Top 5 takeaways on NZ's new privacy-first data frameworks
Two new(ish) privacy-first data frameworks are in the spotlight in Aotearoa New Zealand. The Digital Identity Services Trust Framework Act 2023 and the Customer and Product Data Act 2025 will influence how organisations access, share and use our personal information. This presents organisations with both...
Regulatory spotlight on information sharing (and what this means for you)
Government information sharing has been in the spotlight in Aotearoa NZ recently, following the release of two inquiry reports by the Public Service Commission (PSC) and Stats NZ respectively. These inquiries should give organisations pause for thought about the extent of their obligations when sharing...
Responsible AI guidance for NZ's public service
The public sector started the year with a burst of activity on the AI governance front. In January, the Department of Internal Affairs (DIA) unveiled the “Public Service Artificial Intelligence Framework”, a one pager aiming to guide the public sector’s responsible adoption of AI technologies. That...
Privacy & AI Governance Priorities for 2025
As the summer holidays become a distant memory, it's a great time to think about your key privacy and AI governance priorities for 2025. We’ve taken inspiration from the Future of Privacy Foundation’s “Twelve Privacy Investments for Your Company for a Stronger 2025” and developed...
OPC confirms that it will issue a biometrics code of practice in 2025
On 18 December 2024, the OPC announced its decision to press on with issuing a Biometrics Processing Privacy Code, regulating the use of biometric systems to process biometric information. This follows the release in April 2024 of an exposure draft of the code, on which...
IAPP ANZ Summit round up
In November, Simply Privacy attended the IAPP ANZ Summit in Melbourne. Despite the rubbish weather it was a great opportunity to get up to date with what is happening in the world of privacy on both sides of the Tasman, and also to connect with...
OPC Annual report
The Office of the Privacy Commissioner issued its 2024 Annual Report recently – we read it so you don’t have to, and here are our key takeaways relating to its complaints and enforcement functions: Over 1000 complaints were received – a 15% increase on the...
Upcoming Privacy Act amendments
There are a couple of bills before Parliament that will amend the Privacy Act 2020, and may require some action on the part of Privacy Officers to make sure their agency stays compliant. The Privacy Amendment Bill is currently before Parliament, and will introduce a...
Aussie privacy law reform - implications for Kiwi businesses
Australia is gearing up for more privacy law reform with the introduction of the Privacy and Other Legislation Amendment Bill 2024. But those hoping for a more ambitious set of changes - including a new right of erasure, a "fair and reasonable" test, stronger consent...
High Court rules on abuse survivors' data access rights
Privacy rarely reaches the courts in New Zealand. While, naturally, the courts are often called to decide on the application of common law privacy rights (otherwise known as the tort of privacy) – such as in the context of media activities – matters relating to...
Tips for dealing with requests for personal information
One of the trickiest aspects of being a Privacy Officer can be dealing with requests made for access to personal information under Information Privacy Principle 6 (IPP6) of the Privacy Act (or rule 6 of the Health Information Privacy Code for health agencies). This is...
Get AI Governance Professional certified – with a Kiwi flavour!
AI has taken the world by storm – and it’s fair to say the IAPP’s AI Governance Professional certification (AIGP) is doing the same for the world of AI governance. If you want to join the many people gaining this internationally recognised certification, then you...
Simply Privacy's EU AI Act guidance
If you’re looking to develop or use an AI system in the EU, our EU AI Act guidance will help you understand this significant new law and how it might apply to you and your business. In collaboration with the team at Te Pokapū Auaha...
AI Impact Assessments - your new best friend!
AI Impact Assessments – your new best friend! No doubt you’re already familiar with the value Privacy Impact Assessments (PIAs) contribute to your privacy programme. They’re a key tool for really getting to grips with the key privacy issues in any new data-based project, product...
OPC Guidance on Applying the IPPS to AI
OPC guidance on applying the Information Privacy Principles to AI The Office of the Privacy Commissioner (OPC) has released guidance on how the Information Privacy Principles (IPPs) apply to Artificial Intelligence (AI). This builds on recent guidance setting out the OPC’s expectations around the use of...
Tips for managing CCTV systems
Video recording and CCTV have become ubiquitious in private and public settings. Ninety nine percent of the time video cameras are installed for security or safety reasons - to catch or deter someone from committing offences. It might be protecting retail premises from ram raid...
Data retention and privacy risk
The Office of the Privacy Commissioner has recently highlighted the importance of good data retention practices. The Office released a statement in April 2023, discussing the role of data retention in recent New Zealand data breaches. The statement points to the Latitude Financial Services breach,...
Privacy by Design, by design
As agencies increasingly adopt more agile and ‘by design’ approaches to product and service design, privacy functions must adapt their approaches to engaging with project teams to effectively influence data practices and outcomes. We've developed some guidance to help privacy professionals and their teams put...
Ok Computer? Time to think about Responsible AI
Did you get the chance to have a play with ChatGPT over the summer break? ChatGPT – which Microsoft is incorporating into its Bing search engine – generates incredibly convincing, human-like text*. It also provides tangible evidence of the impact artificial intelligence (AI) will have...
Tips for implementing a PIA process
Privacy Impact Assessments (PIAs) are be a valuable tool in the Privacy Officer toolkit - identifying and dealing to privacy risk without stifling innovation or impeding progress. But they can also be a bit of a Pain In (the) Ass, when it comes to introducing...
Trusted transparency - Connecting the dots between what you say and what you do
This year's Privacy Week theme - trust - got us at Simply Privacy thinking about the role of transparency in the trust picture. Transparency is a well-known privacy concept. It's not news that being open about how personal information will be used and shared is...
Whānau Ora Commissioning Agency v MoH - Privacy lessons from the second High Court decision
Following the first court case (you can read our take on it here), and the subsequent failure of the Ministry of Health (MOH) to again release all the requested vaccination data, the Whānau Ora Commissioning Agency (WOCA) took further judicial review proceedings in the High Court....
Whānau Ora Commissioning Agency v MOH - Covid 19, Te Tiriti and cultural perspectives on privacy
The Covid-19 pandemic has brought privacy sharply into focus in many different ways over the past eighteen months. The High Court's recent decision in the judicial review proceedings brought by the Whānau Ora Commissioning Agency (WOCA) against the Ministry of Health (MoH) is one such example....
Collecting personal information from children - IPP4
The Privacy Act 2020 amended information privacy principle (IPP) 4(b) to require agencies collecting personal information from children or young persons to take particular care to ensure the collection is fair and proportionate. This change reflects overseas approaches, recognising that children may be less aware...