Replacement Privacy Act 2020 (effective 1 Dec 2020)



The replacement Privacy Act 2020 coming into force from 1 December 2020 provides consideration for the digital age we're now living in. The key changes for 2020 are extra requirements to;



  • Report privacy breaches that have, or are likely to cause serious harm.
  • Not destroy personal information if someone asks for information held about them.
  • Check that personal information shared with overseas companies will have similar protection to New Zealand.


The Act continues to require that all persons (including staff) be advised of personal information about them that is collected and stored. From 1 December 2020 where a privacy breach occurs an assessment about likelihood of serious harm must be carried out. Section 113 in the Act sets out the assessment to be completed in the event of a breach.


More information about the changes along with a link to the new Act can be found at the Office of the Privacy Commissioner here


In readiness for this update our recommendation would be that you consider:


  • What types of information you collect and whether all that information is still required.
  • How long you retain information for and what your disposal procedures are.
  • What updates to your current privacy policies are needed?
  • What procedures need updating to ensure staff are aware of obligations – induction, IT procedures, terms of trade, customer sign ups, other?
  • How you will notify staff of the changes?
  • Who is your nominated privacy officer that staff can notify regarding requests or breaches?
  • What updates are needed to your website's privacy policy?


For any assistance with reviewing and updating employment related practices for these privacy changes please contact a member of the Grow HR team on (06) 878 5454 or email