2 minute read
STRATEGI
from ASSET NOVEMBER 2020
by ASSET
Time to get serious about new Privacy Act
Strategi’s David Greenslade on what to expect on December 1 and what needs to be done to prepare for the arrival of the updated Act.
Technology, globalisation and public expectations have all helped change the face of privacy as we know it. Now impending new privacy laws in New Zealand will reflect this and advisers need to take them seriously, according to Strategi founder and executive director David Greenslade.
The Privacy Act 2020 (the Act) comes into force as an early Christmas present, on December 1, 2020. It repeals and replaces the 27-year-old Privacy Act 1993 and is aimed at strengthening privacy protections for our current environment, updating and modernising existing privacy laws to ensure personal information is kept secure and treated properly.
“There has been a generational shift in technology usage, business practices, and public expectations about security of personal information, both domestically and internationally and the new Act reflects this,” Greenslade says.
What does this mean for your business?
While much of the content of the current Act will remain, there are some significant changes that advisory businesses should be aware of.
“The changes affect all organisations that collect, store and use personal information about their employees and/ or clients,” Greenslade says.
“Some examples of key changes include mandatory reporting of privacy breaches, strengthened cross-border protections of personal information, and the expansion of the Privacy Commissioner’s powers.
“These reforms aim to not only improve the state of New Zealand’s existing privacy laws by making them fit for purpose in the current environment, but also to keep them relevant and effective in line with global trends in privacy and data protection.”
Privacy is a big deal
Privacy of personal information matters, says Greenslade.
“Advisers need to take it seriously and have the right policies and processes in place to meet both client expectations and legal obligations.”
He says some businesses have plenty to do to prepare, and Strategi has already been helping its clients get ready.
“We’ve run webinars with over 600 attendees, produced a guidance note, a 26-step action plan and a number of templates relating to new disclaimers, privacy statements, privacy policies and more,” he says.
“This Privacy Act 2020 Toolkit that we have created has been a big hit with all those looking for practical tips on how to comply with the Act.”
Greenslade offers the following examples of just some of the areas advisers need to address.
• Appoint and train a Privacy Officer.
• Understand and map your business’ information so you know what you collect, where you collect it from and the purpose for collecting it.
• Get renewed consent from clients where necessary.
• Change your fact find documents, website, client agreements, etc to reflect the changes.
• Review agreements with third party service providers to ensure they have sufficient privacy protections.
• Review your external privacy statement and policy, and update where necessary.
• Review your internal privacy policy and other related documents to ensure they are up to date and reference the Act.
A detailed Continuing Professional Development training module on the Privacy Act 2020 has been developed and is available on Radar – the Strategi Institute’s online education portal. Completing this module, along with implementing the processes contained in the Privacy Act 2020 Toolkit, will make compliance with the Act easy, says Greenslade.
For further information on meeting your Privacy Act 2020 obligations, contact Strategi Ltd on:
compliance@strategi.co.nz
Strategi Group is the leading provider of compliance and training services for the New Zealand financial advisory industry.
