In our article on Privacy for Organisations we talk about how to stay safe as an organisation. But what about if you have shared your personal information with an agency? How do you stay safe as an individual? Let’s look at some frequently asked questions.
FAQs
1. Do agencies need to tell you if your information is involved in a privacy breach?
Agencies must report serious breaches to the Privacy Commissioner and the affected individuals. A serious breach is one that has or is likely to cause serious harm to those affected. Failure to notify the Privacy Commissioner of a notifiable privacy breach may result in a fine of up to $10,000 or the issue of a public compliance notice.
2. How can you check if your information has been leaked?
Check at haveibeenpwned.com
3. What happens if your privacy is breached?
Contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068.
4. How do you ask an agency for your information?
Use this form, or request the information by phone, email or letter. Agencies must reply within 20 working days, or 10 days for urgent requests, but can refuse for valid reasons.
5. How do you correct your information?
Contact the agency, explain the error, and ask for it to be corrected. If the correction is refused, you may complain to the Privacy Commissioner.
6. How do you make a complaint?
Try to resolve it with the agency first. If that doesn’t work, complain to the Privacy Commissioner. They will not investigate situations from long ago or that didn’t cause you harm, or things like family disputes, someone else’s personal information, or vexatious matters.
7. Are there any special rules for sensitive personal information?
Codes of practice exist for some sensitive types of personal information, such as for health, credit and superannuation.
8. How do you keep your own information safe?
Your personal information is important to you and may be valuable to others who can benefit from it. Be thoughtful about giving out your personal information. Many agencies provide a discount when your join their ‘club’. Ask yourself if it is really worth it.
- When asked for your details by email or phone, question why it is needed and confirm the collection is valid.
- Monitor your email and bank accounts and be alert for any suspicious behaviour.
- Use complex passwords and change them monthly—it’s worth the effort.
- Report breaches.
9. What if you need to breach a privacy obligation?
Look at the guidance and contact the Privacy Commissioner’s Office for clarification.
—
