In an increasingly global world, businesses need to disclose personal information to companies outside of NZ for many reasons, including for data hosting and storage. The new Privacy Act 2020 (the Act) comes into effect from 1 December 2020, bringing with it a new privacy principle requiring NZ businesses to ensure privacy protections apply to personal information sent overseas.
IPP12 enables NZ businesses to disclose personal information to a foreign person or entity who is subject to comparable privacy safeguards. This seems broad, but there are two key exceptions:
Before disclosing personal information overseas, you must be satisfied that you have reasonable grounds to believe that the disclosure is permitted under IPP12. To be permitted, you must either be satisfied that comparable safeguards are in place or have the relevant individual’s authorisation to disclose their personal information to the recipient.
So how do you know if comparable safeguards are in place?. You can do this two ways:
In regulations, the Government may prescribe that a country has comparable privacy safeguards, meaning no additional steps would be needed before you disclose personal information to a business in that country. No regulations will be in place when the new Act becomes law.
You’ve got 3 weeks to make sure your overseas disclosures of personal information meet the requirements of the new Act. We suggest you review your relevant contracts now to ensure that you are ready to comply when the changes happen on 1 December 2020.
If so then you may prefer kindrik.sg