Privacy and cyber security

We work closely with clients to develop compliance strategies

We understand how important and valuable the data held by our clients (including personal information) can be. We know the responsibilities that an organisation takes on when it collects and uses that data.

The legal, financial and reputational risks associated with privacy and cyber issues can be significant. The need for organisations to understand and meet their legal obligations has never been greater.

We can help you protect personal information and mitigate risk

The wide range of skills in our privacy and cyber security team enables us to understand how personal information fits in to your sector, and what the risks may be.

Our team brings together experts from the following practice areas:

• Technology
• Employment
• Healthcare
• Commercial
• Public law
• Payments.

We can help at every stage of the data lifecycle

We advise clients at all stages of the data lifecycle:

• Carrying out privacy impact assessments before implementing new systems or collecting or using data in new ways (including data analytics)
• Responding to Official Information Act, Local Government Official Information and Meetings Act (LGOIMA) and Privacy Act access requests
• Meeting data retention and Public Records Act requirements
• Establishing data governance policies (including in relation to the use of AI tools) and advising on the procurement and implementation of data governance tools
• Dealing with privacy breaches, security incidents, complaints and investigations.
  
  

We have international data privacy expertise

We have a background in EU Data Protection law. We regularly advise international clients and law firms on New Zealand privacy law within a global compliance framework.

We have contributed to the New Zealand chapters of several guides and publications on international data protection and work closely with local privacy experts in other jurisdictions.

How we help clients

We advise on:

• The implications of General Data Protection Regulation (GDPR) for New Zealand businesses
• Providing or using cloud services involving significant data
• Launching new data-driven business models and marketing activities
• Transferring of customer databases following insolvency or as part of business acquisitions
• Data matching
• Generating insights and analysis from big data
• Data governance issues
• Preparing for, and responding to, data breaches and security incidents.

We also advise clients in the health sector on:

• Compliance with the Health Information Privacy Code
• Implementation of clinical management systems
• Handling of patient and clinical information.

Our employment experts advise on privacy issues in relation to:

• Recruitment
• Use of HR information systems
• Drug and alcohol testing
• Disciplinary processes
• Employee investigations and disputes.