Privacy & Data
Businesses operate in an era where huge amounts of data are collected, created, stored, analysed and sold.
While data can be used to create powerful advantages, organisations need to understand and manage their obligations. A data or privacy breach can have a devastating effect on reputation and serious legal consequences.
Our specialist privacy and data lawyers advise private and public sector organisations on the collection, use and disclosure of personal information in accordance with privacy laws, including New Zealand’s Privacy Act 2020, and consumer protection and antispam laws.
We also guide clients on their strategies around data governance and pursuing the opportunities that data use can create, while adhering to good data ethics.
We acted in the ground-breaking case that first recognised breach of privacy as actionable under New Zealand law. Since then, we’ve acted on the leading New Zealand cases dealing with civil liability for interference with privacy and with balancing the competing values of privacy, open justice, and freedom of information.
Our services include:
- advising New Zealand and international businesses on privacy and related data protection matters, including Privacy Act and GDPR obligations
- advising on trans-border data flows, particularly for multi-national clients seeking to store personal information of New Zealand customers or personnel offshore
- assisting clients to assess their privacy practices and procedures, undertake privacy impact assessments on new initiatives, and improve privacy practices
- assisting clients to undertake Privacy Act reviews and respond to Privacy Act requests; and with compliance notices and access determinations issued by the Privacy Commissioner
- advising and acting on privacy-related disputes in the Human Rights Review Tribunal and the Courts
- assisting with managing data breaches and security incidents involving personal information
- preparing privacy policies in relation to customer and employee data.
Our summary sheet provides an overview of the Privacy Act 2020.
Our notifiable privacy breaches flowchart will help you work out whether a breach is notifiable and provides an overview of the notice requirements.
Waikato District Health Board
We acted for Waikato District Health Board in a landmark proceeding for breach of confidence against Radio New Zealand (RNZ) and others preventing further publication of information published on the dark web as the result of a cyber-attack.
We advised on the privacy implications of using GPS and driving behaviour tracking software for delivery drivers in their personal vehicles.
Watercare Services Limited
The New Zealand Health Group
We advised on the updating of its privacy policies and procedures (both internal and external) for compliance with the Privacy Act 2020 and the Health Information Privacy Code, and development of a breach management and response procedure.
We reviewed and helped develop privacy policies, including a breach reporting framework and process.
We have advised New Zealand and international businesses on privacy and related data protection matters, including the application of the Privacy Act and GDPR obligations.