Tips for dealing with requests for personal information
One of the trickiest aspects of being a Privacy Officer can be dealing with requests made for access to personal information under Information Privacy Principle 6 (IPP6) of the Privacy Act (or rule 6 of the Health Information Privacy Code for health agencies). This is...
Data retention and privacy risk
The Office of the Privacy Commissioner has recently highlighted the importance of good data retention practices. The Office released a statement in April 2023, discussing the role of data retention in recent New Zealand data breaches. The statement points to the Latitude Financial Services breach,...
Privacy by Design, by design
As agencies increasingly adopt more agile and ‘by design’ approaches to product and service design, privacy functions must adapt their approaches to engaging with project teams to effectively influence data practices and outcomes. We've developed some guidance to help privacy professionals and their teams put...
Getting ready for Privacy Act 2020 – Checklist
The Privacy Act 2020 came into effect on 1 December 2020. We’ve made a checklist of the key things we think organisations should do to get in shape for it: Get your governance settings right Appoint a Privacy Officer, if you haven’t already – it’s...
Collecting personal information from children – IPP4
The Privacy Act 2020 amended information privacy principle (IPP) 4(b) to require agencies collecting personal information from children or young persons to take particular care to ensure the collection is fair and proportionate. This change reflects overseas approaches, recognising that children may be less aware...