The Privacy Act 2020 creates a new requirement to report serious privacy breaches, as from 1 December 2020. We will have an in depth article on this coming out in our upcoming issue of Savour. In the meantime, Employers need to consider:
- Doing an audit of how “personal information” is managed
- How is this being managed by third parties?
- Where are the risks?
- Developing, or reviewing procedures to keep information and data protected; both physically and electronically
- Developing clear procedures on how to detect, report and investigate potential data breaches. In particular, ensuring that your organisation has a plan in place to meet new reporting obligations without delay
- Agencies (employers) must notify the Privacy Commissioner “as soon as practicable” after they become aware that a notifiable privacy breach has occurred. They must also notify any affected individuals
- Ensuring there are clear internal lines of communication, so that all personnel know who they can talk to within your organisation about privacy issues.
The Pivacy Act 2020 Website contains excellent information and even e-learning modules to help guide you on what you need to know