Privacy Act 2020

The Privacy Act 2020 is an Act of Parliament in New Zealand which replaced the Privacy Act 1993. It has a higher amount of detail regarding digital privacy, including that businesses and organisations keep personal information of customers, clients and employees safe. It also allows for people to order that agencies give them access to information held about them, and it is illegal for those organisations to destroy information after a request has been made for access. Foreign firms in New Zealand must comply with the Act, and it includes sending information outside of New Zealand.

Described by the Privacy Commissioner John Edwards, the largest change is that organisations affected by a privacy breach must notify the Privacy Commission. The new law allows for the issuing of compliance notices, and enforcement in the Human Rights Review Tribunal. If organisations do not comply, they can be faced with a fine up to $10,000. Other changes include that it is illegal to mislead an agency into providing a person's personal information.

The Act covers information retrieval for Artificial intelligence.

Background
Before the Privacy Act 2020, the last time New Zealand's privacy laws had changed was in 1993.

Criticism
In the Human Resources Director Magazine, Matt Hutscheson writes that during employee investigations, employees may request information under the Privacy Act and may refuse to partake in the processes of the organisation until they get their requested information. Hutscheson writes that the information requested is often not related to processes the employer is running.

Writing for the Auckland Law School, Nikki Chamberlain and Stephen Penk say that the Act is outdated, saying that "our new Act does not adequately address the risks of the 21st century" and "there is a real need to develop the law around misappropriation of personality to protect an individual's right to identity privacy", and that the Act does not give a right to be 'forgotten'.