With the updates to the Privacy Act now in force it’s important to have good practices in place to reduce the risk of information being inadvertently exposed to misuse or a breach in privacy.
We have put together a quick checklist to help you know that you’re complying. Some things on the list might seem obvious, but it’s worth having peace of mind you’ve got it sorted.
- Don't discuss client information in public (i.e. on mobile phone)
- Don’t collect and record credit card numbers other than through a secure system. If credit card details are written down, they must be destroyed and permanently de-identified once used.
- Do not make duplicate records of credit card numbers, such as daybooks, electronic client files or emails and these must never be stored for future use.
- Ensure each client’s information is stored securely and not mixed with the information of other unrelated parties. When filing either hard copies or electronic files, take care to ensure the documents reach the correct destination.
- Password protect access to all devices which can access client information, use "time-out" settings on your devices and clean devices appropriately before disposing of them. Store portable memory devices and USB's securely and don't re-use them.
- Store hard copy files securely, especially after hours. Avoid removing hard copy client files from the office, or leaving them in cars or at home.
- Have a clean desk policy – no files left on desks while unattended.
- Dispose of waste containing client files appropriately (not in general waste).
- Seek appropriate approval before releasing client information.
- When documents are printed/soft copy, collated, bundled & sent to clients, take care to ensure incorrect documents containing information about other clients are not inadvertently attached.
- Ensure that when emailing client documents you have the correct email recipient/s and that you are not about to inadvertently disclose personal information to an incorrect party.
- Identify the person before handing out information, unless you can personally identify them.
- When entering into any new agreements or outsource arrangements, always consider ‘how does this impact on privacy and the confidentiality of client information’.
- Be alert to requests for information or alterations to cover that may breach another client’s or insured party’s privacy.
- Only release information with the client's consent.
- Be aware of privacy obligations arising from client disputes, relationship breakdowns, and business partner conflicts where one party wants information about the other.
- Obtain permission from a client to deal with and discuss information with anyone else acting on their behalf.
Remember to only release or disclose information to those who have a right to the information.
All Insurance Advisernet New Zealand Brokers have been required to complete Privacy Training.
For a summary of the changes, check out our previous article here - Privacy Act Update - What will the changes mean to you?
The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.