Most people these days are aware that what they share online is both valuable and vulnerable. Data privacy has become a major concern for consumers and corporations alike. The issue will come to a head when New Zealand’s Privacy Act 2020 comes into force on December 1.
The legislation replaces and updates the 1993 act. Its key purpose is to promote people’s confidence that their personal data and information are secure and will be treated properly.
The act makes notification of privacy breaches mandatory. Organisations receiving and collecting data will now have to report any privacy breach they believe has caused, or is likely to cause, serious harm.
Those organisations can also be issued with compliance notices that require them to do something, or stop doing something, in order to comply with the law.
It will be in their interests to quickly adapt to the new regulations — not just legally, but also commercially. Our research suggests building consumer trust is critical for organisations that require customers to share information with them online.
However, a recent survey commissioned by global technology company Masergy revealed 70% of business leaders find data security challenging.
This is a concern in a technologically driven business environment. The collection and analysis of consumer data are now integral to many industries. The high degree of personalisation and convenience this allows gives many businesses their competitive advantage.
Because of this, data analytics will be among the most important technology investments for New Zealand companies over the next 12 months. With COVID-19 driving increased e-commerce and digital activity, we can expect significant increases in consumer data being exchanged online.
At the same time, the fast pace of technological transformation risks important ethical considerations about data ethics and data governance being overlooked.
As the recent Netflix documentary The Social Dilemma highlighted, the growth of social media, e-commerce and online data surveillance (sometimes known as “dataveillance”) has built a huge system of information accumulation.
This enables organisations to anticipate and change consumer behaviours to drive revenue and gain market control. How they responsibly govern themselves will only become more important.
Internationally, the European Union’s 2018 General Data Protection Regulation (GDPR) has had a significant impact on international data flows well beyond the EU’s own borders.
GDPR allows the transfer of personal data between countries only if adequate data protection is guaranteed. The level of data protection has to be demonstrated at country level, and the EU has certified New Zealand as “providing adequate protection” of privacy.
This is good news, but organisations will need to ensure their approach to privacy shifts from “are we compliant?” to “are we compliant and doing the right thing?”
There are several measures we think will help organisations build this trust and comply with the law:
The Privacy Act 2020 and the GDPR framework will force organisations to recognise the value of their data and be more aware of the growing legal thresholds they need to meet.
But the penalties and reputational risks of noncompliance should not obscure the clear commercial benefits of voluntarily adopting ethical, customer-first business practices.