With the Privacy Act 2020 now in effect, consumers need to educate themselves on the rights they’ve just gained. New Zealanders feel strongly about privacy protections and have signalled they care about their data.
Earlier this year, NortonLifeLock’s Cyber Safety Insights Report found that New Zealanders are split on who should be held most responsible for ensuring personal information and data privacy are protected. Nearly 4 in 10 (38 percent) believe the government should be held most responsible, while one-third (33 percent) put the burden on companies, followed closely by individual consumers (29 percent).
The Privacy Act 2020 now delivers consumers the tools to help understand and manage the data that companies are collecting about them and the government now has the tools to enforce the law.
“The act has given The Office of the Privacy Commissioner some weapons to ensure the privacy of New Zealanders is protected”, says Mark Gorrie, Senior Director, Asia Pacific, NortonLifeLock. “If a business is found to be collecting too much or inappropriate personal data, selling or sharing it inappropriately, or has lost control of data due to negligence – the act lets the Privacy Commissioner take action against an offender and seek financial penalties. It’s much more power than the office has had in the past, and it delivers a mechanism to help New Zealanders protect their personally identifiable information.”
Here are Gorrie’s top tips on what you can do to keep your data safe:
Check what information a company is collecting and how they’re using it.
Ask a company to show you the information they have about you, correct anything that’s incorrect, and even request to be deleted.
If a company, such as a social media site, has been collecting data on you and you want to see it – ask for it. Social media companies collect mountains of data about individuals, if you want to know what it is, request that data. Companies that conduct business in New Zealand, even if they’re based outside the country, need to comply with the new law. The Privacy Act 2020 gives you the right to correct any information about you. You can engage with a company and fix any incorrect information such as financial or medical information. The act does not include the ‘right to be forgotten’, but you can and should request that a company delete the information it holds about you if you feel the data may be misused, mishandled, or simply wish it gone.
Lay a complaint to the Privacy Commissioner if you think a company has breached a privacy principle or caused you significant harm.
If you think a company has lost or misused your data, is refusing to provide you with the information you are requesting, make a complaint to the Privacy Commissioner. The new law gives them the tools to assess your issue and even facilitate an agreed settlement.