Your Resources

How to respond to a privacy breach

Modern technology allows business to be conducted anywhere, at any time and at high speed. However, the trade off for increased business efficiency is an increased risk of privacy breaches.

Customer data should be protected, but sometimes something goes wrong. How should your business deal with a potential privacy breach?

We recommend a simple, common sense approach.

Proactive policies

Make sure all staff know who your Privacy Officer is, and who to contact if something goes wrong. Emphasize that “near misses” must be reported, as well as actual breaches of privacy.

A few simple employment policies will also help prevent privacy breaches. For example:

Clear security policies, including rules against divulging alarm codes, network passwords, or other security information.
Clear “bring your own device” and working from home policies.
A rule that employees must type out email addresses rather than use “auto fill” email addresses.

Initial and Immediate Response

Once you become aware of a possible privacy breach, contain the situation. For example, change passwords or shut down systems. If the breach involves theft, contact the police.

Investigate

Clarify what information has been breached, how sensitive that information is, and how the information might be used by a third party.

Ask questions to determine the cause and extent of the breach.

Consider who is impacted by the breach, and what harm might arise from the breach. Take steps to prevent the problem from getting any bigger.

Notify

As soon as you have the relevant information, let those affected know that their information has been breached.

Be specific. You do not want to worry customers by only telling them “your personal information has been leaked”. Customers want to know what information has been leaked, how that has happened, and what you are doing to make it right. You should have this information to hand if you have conducted an initial investigation.

Depending on the situation, you might also need to contact the Privacy Commissioner, the Police, your insurer, a professional body, credit card companies, or other organisations.

Prevent

After you have dealt with the crisis, take steps to ensure it won’t happen again. This may involve reviewing your systems and policies, or re-educating staff on how to protect information.

Gender Equality Charter - New Zealand Law Society

If you are a New Zealand Super Gold Card Holder (Australian Senior Cards do not qualify) we will give you a 75% discount of the fee for one of our set fee 1 hour initial consultations. We will also give you a 17.5% discount off the first matter we handle for you and then 12.5% off any subsequent matters for you. These discounts relate to your personal matters only (i.e. not business, trust or organisational matters or the sale and purchase of investment properties).

To receive the discount please let us know if you are a New Zealand Super Gold Card Holder.

Rainey Collins Lawyers is one of New Zealand's top law firms comprised of a wide range of experienced and skilled barristers and solicitors, making us experts in nearly all legal fields.

We provide litigation, legal representation and advice in fields such as employment law, buying and selling properties, setting up a family trust, commercial law, property law, Māori land, family law, relationship property, body corporates and construction. In addition to these legal services, we also provide highly efficient debt collection New Zealand wide for clients from large companies right through to small businesses and individuals.

Based in New Zealand's capital, our firm has a prime position in taking on cases not only from Wellington, but from all over Aotearoa, having helped a wide range of clients for over 100 years.

Top

Your Resources

How to respond to a privacy breach

Articles by Topic