The Privacy Act 2020 comes into force from Tuesday, 1 December, and there are one area that anyone who collects customer data must be aware of – mandatory data breach policy notifications.
In the unfortunate occasion that your organisation is victim to a notifiable privacy breach, you must inform the Privacy Commissioner and all businesses and individuals affected by the breach.
What is a privacy breach?
These normally fall into two categories:
- Confidentiality or integrity breach – where personal information is accessed (unauthorised or accidental), disclosed, altered, lost, or destroyed
- Availability breach – where personal information can’t be accessed (permanently or temporarily) because of some sort of action, like a denial-of-service attack
What is a notifiable privacy breach?
Basically, a privacy breach is notifiable if you feel that it has or could have a serious impact on any affected individual or business.
Who does this apply to?
Pretty much any New Zealand entity, including businesses and individuals.
How do you notify the affected entities and the Privacy Commissioner of a privacy breach?
- Describe what happened
- Explain what you’ve done in response
- Include the contact details for a representative from your business for any enquiries
What should you do to prepare?
Like most things, it’s better to be prepared than waiting for a breach to happen before taking any actions.
So, we recommend having a Privacy Breach Response Plan in place.
A good starting point is looking at your latest risk register. This includes but is not limited to:
- Multi-factor authentication on all applications
- Strong passwords
- Device encryption management
- Conditional access
- Firewall rules and review exposed services
- Saas backup
- Business continuity disaster recovery
- Full external security audit
- Microsoft secure score
Your Base2 account manager can provide this to you.
Base2 is here to support you with protecting your data. However, your data is your responsibility, and this includes notifying affected parties of any notifiable privacy breaches.
To find out how to make your business compliant with the new privacy laws, get in touch with the Base2 team by emailing [email protected]