How to write a Privacy Policy for your business

Introduction to the Privacy Act

The Privacy Act is a legislation in New Zealand that regulates how personal information is collected, used, stored and disclosed by businesses, organisations, and government agencies.

The Act was first enacted in 1993, and has been updated several times since then, with the most recent update in December 2020.

The Privacy Act applies to businesses and organisations of all sizes, including small businesses and sole traders. This ensures that all New Zealanders are protected by the same privacy standards, regardless of the size of the organisation collecting their personal information.

Companies witness an average return on investment (ROI) of 1.8% from their privacy-related expenditures, and 92% acknowledge they have a moral obligation to use consumer data honestly and transparently.

– CISCO

Can I write a Privacy Policy for my business or do I need a lawyer to do this?  

You can write your own Privacy Policy for your business ensuring you meet the requirements set out in the Privacy Act 2020 and the Information Privacy Principles (IPP).

There is no legal requirement to involve a lawyer when writing your Privacy Policy. However seeking legal assistance can be beneficial especially when you have more complex practices in your business. 

Whether you write your privacy policy or leave it in the hands of professionals, note they can be complex legal documents, so it’s important to ensure accuracy, comprehensiveness, and easy to understand. 

76% of individuals said it’s too hard for them to understand how their information is being used.

–CISCO

How to write a privacy policy for your business in 5 steps?

1. Identify 

Describe the reasons why your business collects personal information, such as to provide services to customers, to process transactions, or to conduct marketing activities.

2. Collect 

Make a list of the types of personal information your business collects, such as names, addresses, email addresses, phone numbers, etc. This can also include sensitive information such as health or financial information.

3. Use 

How – Describe the methods used to collect personal information, such as through website forms, phone calls, or in-person interactions.

With who – Describe the purposes for which you use personal information and whether you share it with third parties. Be sure to provide details on how you protect personal information, such as through encryption or secure storage.

4. Correct 

Describe how individuals can access their personal information, request that it be corrected, or request that it be deleted.

5. Comply 

Don’t forget to comply with New Zealand’s Privacy Act 2020 and the Information Privacy Principles.

When you are writing or updating your Privacy Policy, it’s important to use clear and simple language that is easy to understand. 

You might like to tailor your Privacy Policy to specific business practices. 

Review your PrivacyPpolicy regularly to ensure that it remains accurate and up-to-date.

For a starting point and more guidance check out Free Website Privacy Policy Template NZ 

Why it might be worth seeking help when writing a Privacy Policy?  

1. Legal compliance: Privacy laws and regulations are complex and constantly changing. Seeking help from a lawyer or legal expert can ensure that your Privacy Policy is compliant with all relevant laws and regulations.
2. Protection for your business: A well-written Privacy Policy can help protect your business from legal liability and potential lawsuits. By working with a professional, you can ensure that your Privacy Policy is comprehensive and provides the necessary protections for your business.
3. Clarity and transparency: Privacy policies can be difficult to understand, particularly for individuals who are not familiar with legal language. Working with a professional can ensure that your Privacy Policy is written in clear and understandable language, which can help build trust with your customers or clients.
4. Customisation: Every business is unique, and privacy policies should be tailored to reflect the specific needs of each business. By working with a professional, you can ensure that your Privacy Policy is customised to meet the needs of your business and your customers or clients.
5. Expertise: A professional can bring expertise and experience to the table, ensuring that your Privacy Policy is comprehensive, up-to-date, and provides the necessary protections for your business and your customers or clients.

Overall, seeking help when writing a Privacy Policy can provide peace of mind and ensure that your business is protected from legal liability, while also demonstrating your commitment to transparency and protecting the privacy rights of your customers or clients.

Famous privacy branches cases: 

Record damages awarded for cake photo breach – Human Rights Review Tribunal awarded Karen Hammond over $168,000 dollars, largely in part for the severe humiliation she suffered through the actions of her former employer, NZCU Baywide.

ACC ordered to pay claimant $50,000 for breach of privacy by destroying the man’s file.

Record fine for privacy breaches – German real estate company has been fined €14.5 million for breaching the General Data Protection Regulation (GDPR).

---

If you’re interested in learning more about the services we can support you with, click here for an overview.

Get in touch today, we’d love to know how we can help you and your growing business.
The Freelancer PA team.