New Zealand has passed a bill reforming the nation's privacy law. The bill includes new mechanisms promoting early intervention and risk management by entities rather than relying on data subjects' complaints, an enhanced role for the New Zealand Privacy Commissioner, and stronger protections for cross-border data transfers.

Other key changes of the bill include a requirement for entities to ensure that the information they process is accurate, up to date, and complete; data subjects' right to access and correct their personal information; and a data breach notification requirement where the breach may reasonably cause serious harm to an affected individual.

The bill will apply to various covered entities. First, it will apply to any New Zealand entity on any action taken, or personal information collected or held, whether inside or outside of New Zealand, regardless of where the relevant individual concerned is located. It also will apply extraterritorially, to any overseas entity concerning any action taken, or personal information collected or held, in the course of doing business in New Zealand, regardless of where the relevant individual is located. Finally, it will apply to an individual not ordinarily a resident in New Zealand, who is nevertheless present in New Zealand, concerning any action they take, and information they collect, while in New Zealand, regardless of where the information is held or where the relevant individual is located.

The amendments will take effect starting on 1 December 2020, and they are subject to royal assent to become law.

CLICK HERE to read the New Zealand Privacy Bill.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.