Privacy & Data

Businesses operate in an era where huge amounts of data are collected, created, stored, analysed and sold.

While data can be used to create powerful advantages, organisations need to understand and manage their obligations. A data or privacy breach can have a devastating effect on reputation and serious legal consequences.

Our specialist privacy and data lawyers advise private and public sector organisations on the collection, use and disclosure of personal information in accordance with privacy laws, including New Zealand’s Privacy Act 2020, and consumer protection and antispam laws.

We also guide clients on their strategies around data governance and pursuing the opportunities that data use can create, while adhering to good data ethics.

We acted in the ground-breaking case that first recognised breach of privacy as actionable under New Zealand law. Since then, we’ve acted on the leading New Zealand cases dealing with civil liability for interference with privacy and with balancing the competing values of privacy, open justice, and freedom of information.

Our services include:

  • advising New Zealand and international businesses on privacy and related data protection matters, including Privacy Act and GDPR obligations
  • advising on trans-border data flows, particularly for multi-national clients seeking to store personal information of New Zealand customers or personnel offshore
  • assisting clients to assess their privacy practices and procedures, undertake privacy impact assessments on new initiatives, and improve privacy practices
  • assisting clients to undertake Privacy Act reviews and respond to Privacy Act requests; and with compliance notices and access determinations issued by the Privacy Commissioner
  • advising and acting on privacy-related disputes in the Human Rights Review Tribunal and the Courts
  • assisting with managing data breaches and security incidents involving personal information
  • preparing privacy policies in relation to customer and employee data.

Resources

Our summary sheet provides an overview of the Privacy Act 2020.

Our notifiable privacy breaches flowchart will help you work out whether a breach is notifiable and provides an overview of the notice requirements.

Work Highlights

Waikato District Health Board

We acted for Waikato District Health Board in a landmark proceeding for breach of confidence against Radio New Zealand (RNZ) and others preventing further publication of information published on the dark web as the result of a cyber-attack.

Dominos

We advised on the privacy implications of using GPS and driving behaviour tracking software for delivery drivers in their personal vehicles.

Watercare Services Limited

We advised on privacy considerations for its “My Account” service and for the launch of the Watercare mobile application including development of appropriate terms of use and a privacy policy for customers.

The New Zealand Health Group

We advised on the updating of its privacy policies and procedures (both internal and external) for compliance with the Privacy Act 2020 and the Health Information Privacy Code, and development of a breach management and response procedure.

Westpac

We reviewed and helped develop privacy policies, including a breach reporting framework and process.

Various clients

We have advised New Zealand and international businesses on privacy and related data protection matters, including the application of the Privacy Act and GDPR obligations.

Our Experts

Bronwyn Heenan
Jania Baigent
John Rooney
Karen Ngan
Phillipa Muir
Sally McKechnie

Insights & News

15/04/2024·1 min to read

Register for Insights - Simpson Grierson's CPD programme for in-house lawyers

SG news and eventsIn-house legal
12/04/2024·3 mins to read

Biometric Boundaries: A Code of Practice to Regulate Biometrics in New Zealand

Privacy Act and data protectionEmployment lawDigital & new technologies
13/03/2024·

Contractual Vigilance: Protecting against data breaches

Privacy Act and data protectionDigital & new technologies
29/02/2024·

EU’s world first AI Act: the future is closer than you think

Artifical IntelligenceDigital & new technologiesPrivacy Act and data protection
26/09/2023·3 mins to read

The UK is cracking down on harmful online content - is New Zealand next?

Privacy Act and data protectionOnline safety
26/07/2023·2 mins to read

Customer and Product Data Bill - what should businesses know?

Privacy Act and data protection
13/07/2023·2 mins to read

Safer online services and media in New Zealand - Proposals for change

Privacy Act and data protectionDigital & new technologiesOnline safety
11/07/2023·2 mins to read

Let it Go: unnecessary information creates unnecessary risk under the Privacy Act

Privacy Act and data protection
19/05/2023·5 mins to read

A class of their own? Class actions, privacy breaches and what it could mean for you

Class actionsPrivacy Act and data protectionDigital identityDigital & new technologies
17/05/2023·3 mins to read

New Digital Identity Framework – what does this mean for you?

Privacy Act and data protectionDigital & new technologiesDigital identity
3/04/2023·

Financial Services Regulation Update - April 2023

FSR UpdateFinancial Services RegulationAnti-money launderingRussian sanctions
23/02/2023·2 mins to read

National State of Emergency: Impact on Privacy Law

Local governmentPrivacy Act and data protection
1/02/2023·1 min to read

Financial Services Regulation Update - February 2023

Financial Services RegulationFSR UpdateCorporate governanceInsurancePrivacy Act and data protection
19/12/2022·4 mins to read

Australia strengthens data breach laws with implications for NZ businesses

Privacy Act and data protection
5/09/2022·4 mins to read

Consultation begins on broadening the Privacy Act’s notification rules

Privacy Act and data protection
1/09/2022·4 mins to read

The Privacy Commissioner consults on biometrics – the Employment Law and Privacy implications

Privacy Act and data protectionDigital & new technologies
11/08/2022·4 mins to read

Be careful what you post about

Social mediaDigital identityOnline safety
12/07/2022·2 mins to read

Regulators come down hard on spam breaches - are your marketing emails compliant?

Privacy Act and data protection
20/05/2022·3 mins to read

Pictures don't lie, or do they?

Privacy Act and data protectionDigital identityArtifical Intelligence
21/12/2021·5 mins to read

2021 litigation wrap up and a look at 2022

Class actionsPrivacy Act and data protectionJudicial reviewClimate change litigationLitigation funding
9/11/2021·6 mins to read

Digital Identity Services Trust Framework Bill introduced

Privacy Act and data protectionDigital & new technologiesDigital identity
15/10/2021·3 mins to read

Survey reveals NZ employers strongly support mandatory Covid-19 vaccination

Employment lawVaccine mandatesEmployer surveys
17/09/2021·2 mins to read

New Zealand Privacy Commissioner - First compliance notice issued

Privacy Act and data protection
14/09/2021·3 mins to read

Compulsory scanning and complying with the Privacy Act

Privacy Act and data protectionCovid-19Digital identity
30/08/2021·4 mins to read

Securing your digital ID - NZ set to create Identity Trust Framework

Digital identityPrivacy Act and data protection
12/07/2021·3 mins to read

Embracing data portability: NZ set to establish a Consumer Data Right

Privacy Act and data protectionDigital & new technologies
10/03/2021·4 mins to read

Employer obligations at different alert levels

Covid-19Employment law
22/02/2021·4 mins to read

NZ COVID Tracer App - Is your data safe?

Covid-19Privacy Act and data protection