Your browser version is no longer supported, so you may experience issues while using this site.
Please upgrade to a current browser to enjoy the best experience.

News and Views


New Privacy Act -
Greater Risks for NZ Businesses

In May 2018 VL released a Market Bulletin which foreshadowed a more stringent legislative environment to protect individual privacy.  

It is therefore no surprise to note that with effect from 30 June 2020 the Privacy Act 2020 was passed by Parliament and comes into force in New Zealand on 1 December 2020. 

The main points to note are:

  • Mandatory notifications of privacy breaches – both to the affected parties and to the Privacy Commissioner;
  • The Privacy Commissioner has the power to issue non-compliance penalties of up to NZ$10,000.  It will be interesting to see if these rise in time.  In comparison, the equivalent legislation in Australia has penalties of AUD$2.1m (although last year the Australian Government announced its intention to increase these) and in the EU, the GDPR fines reach the greater of €20m or 4% of the global annual revenue;
  • If sharing information overseas New Zealand organisations must ensure that those in receipt can implement similar levels of privacy protection to those in New Zealand;
  • The Act also applies to organisations without a physical presence in New Zealand who collect, process or store personal information of New Zealanders.

(Read more in the NZ Privacy Act 2020: Update 1 publication put out by the international law firm Wotton + Kearney)


There are significant changes for most businesses in New Zealand.  


Overseas, mandatory reporting led to increased numbers of reported security breaches as well as an increased uptake of cyber insurance policies.  Dependent on the amount of personal records held, and the scale of the data breach, the costs to notify can be significant.

VL’s cyber insurance is one means to mitigate the costs arising from notification of privacy breaches.

If you wish to discuss any aspect of this issue, please contact Dan Lowe - VL’s Cyber Specialist or your VL underwriter.