Data Privacy Day, and why you should mind your own business - (Data Privacy Day Part 1)

Yorb • January 23, 2025

Data Privacy Day has been internationally observed on 28 January since 2007. Its purpose is to raise awareness and promote best privacy and data protection practices. It serves as an excellent reminder of exactly how precious our data is, as well as our ethical and legal obligations as businesses to securely manage and protect it. 


So, in terms of data privacy, how have we fared here in New Zealand? Why is data governance so important - what is it, and why exactly do you need it? 


Warning – triggering content: It may not be your job to manage data – and you may not think you even need to care about it. But if you are a stakeholder, it’s your responsibility to make sure that your business complies with New Zealand’s privacy and data protection best practices. 


This is a big topic (sorry!), so it’s in two parts. 

First - what you need to know: The facts and stats for Kiwis

In the Annual Report 2024, our Privacy Commissioner (Michael Webster) had good and bad news for 2023-2024. Over that time, the Office of the Privacy Commissioner handled:
 

  • More privacy complaints than ever before: 1003 privacy complaints (15% up on 2023). 724 privacy complaints received a ‘fast resolve’ approach (up 30%). A further 279 complaints were earmarked for investigation, and 6.5% resulted in financial settlements. 
  • More data breaches than before: 864 privacy breach notifications (up 3%), with 414 classified as serious. 
  • More consumer awareness than ever: With 3385 privacy enquiries directed to the Privacy Commissioner’s call centre and 899,670 visits to the official website! 


The good news? The Report says a highlight of the year was that more Kiwis were concerned about privacy than ever before – up by 16% on the previous two-year period. 

How worried is the Privacy Commissioner about these stats?

There’s no sugar-coating it. Webster is worried.   


He bemoans their problematic environment, with privacy breaches increasing in frequency and complexity. And he firmly attributes this to many agencies having little understanding of how to manage privacy, a lack of accountability for poor management of personal information, and insufficient prioritisation of data privacy compared with other compliance requirements. 


In short, too many companies and agencies aren’t up to speed with their data governance capabilities. 


And that should be a significant concern for most businesses – including you if you don’t have a data governance policy. 


Why? Well, 70% of the people surveyed for the Report said they’d change service providers if they heard their provider had poor privacy and security practices. That has to hurt. 


Which makes taking data privacy and data governance seriously even more critical.

Moving on: Let’s talk about data governance 

Going back to basics, what exactly is data governance, and what does it mean for your business? Here you go: Data governance is a system that defines who can access, use, and change your data - and how. It’s the backbone of data privacy. 


Why is this important? With data governance in place, you can ensure that your business information is secure, accurate, and available. You avoid potential fines or penalties by meeting your regulatory and industry requirements. And you’re safe in the knowledge that with clean, accurate data, you’ll make better business decisions. So, it’s a good thing. 


What does data governance include?
 

  • Policies: Developing and implementing the frameworks, principles, and policies that guide how your data (and that of your customers) is used and managed.  
  • Accountability: Assigning roles within your business to formalise who’s responsible for doing what. 
  • Processes: Setting in stone the actions you expect your people to take and the steps they must follow to manage your data.  
  • Technology: Having the right tools to support how you manage your data throughout its lifecycle, including alerts when data has reached end-of-life. 
  • Continuous improvement and vigilance: Setting up a schedule of ongoing reviews, audits, and feedback loops to identify areas for improvement.  
  • Reporting: Creating and sharing reports on your data so you know what you have and where it is (you can’t secure what you don’t know about!). 
AI and data governance, the new power couple

Congratulations, AI and data governance are a great match. A warning, though – while they’ll achieve great things together in terms of helping achieve better data privacy, they’ll also present challenges that make it harder to function effectively.

The good stuff:

AI is great for enhancing data quality as it can automate data cleansing, classification and validation – which means improved decision-making capabilities as you’ll have trustworthy data. AI can also monitor your data practices, ensuring you’re compliant with regulations and flagging potential problems before they happen. 


As AI can analyse vast amounts of data, it’s ideal for identifying risks relating to data security and governance. And when you can predict potential breaches or compliance issues, you can stop them in their tracks rather than mop up the messy aftermath. 

The more worrying stuff:

We all know that AI relies on analysing massive data sets to do its job. However, when personal data is involved, there’s always the risk that data will be served up or shared inappropriately. 


Integrating AI into data governance can also expose you to new security vulnerabilities – AI systems are a hot new target for cybercriminals. So, protecting these systems adds yet another layer of complexity. Implementing AI effectively into existing data governance frameworks also requires specialised skills and knowledge – and finding these skills can be another challenge. 


Then, there are the ethical dilemmas regarding accountability and responsibility posed by using AI in decision-making. Nothing is ever simple, is it? 

But wait, there’s more

We did warn you that this is a big (and important) topic, and we appreciate you taking the time to find out more! 


So, in part two of this blog, we focus on the 13 Information Privacy Principles in our Privacy Act (2020) and what you need to do to stay on the right side of our legislation – and your customers. 


Stay tuned!

Recent Posts

Why you should think of your technology partner as an iceberg.

February 21, 2025
And no, it’s not because it has the potential to turn you into a Titanic. Rather, it’s because what you see and interact with most days is just the tip of what we do. Below the waterline of everyday interaction is a significant mass of knowledge, expertise, and strategic value – all aimed at helping to secure and enable the growth of your business.

NZ Privacy Act – what you really, really need to know - (Data Privacy Day Part 2)

By Yorb January 30, 2025
In part 1 of our Data Privacy Day blog, we discussed the state of cybersecurity in New Zealand (as you do) and the critical importance of data governance. You can catch up on the whys and wherefores of data governance as it applies to you here . Moving on, this time, we’re focusing on the 13 Information Privacy Principles in our Privacy Act (2020) and what you need to do to stay on the good side of our legislation – and your customers. But first, this is why you should care.

Steering Manawatu Toyota towards success

By Yorb Limited November 21, 2024
Manawatu Toyota are an award-winning Toyota dealership with seven locations across New Zealand and a team of around 160 staff. The business has grown rapidly over the past 20 years, starting with Manawatu Toyota in Palmerston North before acquiring dealerships in Feilding, Levin, Masterton and Whanganui, as well as Tractor Repair Company (TRC).
Share by: