Top 5 takeaways on NZ’s new privacy-first data frameworks
Two new(ish) privacy-first data frameworks are in the spotlight in Aotearoa New Zealand. The Digital Identity Services Trust Framework Act 2023 and the Customer and Product Data Act 2025 will influence how organisations access, share and use our personal information. This presents organisations with both...
Regulatory spotlight on information sharing (and what this means for you)
Government information sharing has been in the spotlight in Aotearoa NZ recently, following the release of two inquiry reports by the Public Service Commission (PSC) and Stats NZ respectively. These inquiries should give organisations pause for thought about the extent of their obligations when sharing...
Responsible AI guidance for NZ’s public service
The public sector started the year with a burst of activity on the AI governance front. In January, the Department of Internal Affairs (DIA) unveiled the “Public Service Artificial Intelligence Framework”, a one pager aiming to guide the public sector’s responsible adoption of AI technologies. That...
Privacy & AI Governance Priorities for 2025
As the summer holidays become a distant memory, it's a great time to think about your key privacy and AI governance priorities for 2025. We’ve taken inspiration from the Future of Privacy Foundation’s “Twelve Privacy Investments for Your Company for a Stronger 2025” and developed...
Upcoming Privacy Act amendments
There are a couple of bills before Parliament that will amend the Privacy Act 2020, and may require some action on the part of Privacy Officers to make sure their agency stays compliant. The Privacy Amendment Bill is currently before Parliament, and will introduce a...
Tips for dealing with requests for personal information
One of the trickiest aspects of being a Privacy Officer can be dealing with requests made for access to personal information under Information Privacy Principle 6 (IPP6) of the Privacy Act (or rule 6 of the Health Information Privacy Code for health agencies). This is...
Simply Privacy’s EU AI Act guidance
If you’re looking to develop or use an AI system in the EU, our EU AI Act guidance will help you understand this significant new law and how it might apply to you and your business. In collaboration with the team at Te Pokapū Auaha...
AI Impact Assessments – your new best friend!
AI Impact Assessments – your new best friend! No doubt you’re already familiar with the value Privacy Impact Assessments (PIAs) contribute to your privacy programme. They’re a key tool for really getting to grips with the key privacy issues in any new data-based project, product...
Tips for managing CCTV systems
Video recording and CCTV have become ubiquitious in private and public settings. Ninety nine percent of the time video cameras are installed for security or safety reasons - to catch or deter someone from committing offences. It might be protecting retail premises from ram raid...
Data retention and privacy risk
The Office of the Privacy Commissioner has recently highlighted the importance of good data retention practices. The Office released a statement in April 2023, discussing the role of data retention in recent New Zealand data breaches. The statement points to the Latitude Financial Services breach,...
Privacy by Design, by design
As agencies increasingly adopt more agile and ‘by design’ approaches to product and service design, privacy functions must adapt their approaches to engaging with project teams to effectively influence data practices and outcomes. We've developed some guidance to help privacy professionals and their teams put...
Ok Computer? Time to think about Responsible AI
Did you get the chance to have a play with ChatGPT over the summer break? ChatGPT – which Microsoft is incorporating into its Bing search engine – generates incredibly convincing, human-like text*. It also provides tangible evidence of the impact artificial intelligence (AI) will have...
Tips for implementing a PIA process
Privacy Impact Assessments (PIAs) are be a valuable tool in the Privacy Officer toolkit - identifying and dealing to privacy risk without stifling innovation or impeding progress. But they can also be a bit of a Pain In (the) Ass, when it comes to introducing...
Trusted transparency – Connecting the dots between what you say and what you do
This year's Privacy Week theme - trust - got us at Simply Privacy thinking about the role of transparency in the trust picture. Transparency is a well-known privacy concept. It's not news that being open about how personal information will be used and shared is...
Collecting personal information from children – IPP4
The Privacy Act 2020 amended information privacy principle (IPP) 4(b) to require agencies collecting personal information from children or young persons to take particular care to ensure the collection is fair and proportionate. This change reflects overseas approaches, recognising that children may be less aware...