ZX Security

Privacy Fundamentals

New Zealand’s Privacy Act 2020 governs how organisations of all sizes can collect, store, use and share personal information. Thirteen information privacy principles outline the key aspects of how companies should treat customer and staff information with a focus on ensuring that safe, secure and legal practices are applied from collection through to disposal.


The Privacy Fundamentals course takes you through foundational concepts including what is privacy, why it matters, potential privacy harms and how privacy and security concepts are related. We’ll look at the changes introduced in NZ’s updated legislation, review personal and sensitive information definitions and discuss how a privacy programme can prioritise quick wins that will help minimise the risks of privacy breaches, protect your key information and build a stronger organisational privacy culture through education and awareness. We’ll use local and international case studies to demonstrate key points and explore how a privacy positive culture can be a business differentiator.

Who should attend?

The privacy fundamentals course is suitable for any individual interested in privacy, tasked with protecting personal information or complying with New Zealand’s Privacy Act. You may have been nominated for or volunteered to act as your company’s Privacy Officer and are wanting to build up your knowledge to ensure you can deal with requests to access or correct personal information. Previous privacy and information security knowledge is helpful, but not required for this course.


  • Half day

Course content

Module 1: Privacy foundations

  • What is privacy?
  • Privacy harms
  • The NZ Information Privacy Principles

Module 2: Privacy practices

  • Privacy policies and privacy notices
  • Creating or updating documentation
  • Privacy Impact Assessments
  • Going beyond compliance - Privacy by Design

Module 3: Privacy Programme Quick Wins

  • Understanding privacy breaches
  • Inventorying and classifying business data
  • Red flags: risky information, systems and use cases
  • Information security safeguards
  • Training and education

Upon course completion, you will be able to:

  • Explain key privacy concepts and potential harms in plain English
  • Create or update a privacy policy and privacy notice
  • Determine the need for a PIA and understand what’s involved
  • Understand what causes privacy breaches and how to mitigate them
  • Find education resources that will help mature your organisation’s privacy culture