, there are tools available to help you navigate this process. One such tool is NotifyUs, which can assist you in determining whether or not you need to report a breach. NotifyUs is a free online tool provided by the Office of the Privacy Commissioner that guides you through a series of questions to evaluate the breach and determine whether or not it meets the reporting threshold.

However, prevention is always better than cure when it comes to privacy breaches. To protect yourself and your business from privacy breaches, consider implementing security systems and measures that can minimize the risk of a breach occurring. If you're unsure where to start, our team is here to help. Give us a call on 078505742 or fill out our assessment form, and we'll ensure that your business is adequately protected.

Keep in mind that the Privacy Act 2020 came into effect on 1st December 2020, so it's crucial to stay informed about the changes and how they affect your business. Stay vigilant and proactive in managing privacy breaches to ensure that your business and customers' personal information remains safe and secure.

This article was authored by the IT Alliance | Local Technology, Nationwide, in Conjunction with Cyber Security product distibutors - Chillisoft

IT Alliance Members:
CT Business Solutions | Hamilton | Morrinsville | Matamata-Piako | North Waikato
Ultra IT | Northland | Kerikeri | Whangarei
IT Live | Auckland
Technology Partners | Tauranga
Vision Lab | Te Puke
AdvancedIT | Rotorua | South Waikato
BlackSANZ | New Plymouth | Taranaki
GTB | Wellington | Kapiti
Decision1 IT Solutions | Dunedin | Otago
IT Centre | Wanaka | South Otago
Voicecom | Invercargill | Southland

Related Services:
Cyber Security
Managed Services
Business Backup Solutions
Sophos Advanced Email Protection
Has Your Email Been Breached?
Are You A Sitting Duck?

Trustworthy NZ Websites about The Privacy Act 2020:
Office of the Privacy Commissioner
Justice NZ | Privacy Initiatives
Data.Govt.NZ | Data Privacy
Govt | Consumer Protection | Privacy Act
Consumer NZ | Privacy Law

Last Updated: 12/03/2023
Keyword: Privacy Breach
Updated by: Dennis Jones | CT Business Solutions

© 2023 CT Business Solutions Limited. All Rights ReservedContact Privacy Policy Terms & Conditions View Desktop Version