Punctuate

The Privacy Act

Developing a privacy focussed future

Privacy Act 2020

- 3 minute read

The Privacy Act 2020 came into force on 1 December 2020, replacing the Privacy Act 1993. Now that the dust has settled we take a look at some of the effects the updated act has had on how we build our products.

Undoubtedly one of the trickier aspects of the new act is ensuring personal data is properly handled and stored once it leaves New Zealand's shores. Not all countries have equivalent laws and protections. The EU is well known for its GDPR (General Data Protection Regulation), but other countries, including the US where many digital services originate, have yet to implement a data privacy law at a national level. Instead the US, for the time being at least, remains reliant on a raft of federal and state laws. All of which means when selecting offshore services to interact with that have a personal data component, things can quickly get complicated. Agreements, contracts and compliance all need to factored in, and for small businesses this can be daunting, if not plain off-putting.

Last year we migrated our analytics platform to a privacy focussed service based in the EU called Plausible. For us analytics is about the ability to rapidly understand trends, see responses to changes we implement and campaigns we run. Many analytics platforms collect a raft of personal data because the ultimate goal of the service is advertising or onward selling of data. In selecting a service that is otherwise focussed, we have not only removed personal data collection through analytics, we have completely negated the need for cookies on some of the websites we've created, including this one (for non account holders). This has been achieved without any loss of functionality or detriment to our analytics insights.

That got us thinking. If we can effect such positive change with analytics, why not for other services. When we build websites and apps they invariably need to integrate with external services, this could be anything, geo-location, document storage, payments, analytics or invoicing. With privacy in mind we've selectively whittled down our external service providers of choice to those who actively respect data privacy, either through local laws or, better yet, through not requiring personal data at all. These are the services we're now integrating with and these are the types of services we can recommend to New Zealand businesses to in turn meet their obligations to their customers.

Hopefully you'll already know from your developers exactly what your websites and apps are doing in terms of collecting, managing and sharing personal data. If you don't, now would be the time to ask. If you find things are not as you would like, put a plan in place today.

We believe the updated act is a good thing for every New Zealander, and we think an individuals right to data privacy should continue to be a point of concern for lawmakers. There is of course much more work to do, the landscape will continue to evolve around us as it always has. We look forward to welcoming future developments that serve to heighten the respect afforded to personal data.

 


Previous article   Blog home