PrintNZ Bulletin: News, events, industry updates.
View this email in your browser


Hello December.  I'm not sure how you got here so quickly, as we are suddenly on the countdown to Christmas.  But it isn't time to relax yet as changes continue to roll through.

The biggest of these this side of Christmas is the Privacy Act 2020 which becomes effective as of today, 1 December.  The new Act, while retaining many of the existing principles of privacy and confidentiality, introduces greater obligations for businesses, financial penalties, and enforcement powers for the Privacy Commissioner.  Read about the changes below. 

For those of you following the supply of goods into the country (or lack of it), if you click on this link it will take you to the latest Operational Update from Ports of Auckland released yesterday.  It doesn't make great reading with some software issues over the weekend shutting down the automated yard until at least lunchtime today, and an overall red light status indicating "service severely degraded, major delays".  

The new Privacy Act 2020 comes into play today and makes some changes to how organisations and businesses need to manage personal information, giving more strength to the statement "keep it secure".  If you use personal information you must protect it and respect it.

While many of your transactions are business to business (and the Act doesn't apply), you all have staff information that falls under this umbrella, and many of you are now dealing in personal data on behalf of your customers.  

Below is a summary of the major changes.  We will be providing members with a draft Privacy Policy, Privacy Statements and other relevant documentation. 

  1. Every business must have a Privacy Officer (this is not a new requirement), but the new Act allows you to contract that role out if you don't have anyone suitable to act in that role within your business.  Members will be able to contract PrintNZ to act in this role.
  2. It is now mandatory to notify the Privacy Commissioner of a breach that has or could cause serious harm.  Whether it meets the threshold of serious harm depends on:
    • how sensitive the information is
    • what harm it could do
    • how widely spread the breach is
    • what has been done to mitigate it
    • how secure the information was on the medium it was lost
  3. The new Act allows for penalties and enforcement.  A fine of up to $10,000 can be imposed and criminal charges have been introduced if you impersonate someone to get information, or destroy information when an individual has requested it.
  4. The Privacy Commissioner can make binding decisions on access to information.
  5. It applies to every company doing business in NZ, no matter where they are based.
  6. Cross border protection means if you are sending information outside NZ you have to undertake due diligence to ensure it will still be protected.  This does not apply to cloud based storage or if the company is doing business in NZ in their own right and therefore already subject to NZ Privacy laws.
What do you need to do now?
  1. Any documents you use that currently reference the Privacy Act 1993 need to be updated to the Privacy Act 2020.  This will include Credit Account Applications and Terms of Trade, but check other documentation such as employment documentation. 
  2. Prepare a Privacy Policy and Privacy Statement(s)
  3. Prepare a Privacy Breach Response Plan.
  4. Ensure all personal information is safely and securely managed.
  5. Ensure any overseas organisations you send personal information to offer comparable privacy protections to New Zealand.
  6. Train your staff.
The Privacy Commission has developed some excellent online learning tools you can access by clicking here.  Outlined below are a few that would prove useful to all businesses.
For general staff:   Privacy ABC - a quick oversight of privacy in 30 minutes
For Privacy officersPrivacy 101 - key concepts and definitions in the Act.  2-3 hours but can be done in multiple sessions
For HR/PayrollEmployment and Privacy - will help employers deal with privacy related employment issues.

As a reminder, here is an abridged version of the 13 Principles of Privacy:

  1. Only collect personal information you need
  2. Get it directly from the individual when possible
  3. Be open about what you are going to do with it
  4. Be fair about how you get it
  5. Keep it secure
  6. Let people see their own information
  7. Correct it if the person thinks it is wrong
  8. Make sure it is accurate before you use it
  9. Dispose of it when you no longer need it
  10. Only use it for the reason it was collected
  11. Only share it if you have a good reason
  12. Only send it overseas if it will be adequately protected (new)
  13. Only use unique identifiers when it is clearly allowed


Working for the prosperity of the
print, packaging and
visual communications industries.

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
PrintNZ · PO Box 58 280 · Botany · Auckland, Auckland 2163 · New Zealand