In today’s increasingly connected world, the issue of hacking and privacy breaches has become a prominent concern for individuals and organisations alike. The rapid advancement of technology has opened new possibilities and conveniences, but it has also brought forth unprecedented challenges in safeguarding our personal information.
As we navigate the digital landscape, it is crucial to understand the implications of privacy breaches and the protections offered by privacy laws, such as the Privacy Act. You are protected by this Act in situations such has data breaches.
In this blog, we will explore the Privacy Act and its importance in dealing with hacking and privacy breaches.
What does the updated Act say?
The previous Privacy Act of 1993 was replaced with the current Act which came into force on 1 December 2020. The Act introduced several changes to enhance privacy protection and align with international standards. Some key changes include:
- Mandatory reporting of notifiable privacy breaches: Organisations are now required to notify the Privacy Commissioner and affected individuals if a notifiable privacy breach poses a risk of harm. Notification must be made no later than 72 hours after being aware of it. It is an offence not to do so and failure to report the breach is liable on conviction to a fine.
- Strengthened enforcement powers: The Privacy Commissioner has increased powers to enforce compliance with the Act, including the ability to issue compliance notices and penalties for non-compliance.
- Privacy principle amendments: Certain privacy principles have been revised and expanded to address emerging privacy issues, such as the collection, use, and disclosure of personal information.
- Cross-border data protection: Additional safeguards are in place for the transfer of personal information outside of New Zealand, ensuring adequate protection and respecting individuals’ privacy rights.
- Introduction of Privacy Act codes of practice: Codes of practice can be developed to provide practical guidance on specific privacy matters and assist organizations in meeting their obligations.
Through the Act, existing privacy laws were updated and modernised to ensure your personal information is kept secure and treated properly, both domestically and internationally.
What is a privacy breach?
A privacy breach is any unauthorised or accidental access to or disclosure, alteration, loss or destruction of personal information or an action that prevents access to the information on either a temporary or permanent basis (like in a recently reported hack).
What is a notifiable breach?
Only a notifiable privacy breach must be reported, which is a breach that is reasonable to believe that the breach has or is likely to cause serious harm to yourself or an affected individual. If any such breach occurs, the obligation to notify you and the Privacy Commissioner is triggered.
The notification is compulsory and enables you to take steps to protect yourself because of the breach, like changing your password, notifying your bank, insurer, credit card companies, family or other relevant parties. The steps you should take to protect yourself depends on the nature of the breach and the information involved.
How we can help
At Shine we take privacy very seriously, not just because of the Act but because of the nature of our work and the trust relationship between us and our clients.
We may be able to assist making a complaint to the Privacy Commissioner. If your matter cannot be resolved following an investigation, it may be referred to Director of Human Rights Proceedings to bring the case to the Human Rights Review Tribunal (the HRRT/Tribunal), or you can take it to the Tribunal yourself. It is important to note that in certain cases, time limitation periods apply.
The Tribunal has a discretion to award compensation. According to the Tribunal, cases at the less serious end of the spectrum will range up to $10,000, more serious cases can range from $10,000 to around $50,000, and the most serious cases will range from $50,000 upwards. The most the HRRT has awarded so far for a privacy matter is just over $168,000. There is a $350,000 limit on the amount that the Tribunal may award.
If you have been a victim of a privacy breach and you were notified or not notified, please contact Shine for an assessment of the breach and to see how we can assist.
