NZ enhances privacy breach reporting with online tool

The NZ Office of the Privacy Commissioner (OPC) has launched NotifyUs — an online tool that enables businesses and organisations to assess whether a privacy breach is notifiable.

Under the Privacy Breach Act, which comes into effect on 1 December, it will be mandatory for organisations to notify the OPC if a privacy breach has caused, or is likely to cause, serious harm.

Serious harm is defined as the unwanted sharing, exposure or loss of access to people’s personal information. Some information is more sensitive than others and therefore more likely to cause people serious harm.

Other examples of serious harm include physical harm, intimidation, financial fraud (including unauthorised credit card transactions or credit fraud), family violence, and psychological or emotional harm.

Businesses and organisations that fail to report a notifiable privacy breach may be fined up to $10,000. Privacy Commissioner John Edwards said NotifyUs will guide organisations through the reporting process.

“We want the privacy breach pre-assessment and reporting process to be straightforward. NotifyUs has undergone extensive testing ahead of today’s launch to ensure the guidance is clear and easy to follow. I encourage people to use it in advance of the new legislation taking effect on 1 December,” said Edwards.

The OPC has also provided other resources on privacy breach reporting, including a short e-learning module and breach reporting brochure.

Image credit: ©stock.adobe.com/au/tippapatt