The Business Advisory Blog

Insight, news and updates from Alliott NZ Chartered Accountants, Auckland New Zealand. The views expressed here are the views of the author and should be discussed in further detail should an article be relevant to your individual circumstances.

While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents. Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.

Protecting Customer Data

Vanessa Williams

Published on 2024-12-17

What Business Owners Need to Know

As data breaches become common, business owners must understand their obligations when handling customer data.

This responsibility isn't just about compliance; it's essential for building trust and protecting your reputation.

Key Points for Businesses

Data Collection Must Be Necessary
Under the law, businesses can only collect information essential for providing a product or service. Avoid gathering unnecessary data, as this increases the risk of misuse or breaches.
Minimise Data Retention
Keeping data for longer than necessary poses a significant risk. Businesses should implement clear policies to delete customer information after it is no longer needed. This practice protects both customers and the business.
Understand Customer Rights
Customers have the right to:
- Question why specific information is collected
- Leave fields blank if they believe certain details are unnecessary
- Request justification for data collection.
Prevent Data Breaches
Regularly evaluate and improve your cybersecurity measures to protect stored information. Data minimization is a critical strategy to reduce exposure in case of an attack.
Communicate Responsibly in Case of a Breach
If a breach occurs:
- Notify affected customers immediately
- Inform relevant authorities, such as the Privacy Commissioner
- Provide guidance to customers on mitigating risks, such as avoiding phishing scams.
Rebuild Trust Post-Breach
A breach can severely damage customer trust. Transparency and proactive measures, such as improving security and reducing data retention, are vital for restoring confidence.

Risks of Non-Compliance

Legal Consequences: Breaches of the Privacy Act can result in penalties and investigations
Loss of Business: Surveys show up to 70% of customers may leave a business that fails to protect their data
Reputational Damage: A breach can lead to a lasting loss of trust, harming customer loyalty and brand reputation

Steps for Compliance and Best Practices

Audit Data Practices: Regularly review what data you collect, why, and how long it’s stored
Train Employees: Ensure your team understands privacy laws and cybersecurity protocols
Invest in Cybersecurity: Protect sensitive information with robust security measures and regular updates
Create a Retention Policy: Establish clear guidelines for data deletion to prevent retaining unnecessary information.

Leveraging the Privacy Act for Guidance

The Privacy Act outlines 13 principles governing the collection, use and storage of personal data. These principles can serve as a framework for your data management policies. More detailed information is available on the Office of the Privacy Commissioner’s website.

By focusing on data minimisation, improving security measures, and staying transparent with customers, businesses can reduce risks and maintain strong relationships in today’s digital landscape.

Related reading: Handing over personal data: What are your rights?

To learn more about how Alliott NZ can help you do business in the cloud visit Cloud Accounting Solutions. Alliott NZ is a Top 30 NZ Accounting Firm based in Newmarket Auckland.

Topics: best practice compliance customers data digital New Zealand Privacy risk small businessl