NZ adopts new privacy principle to protect personal information


Thursday, 29 October, 2020
NZ adopts new privacy principle to protect personal information

As of 1 December 2020, New Zealand businesses and organisations that send personal information overseas will need to comply with a new privacy principle in the Privacy Act 2020, which adds new controls on the disclosure of personal information to overseas organisations and businesses.

Privacy Commissioner John Edwards said the goal of principle 12 is to ensure New Zealanders can expect comparable privacy protections to those under New Zealand’s Privacy Act when their information is disclosed and used in a foreign jurisdiction. Edwards noted that principle 12 will not apply to offshore cloud providers.

“Using cloud providers or other agents to store or process personal data is not treated as a disclosure under principle 12, so long as the agent or cloud provider is not using that information for any of their own purposes,” said Edwards.

A business or organisation will be accountable for the international disclosure of personal information, and will need to demonstrate that it has carried out the necessary checks required under the new privacy principle.

“This is the approach taken in Europe, where the General Data Protection Regulation (GDPR) ensures privacy protections apply to personal information when it is sent across national borders,” said Edwards.

To comply with the new principle, businesses and organisations can adopt contractual safeguards. Edwards recommends using the model contract clauses developed by the Office of the Privacy Commissioner, which are designed to assist agencies to comply with principle 12 and reduce the compliance burden for agencies.

Edwards said these contractual clauses make it clear to the recipient how they are expected to look after the personal information they are being entrusted with. The model contract clauses are tailored to the requirements of the Privacy Act 2020 and to make it easier for small and medium-sized businesses to comply with principle 12.

Organisations can modify them, or use their own form of contract clauses, so long as the key privacy protections are included. The Office of the Privacy Commissioner has also produced guidance to help organisations and businesses understand the respond to the new principle 12 obligations.

The Office will issue further guidance related to the new principle 12 obligations shortly.

Image credit: ©stock.adobe.com/au/Vitalii Vodolazskyi

Related News

Cloudera certified for compliance with PCI DSS 4.0

Cloudera has secured certification for Level 1 compliance with version 4.0 of the Payment Card...

Rubrik launches Salesforce Data Protection

Data security company Rubrik’s new Salesforce Data Protection offering aims to help...

DigiCert announces speaker line-up for quantum summit

DigiCert has named the quantum computing and cryptography experts who will be speaking at the...

Content from other channels on our network

Government appoints new Director-General of ASD

Transforming government workflows with AI

WA Police Force launches comprehensive ICT tender

Boomi completes comprehensive IRAP reassessment

Trustwave appointed to Department of Defence ICTPA panel

Mobile app helps WA Police support family violence victims

Icon Water completes major comms network upgrade

World's southernmost base station operating in Antarctica

Ultra-precise motion sensor could enable GPS-free navigation

Australian CubeSats successfully launched into space

Comprehensive fluid power training from HYDAC

A method that paves the way for improved fuel cell vehicles

Stretchy gel sensor detects solid-state skin biomarkers

Smart fabric powers self-sustaining electronics

Computer chips have the potential to become even smaller

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd