Under the recent changes to our privacy laws, each Māori organisation in New Zealand that collects personal information must appoint at least one privacy officer.

The role of the privacy officer is to ensure that each Māori organisation is compliant with its legal privacy obligations. This may include addressing requests for access to, or correction of, personal information, dealing with complaints on possible privacy breaches, and liaising with the Office of the Privacy Commissioner concerning any investigations being conducted in relation to the officer’s organisation.

They may also provide training on privacy compliance and advise their organisation as to the consequences of privacy breaches, and as to how the organisation could improve their adherence to their privacy obligations.

A privacy officer does not need to have any extra qualifications, but they do need to be familiar with the thirteen privacy principles under the Privacy Act 2020 and how the organisation is to apply those principles in its operation.

Privacy officers are important to promote good privacy practices within an organisation as failure to comply with New Zealand’s privacy laws could mean the organisation faces a fine of up to $10,000. Privacy breaches could also result in a loss of reputation for the organisation and significant emotional harm for individuals whose privacy has been breached.

If your organisation does not have a privacy officer, or your privacy officer needs support or training, it pays to take advice from an experienced privacy professional.


Leading law firms committed to helping clients cost-effectively should have a range of fixed-price Initial Consultations to suit most people’s needs in quickly learning what their options are.  At Rainey Collins we have an experienced team who can answer your questions and put you on the right track.

Author: Guy Goodwin