Why you need a Privacy Officer

First Published: 14 June, 2022

The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.

Who should be a privacy officer

The person responsible for privacy matters depends on the size of your organisation, the work it does, and what personal information it handles.

In smaller organisations, the manager is normally responsible for all legal compliance, including privacy.

Often an in-house complaints, human resources, or legal team will do privacy work as part of their duties.

Large organisations, or organisations that handle a lot of personal information, may need one or more employees focusing exclusively on privacy matters.

Whoever takes on the duties of a privacy officer, it’s important for managers in the organisation to take their advice seriously.

Why you need a privacy officer

As well as being required by law, having a privacy officer is useful for your organisation.

Good privacy builds trust with clients and employees and enhances a business’ reputation. An internal privacy adviser who is familiar with the business and privacy law adds value to your organisation.

Privacy officers can prevent or fix privacy issues before they become serious problems. This can save you money, or lost business.

If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.

The duties of a privacy officer

A privacy officer will:

be familiar with the privacy principles in the Privacy Act
work to make sure the organisation complies with the Privacy Act
deal with any complaints from the organisation's clients about possible privacy breaches
deal with requests for access to personal information, or correction of personal information
act as the organisation's liaison with the Office of the Privacy Commissioner.

They may also:

train other staff at the organisation to deal with privacy matters
advise their organisation on compliance with privacy requirements
advise their organisation on the potential privacy impacts of changes to the organisation's business practices
advise their organisation if improving privacy practices might improve the business
be familiar with any other legislation governing what the organisation can and cannot do with personal information.

Learn more at privacy.org.nz

Written by

Office of the Privacy Commissioner

You may also like

Name Suppression Services image

Regulatory & Privacy

Are you talking to people who don’t want to hear from you?

As a professional marketer or data expert you’re committed to best practice, so you don’t want to...

Regulatory & Privacy

Guidance on Anzac Day advertising

In the lead-up to Anzac Day, the Advertising Standards Authority (ASA) have released advice for...

Premium Regulatory & Privacy

ASA Memo on Olympics Advertising

Confidential Advice to Members of the MA and Advertising Standards Authority

Category

Regulatory & Privacy