Deloitte report on the New Zealand life insurance sector
Asteron Life introduces mental health support, and more daily news

Privacy Act 2020 insights, and more daily news

In a recent Financial Advice NZ webinar, Campbell Featherstone and David Ireland from Dentons Kensington Swan spoke about the implications of the impending changes to the Privacy Act for advisers. The key take away message was that ensuring compliance is also about an adviser’s reputation, their client’s safety and confidence as well as public confidence.

“As part of our webinar series Bring in the Experts, Campbell Featherstone and David Ireland from law firm Dentons Kensington Swan talked about what this piece of legislation means for financial advisers, and the practical steps you can take to ensure your privacy settings are fit for purpose for the new regime.

The overarching message is that being compliant with the new Privacy Act isn’t just about legislation; it’s about your reputation, your clients’ safety and confidence, and public trust in financial services. Let’s dive in.”

Privacy Act 2020 does a number of things including replacing the existing Privacy Act while maintaining the overall principles. Key components of the Act include data minimisation, access expansion, and data breach reporting.

“As you’ll know, the Privacy Act 2020 repeals and replaces the 1993 Act. While the overall principles are mostly unchanged, the ‘refreshed’ version of the law acknowledges that a lot has happened in the past 27 years in the way businesses interact with clients and collect information.

Under the new principle of ‘data minimisation’, all companies – including financial advice businesses – must only collect and keep personal information that is needed (e.g. data related to the advice you provide), for only as long as it is needed (e.g. at least seven years as per FAP licence standard conditions).

The Privacy Act 2020 gives individuals in New Zealand a right to access the personal information you hold about them (with a few exceptions). Importantly, unlike current legislation, the Privacy Commissioner will now have the authority to compel the release of this information (upon the individual’s request) by issuing an ‘access direction’. Failing to comply without a reasonable excuse can result in a fine of up to $10,000. 

Data breach reporting shifts from voluntary to mandatory. It’s important to note that this obligation only concerns ‘notifiable’ privacy breaches. What’s notifiable? Generally speaking, if it’s reasonable to believe that the breach would cause serious harm to an individual, then the breach is ‘notifiable’.

The threshold may not always be clear, so the experts at Dentons Kensington Swan recommended a cautious approach – when in doubt, notify the Privacy Commissioner as soon as possible.” Click here to read more

In other news

FMA: FMA offers investors insight into bonds

Asteron Life: AsteronConnect is being updated to cover options available for all occupations according to the current Underwriting guide

FSC: the FSC has published Code of Conduct guidance, educational materials resource pack, and a facilitator guide

FSC: Risk Management and Implementing a Risk Framework webinar

FSC: Privacy - Reviewing your obligations under the Privacy Act webinar


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)