Is your business prepared for the upcoming NZ privacy law changes and revised Privacy Act that will come into play on the 1st of December 2020?
To ensure you have the knowledge to stay on top of this, we have put together four action steps you can take now, to prepare for these changes.
Client Information and Data Storage
It is common for employees to temporarily store company information on their personal local workstations and forget to remove the data once they no longer require it.
It is important to educate your employees on the appropriate methods set out by the Office of Privacy Commissioner, and you, their employer, for collecting and storing client data. It is highly recommended that only necessary information is obtained and stored.
The new Privacy Act 2020 requires all businesses in New Zealand to notify the Privacy Commissioner and the affected individuals, of any data breach. In the event of a data breach, if client information is being targeted, leaving your client’s data unprotected puts their privacy at risk.
NotifyUs Online Tool
The NotifyUs online tool is a breach notification tool which determines if a breach needs to be reported.
‘Under the Privacy Act 2020 (effective 1 December, 2020), if your organisation has a privacy breach that is likely to cause anyone serious harm, it is legally required to notify us and any affected persons as soon as it is practicably able to.’
– Office of the Privacy Commissioner
Back-up your data
Data back-up is crucial to ensure the survival of your business. In the event of a data breach, having your information backed up will allow your business to continue to operate, and notify those that are affected.
We recommend using the 3-2-1 Principle, which suggests your business keeps at least three copies of your data on hand. Two copies should be stored securely onsite whilst the third is kept offsite.
Secure your client data
Your client’s privacy should be your top priority. It is recommended that any client data held in applications or documents that contain personal information, should be secure and placed within a password-protected location. It is highly recommended that you enable multi-factor authentication (MFA) to provide a higher level of protection.
If your client data is stored on a cloud server, ensure the provider is taking the necessary security precautions to protect the privacy of your clients.
Protection is always better than cure. Improving your data security is the best approach. Utilising an Endpoint Detection and Response (EDR) solution will help protect all devices that hold data, providing extra layers of security.
Data Management and Retention
Some software applications being used for data management can be customisable with expiry pre-sets. This means data that is no longer needed, or exceeds the regulatory hold time, is automatically deleted on time.
Your Customer Relationship Management (CRM) or Data management software helps you to regularly conduct checks on your client lists, as well as clean-ups and updates on client information.
What steps can you take?
Staying on top of the new Privacy Act changes and educating your team on how to handle client information is worth the investment for your business.
If you need help choosing the right solution to store and manage your data, please get in touch with us at Think I.T.
*This blog is written to inform you about some of the data privacy law changes that are taking effect and how to better protect your organisation. If you need to consult someone regarding the law or have questions specific to privacy, please contact the Office of the Privacy Commissioner.