Privacy – New Zealand

Course Description

This course provides training on dealing with personal information under the latest New Zealand Privacy law

Privacy is one of the biggest issues a business faces; it affects them when dealing with customers, suppliers and staff. Businesses need to ensure their staff understand what is required of them when dealing with individuals’ personal information. To ensure there are no flaws in your system, it is imperative that each and every employee understands what they can and cannot do with personal information.

In this course you and your Staff will learn all about the Information Privacy Principles. Learn what personal information is and how and when to handle, collect, retain and disclose it. Find out how to prevent a privacy or data breach from occurring and how to manage the incident if an event occurs.

Even if your business has no physical presence in New Zealand, the local privacy laws may still apply. Find out the process and regulations for managing crossborder data flows.

Scenario: Meredith is a sales representative at BargaiNZ, a national department store chain.

A customer, Roberta, has bought a stereo. Meredith offers to register Roberta’s details for the stereo warranty with the store, in case Roberta loses her receipt. Roberta seems reluctant.

Roberta: “I just think the fewer people who have my information, the better. If I give my details to an entity and they misuse it, or it gets stolen, there’s nothing I can do about it personally. Then my info is just out there and there’s nothing I can do.” 

If Roberta did give BargaiNZ her details and BargaiNZ breached privacy law with them, what could Roberta do?

Who should do this training?

The training is suitable for staff at any level of an organisation that collects, holds or uses personal information and does business in New Zealand.

It is designed to cater for a diverse audience and all levels of staff, addressing the legal content in plain language.

For more information on other GRC Solutions’ privacy training resources:


Privacy – Covering the Privacy Act and the Australian Privacy Principles

Privacy for Schools – Covering the Privacy Act and the Australian Privacy Principles as they apply to schools

Health Privacy – Health businesses collect and maintain sensitive personal information

Australia – Financial Services

Financial Services Privacy Training – covering the Privacy Act and the Australian Privacy Principles

Credit Reporting – covering the Credit Reporting Act

Health Privacy


General Data Protection Regulation – covering the GDPR – which has global implications


Data Protection Singapore – covering the Personal Data Protection Act 2012 and also the implications of the GDPR


Data Protection Malaysia – covering the Personal Data Protection Act 2010 and also the implications of the GDPR


California Consumer Privacy Act

Course Outline

Module 1: Introducing privacy

·        What is personal information?

·        Describe the scope of privacy law in relation to New Zealand

·        Collection, storage access and correction of personal information

·        Obligations in relation to the use and disclosure of personal information

·        What to do when a data breach occurs and what penalties can be imposed for breaches of privacy law

Module 2: Collection

·        Identify when you can collect personal information

·        What sources you can use for personal information

·        Requirements for notifying individuals of collection

·        Exceptions to notification of collection

·        Describe the manner in which you can collect personal information

Module 3: Storage, access and correction

·        Explain the importance of keeping personal information secure in your role

·        Identify ways to protect and control access to personal information

·        How to handle requests for access to personal information

·        When you can refuse to grant individuals access to their personal information

·        Why and when agencies should correct personal information they hold

Module 4: Use and disclosure

·        Describe how to ensure personal information is accurate

·        Determine whether you should retain or dispose of personal information

·        Identify the limits on use and disclosure of personal information

·        In what situations you can use or disclose personal information for direct marketing

·        The prohibition on the assignment or use of unique identifiers

Module 5: Credit reporting

·        Identify the entities involved in credit reporting

·        The principles governing the management and collection of credit information

·        Circumstances in which credit reporters are permitted to use or disclose credit information

·        Your obligations relating to storing credit information, giving individuals access to personal information and making corrections

·        Outline the procedure for dealing with complaints