In a recent Financial Advice NZ webinar, Campbell Featherstone and David Ireland from Dentons Kensington Swan spoke about the implications of the impending changes to the Privacy Act for advisers. The key take away message was that ensuring compliance is also about an adviser’s reputation, their client’s safety and confidence as well as public confidence.
“As part of our webinar series Bring in the Experts, Campbell Featherstone and David Ireland from law firm Dentons Kensington Swan talked about what this piece of legislation means for financial advisers, and the practical steps you can take to ensure your privacy settings are fit for purpose for the new regime.
The overarching message is that being compliant with the new Privacy Act isn’t just about legislation; it’s about your reputation, your clients’ safety and confidence, and public trust in financial services. Let’s dive in.”
Privacy Act 2020 does a number of things including replacing the existing Privacy Act while maintaining the overall principles. Key components of the Act include data minimisation, access expansion, and data breach reporting.
“As you’ll know, the Privacy Act 2020 repeals and replaces the 1993 Act. While the overall principles are mostly unchanged, the ‘refreshed’ version of the law acknowledges that a lot has happened in the past 27 years in the way businesses interact with clients and collect information.
Under the new principle of ‘data minimisation’, all companies – including financial advice businesses – must only collect and keep personal information that is needed (e.g. data related to the advice you provide), for only as long as it is needed (e.g. at least seven years as per FAP licence standard conditions).
The Privacy Act 2020 gives individuals in New Zealand a right to access the personal information you hold about them (with a few exceptions). Importantly, unlike current legislation, the Privacy Commissioner will now have the authority to compel the release of this information (upon the individual’s request) by issuing an ‘access direction’. Failing to comply without a reasonable excuse can result in a fine of up to $10,000.
Data breach reporting shifts from voluntary to mandatory. It’s important to note that this obligation only concerns ‘notifiable’ privacy breaches. What’s notifiable? Generally speaking, if it’s reasonable to believe that the breach would cause serious harm to an individual, then the breach is ‘notifiable’.
The threshold may not always be clear, so the experts at Dentons Kensington Swan recommended a cautious approach – when in doubt, notify the Privacy Commissioner as soon as possible.” Click here to read more
In other news
FMA: FMA offers investors insight into bonds
Asteron Life: AsteronConnect is being updated to cover options available for all occupations according to the current Underwriting guide
FSC: the FSC has published Code of Conduct guidance, educational materials resource pack, and a facilitator guide
FSC: Risk Management and Implementing a Risk Framework webinar
FSC: Privacy - Reviewing your obligations under the Privacy Act webinar