15 Oct 2018
Despite the age of the Act, and that it is in the process of being updated, very few businesses comply with the law as it stands.
There has been endless discussion about the European General Data Protection Regulation (GDPR) and how it applies to New Zealand business (but that’s a topic for another blog), but the fact is that we have had our own Privacy Laws in place for 25 years, when the World Wide Web was still in nappies.
Despite the age of the Act, and that it is in the process of being updated, very few businesses comply with the law as it stands.
The Act is based on 12 Privacy Principles, which describe
These are very similar to the basics of GDPR and other Privacy acts being introduced around the world such as the California Consumer Privacy Act
So why should a business look to comply with the Act if it hasn’t for all these years?
It used to be said that consumers will trade security and privacy for convenience, this is no longer the case. Following many well publicised data leaks such as at Equifax, Yahoo and Ticketmaster, along with largescale misuse of data at Facebook in association with Cambridge Analytica, consumers expect the businesses they interact with to demonstrate that they care about the personal data collected.
Around the globe, consumers are reporting that they are both less likely to do business with a company that they have concerns about data security. A recent PwC report highlights that 85% of customers saying that they will not do business with a company if they are worried about its data practices.
Additionally, according to a report by Capagemini, 77% of consumers believe that cybersecurity and data privacy is the 3rd most important factor when selecting a retailer, outranking discounts and brand reputation. In the same report, 40% of consumers say that they are willing to increase their online spend by 20% or more if their primary retailer were to assure them that its competitors did not:
Assurance of security and privacy of customer data is clearly becoming a business essential and there is now a Privacy Commission “Trust Mark” available to organisations that can demonstrate that a particular product or service is in accordance with the principles of “Privacy by Design”
Next Post will address Privacy Principle 5 (a) –
An agency that holds personal information shall ensure -
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against -
(i) loss; and
(ii) access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
(iii) other misuse; and
So – What is reasonable?