Delta Insurance Managing Director Ian Pollard discusses the changing landscape of New Zealand’s data protection laws, and the need for New Zealand businesses to respond proactively.
Data Notification Laws
The existing legislation in New Zealand means that companies are not legally obligated to inform customers of their personal information being compromised, should a data breach occur. However, this looks set to change in the next few years in response to a growing global reform of data protection laws. With the EU set to follow the USA’s lead in implementing stricter data notification laws, it is inevitable that New Zealand follows accordingly, with proposals of fines for breaching data notification requirements already being introduced. Delta Insurance’s Ian Pollard discusses such issues in greater detail, including a proposal to introduce a notification period for businesses in the wake of a data breach.
It’s important to understand that despite data breach notification not yet being a legal requirement in New Zealand, local-based retailers that operate internationally still need to comply with the standards of countries which they also operate in. The emergence of online distribution streams has also increased the cyber risk retailers face. Therefore, it’s best for retailers to be proactive and prepare for a cyber-incident before it actually happens, rather than scramble for options after an attack has occurred, or after new data notification legislation has been introduced. To do this, retailers must make data security a priority for the whole business, with senior involvement in the company’s risk management being a necessity.