A free online toolkit called Poupou Matatapu is designed to help with privacy management, but it also helps organisations improve their data quality. By Privacy Commissioner Michael Webster.
A strong privacy culture is increasingly a competitive advantage, but it’s not something that simply happens without effort and assistance. We know that while businesses need to be good at privacy, it can sometimes be a struggle to implement, let alone to go the next step and embed it so customers can reap the rewards of excellent privacy practices.
To help New Zealand businesses do privacy well, we wanted to offer the tools to make it easier to implement good privacy practices.
A free online toolkit has been developed to help businesses. The toolkit, called Poupou Matatapu, is designed to help with privacy management, but it also helps organisations and businesses to improve their data quality.
The meaning behind the te reo Māori name Poupou Matatapu is the Poupou (posts or pillars) of Matatapu (privacy). Essentially, the foundations of doing privacy well.
Poupou Matatapu is a series of guidance on our website to help New Zealand agencies. It sets the expectations of the Office of the Privacy Commissioner about what good privacy practice looks like and then helps organisations work towards achieving that.
Doing privacy well is essential for compliance and risk management, but it also helps your organisation to improve its data quality, innovation, customer and stakeholder trust, and decision-making processes.
We see many examples of privacy breaches that in hindsight seem obvious, but usually they involve people simply not thinking the repercussions through, or not knowing the rules of good privacy practice.
“My office was contacted after someone Googled their own name and found documents online that had been scanned into a data management system…”
My office was contacted after someone Googled their own name and found documents online that had been scanned into a data management system. Sometimes privacy is as easy as just ensuring your IT systems are up to scratch and making sure you’ve thought about access, have got the permissions set correctly, and have tested them.
We also had a situation where office furniture was donated to a second-hand store. They did not check it first, and some HR files containing sensitive staff information were inadvertently sent with it. These files ended up int the hands of the public, causing much embarrassment.
As well as doing a basic check of the donated goods, they should have also ensured they had a proper process for the storage and security of the HR files.
We know businesses are diverse and that they will need to choose solutions that are fit-for-purpose. The guidance provides examples on how you can achieve these outcomes as well as showing scenarios to help people better understand how privacy works in practice.
We also recognise that everyone will start at the place that best suits them. It’s a journey. One that we want you to succeed on. Poupou Matatapu is about us helping to support New Zealand businesses to do privacy well.
We’d also encourage you to use the content from our guidance to make your own checklists, templates, or ‘one-pager’ resources. The new toolkit is free. See privacy.org.nz
Michael Webster is New Zealand’s Privacy Commissioner.