The Privacy Act 2020 had its third and final reading last week. It's time to get ready for the new law. 


On Friday 27 June, the new Privacy Act passed its third reading in parliament. The Act will come into force from 1 December this year. The Privacy Commissioner’s office has branded the new law ‘Privacy 2.0’.

This article summarises the changes and explains how ComplyWith will be helping our customers meet the challenges of Privacy 2.0.

What’s changing with the new Privacy Act?

The current Privacy Act is almost 30 years old and since its introduction, the rise of the internet and digital economy has transformed the opportunities and risks for personal information.

The aim of the new Privacy Act is to promote people’s confidence that their personal information is secure and will be treated properly.

Changes coming in the new Act include:

  1. Compulsory reporting of potentially serious privacy breaches to the Privacy Commissioner and to the affected individuals
  2. Improved cross-border protections for personal information
  3. New enforcement powers for the Privacy Commissioner
  4. New criminal offences and penalties. Also, awards of up to $350,000 each to members of a class action will be able to be made by the Human Rights Tribunal.

Here is a more detailed summary of the key changes in the Privacy Act 2.0 on the Privacy Commissioner’s helpful website.

How will ComplyWith be helping with Privacy 2.0?

ComplyWith is working hard to support our community of compliance customers get ready for the new Privacy Act.

Now that we have the final wording of the new Act, we’ll be finalising the new ComplyWith compliance content and making that available to customers through their ComplyWith tool soon.

For our health sector and fibre networks customers there will be changes coming to the Health Information Privacy Code and the Telecommunications Information Privacy Code. We’ll update the compliance content for these as quickly as possible once we know what the changes are.

The Privacy Commissioner has kindly agreed to talk to our compliance community about the new Act at our annual customer conference, Unplugged, being held shortly at Te Papa on 21 August 2020.

Something we’ve already been asked about is to enable the delivery of privacy training using ComplyWith's Legal Compliance tool. This is  something we will be exploring and hope to be able to help with. In the meantime, the Privacy Commissioner’s website has some very helpful online training resources here.

We’ve also been working on a new Security Reporting module for ComplyWith. This will help organisations wanting to improve their awareness and processes for information security and to enable reporting on these. The challenge for ComplyWith here is one of competing demands on our resources, so if you think this module could be for you, do let us know.

Starter questions for preparing for Privacy 2.0

To kick off preparations for Privacy 2.0, here are some questions all organisations should be starting to ask themselves:

  1. Do we have a privacy officer appointed? Do they have the mandate and resourcing to ensure our organisation is prepared for Privacy 2.0?
  2. Do we have a fit-for-purpose privacy policy which makes it clear to our organisation what our personal information and data risks are, and how our people are expected to be managing those risks?
  3. What training do our people receive about privacy and keeping data safe?
BIG C Background Image