In this episode, Richard Wells, a partner in MinterEllisonRuddWatts’ Privacy team, talks to Suzy McMillan, a senior associate in his team, about how to comply with New Zealand privacy law when sending personal information overseas.
Richard and Suzy give an overview of Information Privacy Principle 12 (IPP12) and talk about the key considerations need to take into account when disclosing information outside of New Zealand.
[1:18] Richard and Suzy start with a brief look at IPP12 and how it was introduced with the new Privacy Act 2020. They talk about how it reflects requirements set out in the EU’s General Data Protection Directive and Australian legislation.
[2:26] They then talk about IPP12 from the perspective of New Zealand entities and ask: what do they need to ensure when asked to disclose personal information to a foreign entity? They discuss the criteria for disclosure set out in IPP12 and how to assess whether they are met.
[4:47] Next, they talk about the concept of “agency” and what agencies need to do to comply with IPP12, in particular focussing on the due diligence that should be done to understand the foreign entity with which the personal information will be disclosed.
[7:54] They also consider the ability to disclose personal information to entities in countries with comparable protections to New Zealand, and some of the difficulties that might arise when assessing this.
[10:15] Finally, Richard and Suzy talk about contractual provisions that can be put in place to give New Zealand entities comfort that they are meeting the requirements of IPP12.
Information in this episode is accurate as at the date of recording, 11 August 2023.
Please contact Richard Wells or our Privacy team if you need legal advice and guidance on any of the topics discussed in the episode.
Please get in touch to receive an episode transcript. Please don’t forget to rate, review or follow MinterEllisonRuddWatts wherever you get your podcasts. You can also sign up to receive technology updates via your inbox here.
