Data Privacy is rapidly changing how businesses work

Data privacy has been a hot-button topic for some time now and data breaches have become more prevalent in the news. There is pressure on companies to not only create their own internal guidelines around data protection, but also comply with existing legislation such as Europe’s GDPR, California’s Consumer Privacy Act of 2018 (CCPA), New Zealand’s amended Privacy Act, and more around the globe. 

Data privacy laws are impacting how businesses do business. This means everything that touches upon personal information, such as advertising tracking, cybersecurity and personal data collection practices, along with what a business shares with trusted third party partners, all need to be reviewed.

The basic principles of data privacy aren’t new–it’s just that they’re becoming more common than ever before as businesses all over the world take notice of what can happen when their customers’ private details leak out through carelessness or malice. This affects not only their reputation but their bottom line, and very survival. This article explores data protection both at home and overseas, with tips from our legal team who deal with this issue every day.

Covid-19 catapulted everyone into the future

The Covid-19 lockdowns had a significant impact on the world. We saw an explosion of digital technology and ecommerce was propelled forward with 10 years worth of advancements happening almost at once. This increased consumer online adoption rate led to enterprises improving customer engagement whilst needing to accept increasing responsibilities around data privacy concerns. This was due to the amount of personal information being shared from one user’s device or system across many networks by companies who need to protect that data.

Personal data is valuable

The tracking of personally identifiable data is incredibly valuable because businesses can use this information to better understand consumer pain points and their unmet needs. These insights help with service and product development, as well as ways to personalise advertising campaigns so that they are more relevant and engaging for the consumers who see them.

Consumer data is clearly transforming business

This transformation comes at a cost and a greater responsibility to manage the data collected. A proliferation of data and privacy breaches has created consumer demand for the protection of their privacy and control of the use of their own data. Governments and corporations around the world have rolled out new regulations, and privacy laws, as previously mentioned. 

NZ has an amended Privacy Act too

New Zealanders will experience a new level of data security with the recent amendment to our Privacy Act 1993. This update was long overdue, as it has been nearly 30 years since its inception and many changes have taken place in the digital world during that time frame. The intent is for this legislation to protect an individual’s personal information while also providing them some peace of mind when they are using technology. 

The most significant changes to New Zealand’s privacy law include:

  • mandatory data breach reporting;
  • restrictions on offshore transfers of personal information;
  • clarifications on the extraterritorial scope of the Privacy Act; and
  • harsher penalties for non-compliance.

Businesses storing personal data are legally required to report to the Privacy Commissioner, along with other relevant individuals, breaches that have caused or are likely to cause “serious harm”. The Privacy Act provides guidelines around serious harm including:

  • actions taken by the business to reduce the risk of harm following the breach;
  • whether the personal data is sensitive in nature;
  • the type of harm that may be caused to victims;
  • who obtained (or who could obtain) the personal data as a result of the breach; and
  • whether the personal information is protected by any security measure.

Data protection laws abroad are far stricter by comparison.  For instance, the US, EU, and UK can issue fines that could bury a business. That’s a strong motivator to ensure they keep data secure. New Zealand amended its Privacy Act increasing penalties from $2,000 to $10,000 with class actions depending on circumstances as well as introducing potential criminal charges in more serious cases. The law will likely evolve over time but you need only look at how our rules compare to those overseas to see what’s coming. 

Protecting your business and its customers

Keeping data safe is of paramount importance in the modern world. There are a few sensible ways to protect your customers’ information to prevent a breach from happening:

  • check that internal policies and processes align with New Zealand’s amended Privacy Act and international law;
  • limit sensitive information before transferring them overseas; and
  • adopt reporting requirements when notifying authorities about breaches

Data protection and privacy are really important legal topics. You cannot afford to ignore them, especially whilst the digital world continues to expand around us. Our highly experienced data protection, privacy and cybersecurity team in our commercial department can help keep your business safe. Phone 06 561 0838 or email michael@cardow.co.nz.

No Comments

Post a Comment