Why you need a Privacy Officer

First Published: 14 June, 2022

The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.

Who should be a privacy officer

The person responsible for privacy matters depends on the size of your organisation, the work it does, and what personal information it handles.

In smaller organisations, the manager is normally responsible for all legal compliance, including privacy.

Often an in-house complaints, human resources, or legal team will do privacy work as part of their duties.

Large organisations, or organisations that handle a lot of personal information, may need one or more employees focusing exclusively on privacy matters.

Whoever takes on the duties of a privacy officer, it’s important for managers in the organisation to take their advice seriously.

Why you need a privacy officer

As well as being required by law, having a privacy officer is useful for your organisation.

Good privacy builds trust with clients and employees and enhances a business’ reputation. An internal privacy adviser who is familiar with the business and privacy law adds value to your organisation.

Privacy officers can prevent or fix privacy issues before they become serious problems. This can save you money, or lost business.

If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.

The duties of a privacy officer

A privacy officer will:

be familiar with the privacy principles in the Privacy Act
work to make sure the organisation complies with the Privacy Act
deal with any complaints from the organisation's clients about possible privacy breaches
deal with requests for access to personal information, or correction of personal information
act as the organisation's liaison with the Office of the Privacy Commissioner.

They may also:

train other staff at the organisation to deal with privacy matters
advise their organisation on compliance with privacy requirements
advise their organisation on the potential privacy impacts of changes to the organisation's business practices
advise their organisation if improving privacy practices might improve the business
be familiar with any other legislation governing what the organisation can and cannot do with personal information.

Learn more at privacy.org.nz

Written by

Office of the Privacy Commissioner

You may also like

NZ -Parliament-Feature-Image

Regulatory & Privacy

Big News…...Select Committee Approves Privacy Amendment Bill

Keith Norris, Independent Compliance Consultant for the Marketing Association, discusses the...

Compliance-Feature-Image

Regulatory & Privacy

Do you use Tick boxes in your marketing?

Keith Norris, Independent Consultant to the Marketing Association, cautions marketers against using...

AI-Marketing-Compliance-feature image

Regulatory & Privacy

Principles for the use of AI in Marketing

Keith Norris, compliance consultant at the Marketing Association, outlines the principles and...

Category

Regulatory & Privacy