The Privacy Act 2020 (New Zealand)

Essential ingredients of Privacy Act 2020 in brief

Pointer

Enterprises may collect, store and process personal information in accordance with the thirteen information privacy principles. The 13 principles are enumerated herein-below for easy reference:

  • Purpose of collection of personal information
  • Source of personal information
  • Collection of information from subject
  • Collection of information from subject
  • Manner of collection of personal information
  • Storage and security of personal information
  • Access to personal information
  • Correction of personal information
  • Accuracy of personal information to be checked before use
  • Agency not to keep personal information for longer than necessary
  • Limits on use of personal information
  • Limits on disclosure of personal information
  • Disclosure of personal information outside New Zealand
  • Unique identifiers
Pointer

The legislation requires to notify major privacy breaches quickly, when a data breach creates a risk of harm.

Pointer

Need to provide right to access personal data which has been collected from individuals, and the right to correct where applicable

Pointer

Non-compliance with New Zealand’s Privacy Act 2020 can attract fine of up to NZD 10,000.

The Trust Challenge

Key challenges in brief

The Privacy Act 2020 confers upon the individual data subjects a series of rights, for instance, right to be informed, right to access, right to erasure, etc.

This is subject to few conditions / requirements (such as, imposing contractual data protection obligations on the recipient comparable to the protections in the Privacy Act; or ensuring the recipient is subject to laws of another jurisdiction that provide comparable protection to the Privacy Act (countries can be ‘whitelisted’ in regulations, which will have a similar effect to a GDPR adequacy decision)).

The legislation requires to notify major privacy breaches quickly, when a data breach creates a risk of harm. This can be possible only if a data inventory for personal data/information is maintained.

This requires agencies not to retain personal information for longer than is necessary for the purposes for which it may lawfully be used. Provided there is an ongoing legal purpose for retaining the personal data, the agency may continue to do so. However, once no such legal purpose exists, the personal data must be erased.

Win-Win Situation

Specific solution for the above mentioned challenges

Ardent Privacy’s patented technology product “TurtleShield” is an ML and AI-powered enterprise software platform, that helps businesses discover, identify, inventory, map, minimize, and securely delete personal data. With TurtleShield, a business enterprise can turn a “Privacy Program” into a “Profit Centre''. TurtleShield’s capabilities are as follows:

Search capability in large datasets to fulfill data subject requests in totality and at a rapid speed. The assumption that data only exists in databases and nowhere else is often not a reality, as customer data exists in many sources. Using ML & AI we crawl across data sources and predict where PII can exist.

Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Identified all of the organizations' personal data and inventoried and mapped their full "Data footprint," allowing them to secure what matters most.

Assists organizations in minimizing excess data by scanning huge data sets for excess data using Machine Learning and identifying excess data, including personal data. Thus, decreasing operational inefficiencies and saving money by deleting useless data and the legal costs associated with having it for regulatory compliance.

With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

The Trust Challenge

Key challenges in brief

Pointer

Fulfillment of Data Subject Rights (DSR’s): The Privacy Act 2020 confers upon the individual data subjects a series of rights, for instance, right to be informed, right to access, right to erasure, etc.

Pointer

Cross-border transfer of personal data: This is subject to few conditions / requirements (such as, imposing contractual data protection obligations on the recipient comparable to the protections in the Privacy Act; or ensuring the recipient is subject to laws of another jurisdiction that provide comparable protection to the Privacy Act (countries can be ‘whitelisted’ in regulations, which will have a similar effect to a GDPR adequacy decision).

Pointer

Breach notification: The legislation requires to notify major privacy breaches quickly, when a data breach creates a risk of harm. This can be possible only if a data inventory for personal data/information is maintained.

Pointer

Data retention (minimization / deletion): This requires agencies not to retain personal information for longer than is necessary for the purposes for which it may lawfully be used. Provided there is an ongoing legal purpose for retaining the personal data, the agency may continue to do so. However, once no such legal purpose exists, the personal data must be erased.

The Trust Challenge

Specific solution for the above mentioned challenges

Ardent Privacy’s patented technology product “TurtleShield” is an ML and AI-powered enterprise software platform, that helps businesses discover, identify, inventory, map, minimize, and securely delete personal data. With TurtleShield, a business enterprise can turn a “Privacy Program” into a “Profit Centre''. TurtleShield’s capabilities are as follows:

Pointer

Enable Data subject rights: Search capability in large datasets to fulfill data subject requests in totality and at a rapid speed. The assumption that data only exists in databases and nowhere else is often not a reality, as customer data exists in many sources. Using ML & AI we crawl across data sources and predict where PII can exist.

Pointer

TurtleShield PI (Privacy Intelligence): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

TurtleShield DI (Data Inventory): Identified all of the organizations' personal data and inventoried and mapped their full "Data footprint," allowing them to secure what matters most.

Pointer

TurtleShield DM (Data Minimization): Assists organizations in minimizing excess data by scanning huge data sets for excess data using Machine Learning and identifying excess data, including personal data. Thus, decreasing operational inefficiencies and saving money by deleting useless data and the legal costs associated with having it for regulatory compliance.

Pointer

TurtleShield RTBF (Right to Be Forgotten): With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Featured News & Blogs

Be the first to catch our latest updates,
happenings and more.

Follow us