+64 800 266 751

Privacy Act 2020

From 1 December 2020, the Privacy Act 2020 will come into force.  There are changes between this new Act and the previous Privacy Act 1993.  Agencies must follow a set of rules when handling personal information.

If you handle personal information, then you are likely to be an 'agency'.  An agency is any organisation or business, which its in the public or private sector that includes government departments, companies, small businesses, social clubs and other types of organisations. 

You should have a written Privacy Policy which sets out how your agency handles personal information.  

The Privacy Act has 12 information privacy principles which set out how you should handle personal information. 

Principles 1 - 4 set out how you can collect personal information

Priciples 5 - 7 govern how you store personal information

Principles 6 - 12 govern how you use and disclose personal information


A person must be nominated as your Privacy Officer and they must be familiar with your privacy obligations.  If your customer has questions about privacy, then they should be directed to the Privacy Officer.

Privacy Breaches

If an agency has a privacy breach that is likely to cause anyone serious harm, they must notify the Privacy Commissioner and any affected persons as soon as practicable.

Agencies must report privacy breaches via NotifyUs on the Privacy Commissioner's website.

Recognising and Preventing Breaches

The Privacy Commissioner has an AskUs section that sets out how you can stop data breaches from happening. 

How we can help you

Complianz can assist you in the following ways:

  • Create a new Privacy Policy for your business;
  • Review and update your existing Privacy Policy; and
  • Complete a Gap Analysis between your old and new policies and procedures and recommend changes so you comply with the new requirements.

This product has been added to your cart