Resources

12 October 2024

Upcoming Privacy Act amendments

There are a couple of bills before Parliament that will amend the Privacy Act 2020, and may require some action on the part of Privacy Officers to make sure their agency stays compliant. The Privacy Amendment Bill is currently before Parliament, and will introduce a...

12 October 2024

Aussie privacy law reform - implications for Kiwi businesses

Australia is gearing up for more privacy law reform with the introduction of the Privacy and Other Legislation Amendment Bill 2024. But those hoping for a more ambitious set of changes - including a new right of erasure, a "fair and reasonable" test, stronger consent...

12 October 2024

High Court rules on abuse survivors' data access rights

Privacy rarely reaches the courts in New Zealand. While, naturally, the courts are often called to decide on the application of common law privacy rights (otherwise known as the tort of privacy) – such as in the context of media activities – matters relating to...

12 October 2024

What we've been up to...

August-October 2024 In August, Frith delivered a keynote address at the Institute of Director's "Governing AI Forum" on Responsible AI. She was interviewed beforehand for this article on "Putting AI best practice into a New Zealand context". Daimhin presented to the NZ Institute of Internal...

26 July 2024

Tips for dealing with requests for personal information

One of the trickiest aspects of being a Privacy Officer can be dealing with requests made for access to personal information under Information Privacy Principle 6 (IPP6) of the Privacy Act (or rule 6 of the Health Information Privacy Code for health agencies). This is...

24 July 2024

Get AI Governance Professional certified – with a Kiwi flavour!

AI has taken the world by storm – and it’s fair to say the IAPP’s AI Governance Professional certification (AIGP) is doing the same for the world of AI governance. You’ve probably seen AIGP-related posts popping up all over LinkedIn. If you want to join...

24 July 2024

EU AI Act Fact Sheets

If you’re looking to develop or use an AI system in the EU, our series of fact sheets on the AI Act will help you understand this important new law and how it might apply to you and your business. In collaboration with the team...

24 July 2024

Simply Privacy joins the Strand Alliance

We are thrilled to announce that Simply Privacy has joined the Strand Alliance, an international network of privacy and data protection experts based in Europe, the Middle East and Asia Pacific and with partners in Dublin, London, Brussels, Munich, Madrid, Zurich, Rome, Tel Aviv, New...

3 May 2024

AI Impact Assessments - your new best friend!

AI Impact Assessments – your new best friend! No doubt you’re already familiar with the value Privacy Impact Assessments (PIAs) contribute to your privacy programme. They’re a key tool for really getting to grips with the key privacy issues in any new data-based project, product...

3 May 2024

Privacy Myths Busted - Our free eLearning module for Privacy Week 2024

Happy Privacy Week from Simply Privacy! Privacy Week is an annual event to promote privacy awareness, inform people of their rights under the Privacy Act, and help educate agencies about their responsibilities. This year the Privacy Commissioner's theme is busting privacy myths. Doing privacy right is...

14 March 2024

More AI All the time

  The EU AI Act has just been passed – the world’s first comprehensive law to regulate AI.  Taking a risk based approach, it will have extraterritorial effect just like GDPR, and is likely to have a similar influence on legislators around the world.  Check...

6 March 2024

We might be small, but we're still adequate

The European Commission has decided that Aotearoa New Zealand will retain its EU adequacy status. This is important news for local organisations which market their products or services into the EU.  Aotearoa NZ's Privacy Act first received EU adequacy status in 2012. At that time,...

11 December 2023

AI Governance Global 2023

Simply Privacy Principal, Frith Tweedie, travelled to Boston in early November for the IAPP’s AI Governance Global conference. She shares some of the key takeaways from the event. The IAPP’s inaugural AI-focused conference, AI Governance Global 2023, took place during a very busy week for...

11 December 2023

Key takeaways from the IAPP ANZ Privacy Summit

Simply Privacy recently represented at the IAPP ANZ Summit in Sydney, a two day privacy extravaganza attended by 450+ privacy professionals from across Australia and Aotearoa NZ.   The weather was rubbish but the vibe was excellent, with some good inspiration to take into the holiday...

27 September 2023

OPC Guidance on Applying the IPPS to AI

OPC guidance on applying the Information Privacy Principles to AI The Office of the Privacy Commissioner (OPC) has released guidance on how the Information Privacy Principles (IPPs) apply to Artificial Intelligence (AI). This builds on recent guidance setting out the OPC’s expectations around the use of...

27 September 2023

Tips for managing CCTV systems

Video recording and CCTV have become ubiquitious in private and public settings. Ninety nine percent of the time video cameras are installed for security or safety reasons - to catch or deter someone from committing offences.  It might be protecting retail premises from ram raid...

7 July 2023

Data retention and privacy risk

The Office of the Privacy Commissioner has recently highlighted the importance of good data retention practices. The Office released a statement in April 2023, discussing the role of data retention in recent New Zealand data breaches. The statement points to the Latitude Financial Services breach,...

30 June 2023

Mānawatia a Matariki Here at Simply Privacy, we're thrilled that Matariki is now honoured as a public holiday in Aotearoa. We'll be heading out to see the beautiful Matariki cluster at sunrise on 14 July. Mānawa maiea te putanga o Matariki Mānawa maiea te ariki...

7 July 2023

Key takeaways from the Customer and Product Data Bill

The development of NZ’s Consumer Data Right has taken a further step forward, with MBIE’s release of an exposure draft of the Customer and Product Data Bill. The CPD Bill is intended to unlock the value of data, by improving customer access to and control...

27 April 2023

Privacy by Design, by design

As agencies increasingly adopt more agile and ‘by design’ approaches to product and service design, privacy functions must adapt their approaches to engaging with project teams to effectively influence data practices and outcomes. We've developed some guidance to help privacy professionals and their teams put...

26 February 2023

Ok Computer? Time to think about Responsible AI

Did you get the chance to have a play with ChatGPT over the summer break? ChatGPT – which Microsoft is incorporating into its Bing search engine – generates incredibly convincing, human-like text*. It also provides tangible evidence of the impact artificial intelligence (AI) will have...

26 February 2023

More decisions made on NZ's Consumer Data Right

The Office of the Minister of Commerce and Consumer Affairs has released a Cabinet Paper outlining further decisions on the Consumer Data Right (CDR). Subject to Cabinet agreement, the decisions made in this paper will inform the shape and content of the upcoming CDR Bill....

7 December 2022

2023 Predictions

Our privacy predictions for 2023 Privacy’s been pretty busy in 2022. We’ve seen the appointment and commencement of our new Privacy Commissioner, Michael Webster; several news reports on the use of Facial Recognition Technology (FRT) by retailers and the release of a consultation paper from...

7 December 2022

IAPPANZ Summit Round-up

Simply Privacy sent a delegation over to the IAPPANZ Summit in Sydney in November - the first such summit since 2019.  It was a fabulous opportunity to connect with over 350 other privacy professionals and get up to speed with some of the topical privacy...

7 December 2022

Introducing Frith

Frith joined the Simply Privacy team this year from Auror, where she was General Counsel and Chief Privacy Office as well as designing and implementing their Responsible AI framework. Frith has wide privacy experience both in New Zealand and further afield. Following a 7 year...

23 August 2022

Tips for implementing a PIA process

Privacy Impact Assessments (PIAs) are be a valuable tool in the Privacy Officer toolkit - identifying and dealing to privacy risk without stifling innovation or impeding progress.  But they can also be a bit of a Pain In (the) Ass, when it comes to introducing...

23 August 2022

Introducing Kathy

Kathy rejoined the Simply Privacy team in 2020, having previously spent several years consulting for us. She has a background in both privacy and the wider information management arenas, with stints as an Investigator at both the Office of the Privacy Commissioner and Office of...

23 August 2022

Simply Privacy contributes to APAC research on consent

Our Principal and Director Daimhin Warner recently provided expert assistance to an Asia Business Law Institute + Future of Privacy Forum joint research project on the status of consent as a lawful basis for processing personal information in the APAC region. The full report for...

30 April 2022

Trusted transparency - Connecting the dots between what you say and what you do

This year's Privacy Week theme - trust - got us at Simply Privacy thinking about the role of transparency in the trust picture. Transparency is a well-known privacy concept. It's not news that being open about how personal information will be used and shared is...

30 April 2022

Privacy as a customer service

Since the 1980 OECD Guidelines on privacy there have been substantial additions and amendments to privacy laws in New Zealand and other jurisdictions across the world. The original guidelines were practical, a response to advances of technology and the ability to transfer data across borders...

7 February 2022

It's all about the tone

As an executive leader in your agency how engaged are you with privacy?  Let’s reframe that – how engaged are you in managing the personal information that your organisation uses to provide services? Maturity assessments exist for variety of corporate activities, including security, risk and...

7 February 2022

A fresh take on privacy for 2022

This year, we expect to see many developments that will complement our reformed Privacy Act 2020, helping us to regain our position at the forefront of future-proofed privacy regulation, but also signalling the emergence of an Aotearoa New Zealand approach to privacy that reflects our...

23 December 2021

Whānau Ora Commissioning Agency v MoH - Privacy lessons from the second High Court decision

Following the first court case (you can read our take on it here), and the subsequent failure of the Ministry of Health (MOH) to again release all the requested vaccination data, the Whānau Ora Commissioning Agency (WOCA) took further judicial review proceedings in the High Court....

14 November 2021

Whānau Ora Commissioning Agency v MOH - Covid 19, Te Tiriti and cultural perspectives on privacy

The Covid-19 pandemic has brought privacy sharply into focus in many different ways over the past eighteen months.  The High Court's recent decision in the judicial review proceedings brought by the Whānau Ora Commissioning Agency (WOCA) against the Ministry of Health (MoH) is one such example....

13 November 2021

Privacy Commissioner publishes position paper on biometrics

Reflecting growing pressure from public and private sector agencies to utilise new technologies, the Office of the Privacy Commissioner released a timely position paper on the regulation of biometrics. The paper puts some stakes in the ground with respect to biometrics. It outlines how the...

22 October 2021

Getting ready for Privacy Act 2020 - Checklist

The Privacy Act 2020 came into effect on 1 December 2020. We’ve made a checklist of the key things we think organisations should do to get in shape for it: Get your governance settings right Appoint a Privacy Officer, if you haven’t already – it’s...

19 October 2021

Collecting personal information from children - IPP4

The Privacy Act 2020 amended information privacy principle (IPP) 4(b) to require agencies collecting personal information from children or young persons to take particular care to ensure the collection is fair and proportionate. This change reflects overseas approaches, recognising that children may be less aware...