Privacy and data protection

From identity theft, fraud, hacking attacks and employee incidents, cyber security issues have never been more relevant to organisations. We are advising our clients on a range of privacy issues relevant to cyber security mitigation and response, including Privacy Act obligations, guidance, policies and procedures.

Privacy policies and practices in New Zealand are frequently changing to keep up to date with market practice, guidance and recent changes to relevant legislation. The Privacy Act is the subject of proposed reform and we are closely monitoring progress to keep our clients up to date with developments that will affect their business.

The collection of personal information on consumers and employees is becoming more accessible and more detailed, and valuable. As a result, privacy and data protection laws are increasingly complex. Our cross-practice privacy team has strong experience on the full range of privacy and data protection matters.

Our team brings together expertise from employment, commercial, consumer, e-commerce, technology, intellectual property, insurance, banking, public law and litigation. Our experience ranges from advising on consumer and marketing practices, employment agreements, privacy policies and requests for personal information, through to advising clients on Privacy Act breaches, communicating with the Privacy Commissioner and responding to complaints and investigations. We understand the full range of legal and practical issues and support our clients through the complexities of information management.

We have acted for a number of public sector clients addressing compliance with privacy law in their organisations, and dealing with breaches. We have also advised on inquiries and investigations into breaches of the Privacy Act.

Our team has an international profile. We regularly provide advice on New Zealand’s privacy and data protection laws to law firms in the US, Europe and Australia to assist their multinational clients with particular projects and with legal compliance generally. It is an area which is becoming increasingly regulated and we work with our clients to ensure they are well prepared. We give New Zealand legal, tactical and practical advice to multinational organisations on significant cross-border privacy and data protection breaches. We have co-authored the New Zealand privacy sections for various overseas legal texts.

We routinely advise international businesses seeking to harmonise data protection policies across jurisdictions or to transfer information across borders. Our privacy team also advises on privacy aspects of mergers and acquisitions, initial public offerings (IPOs), outsourcing and other commercial transactions, ensuring clients are fully covered while going through business transformation projects.

We advise on privacy issues that arise at all stages of the employment process, including recruitment, negotiation of employment agreements, drug and alcohol testing, medical incapacity issues, requests for personal information and restructuring, disciplinary or performance management processes.

We have prepared a practical guide to assist with the introduction of the Privacy Act 2020 on 1 December 2020.

Download the guide here.

Work highlights

Commercial, e-commerce and technology
Advising a bank on updating its privacy practices and policies to comply with recent major changes to related consumer protection legislation, including the introduction of restrictions on unfair contract terms and direct sales techniques.

Diversification of revenue streams has also been a key theme of recent projects, particularly through Big Data
Routinely advising on privacy issues that are inherent in technology projects, such as advising a telecommunications provider on the launch of its mobility services offering.

Our team regularly advises consumer electronics and entertainment companies on international privacy questionnaires, data protection policies and cross-border collection and transfer of information. Our team has advised a US multinational on the New Zealand aspects of a major privacy and data protection issue affecting numerous jurisdictions arising out of automated cross-border electronic data transfers.

Employment
Advising employers regarding requests by employees to access personal information during disciplinary and restructuring processes, and reviewing employment policies relating to personal information belonging to employees.

Advised many organisations on privacy issues including on drug and alcohol testing policies and related disciplinary processes, the transfer of personal information that belongs to employees and/or third parties, and workplace surveillance policies.

Public sector
Conducting a review of an organisation's policies and practices to determine compliance with the Privacy Act, and acting for KPMG on the independent review of ACC's privacy and security of information.