Privacy, data protection and cyber

test image test image

Information is power, but it comes with responsibility. We’ll help you comply with your privacy, data protection and cyber obligations in a constantly evolving environment.

New technologies present great opportunities for business. They can also raise a range of social, commercial, and legal issues around privacy, data protection, and cyber security. We understand the importance of information security, and the reputational, regulatory, and commercial risks that can arise if information is not managed and protected appropriately or is subject to a cyber attack.

Our multi-disciplinary team of experts advise across the full spectrum of privacy, data protection, and cyber security – from operational compliance to the management of data breaches. Acting for both domestic and international organisations, including government agencies, we provide efficient and effective assistance to our clients. 

We will help you take a pragmatic, commercially focused approach to managing and protecting information throughout its lifecycle. We provide our clients with expert advice on the Privacy Act 2020 and how the EU General Data Protection Regulation (GDPR) and other overseas privacy laws affect New Zealand businesses. 
A cyber incident or privacy breach can be devastating for the reputation of a business and also have serious legal consequences.

We regularly liaise with our Australian colleagues at MinterEllison on joint Australian and New Zealand privacy and data protection issues, including creating and advising on joint privacy policies and data breach response plans for trans-Tasman clients. Through our other international networks, we have all your privacy, data protection and cyber concerns covered.

We help with:
  • drafting privacy policies, data breach response plans and cyber risk management strategies
  • advising on all privacy compliance obligations, including requirements under the Privacy Act and the implications of GDPR for New Zealand businesses
  • best practice approaches for drafting and negotiating contracts involving personal information, data, security, and confidential information
  • managing the collection and use of personal information for electronic direct marketing purposes and to compile databases
  • workforce privacy issues
  • engaging with regulators, including the Office of the Privacy Commissioner, NZ Police, and the Department of Internal Affairs on complaints, investigations, and mandatory breach reporting 
  • advising on app and website development, privacy impact assessments, and privacy by design principles
  • representing clients before the Human Rights Review Tribunal on privacy dispute resolution
  • major data breach crisis response and recovery, including undertaking ‘serious harm’ assessments and advising on mandatory reporting obligations 
  • advising on and drafting data transfer and disclosure arrangements 

The Data Protection team has a great depth of experience and offers all aspects of legal advice to its clients. Minters’ people are systems centric, give practical legal advice and has been highly valued and appreciated by our business.The Legal 500 Asia Pacific 2022


Recent highlights
Supporting the management of major data breaches

Acting in relation to some of the largest and most significant data security incidents in New Zealand.

Crown entity governance, decision making, litigation and dispute resolution

Engaged by Crown agencies across the environmental, media, transport, emergency response, and health sectors in relation to their public law decision making and governance functions and powers, privacy obligations, strategic issues and public law litigation and dispute resolution.

MFAT Cyber Communication Rules

Advising Tokelau and the Ministry of Foreign Affairs and Trade on the cyber communications rules that would govern Tokelau once it has access to faster internet via the new sub-sea cable. The rules would also help compliance with the Budapest Convention.

Trusted adviser to NZX listed retailer

Providing ongoing support and advice to The Warehouse Group on contentious and non-contentious matters in the privacy and data protection space, including privacy breach responses, workplace investigations, whistle-blower complaints, and incentive schemes. Recently we provided urgent strategic advice on The Warehouse Group’s COVID-19 response and the privacy and data implications relating to the launch of a new customer loyalty programme. 

The management and protection of health information 

We provide regular assistance to one of New Zealand’s largest private healthcare organisations with a range of privacy related matters, including responding to individual privacy complaints and information requests, implementing new programme, policies and procedures, and the management of and migration to cloud based IT systems, taking into account the complex and intersecting requirements of the Privacy Act, the Health Information Privacy Code and the relevant public health law relating to the use and retention of health information. 

Balancing privacy rights in a COVID landscape

Advising Orbis Diagnostics on the requirements and restrictions around collecting and using health information, in respect of a newly developed antibody test which can detect immunity levels against COVID-19, including providing advice on the application of the Health Information Privacy Code, the interpretation of new COVID 19 laws and health orders, and reviewing and updating customer terms and conditions and privacy policies.

Data and privacy implications of acquisition

Advising on the data and privacy elements of the acquisition of a New Zealand agri-tech business unit, including ongoing data access and use rights, the transfer of IP, and the protection of transferred personal information.