Protection of personal data – the “must-have” for every organisation

Avatar photo

Umbrellar Connect

“While fundamentally personal information is an asset, it’s also information about a person. The organisation that holds it doesn’t own it. They’re the guardian or kaitiaki of that information.” – Paul Holmes, Founder of INFO by Design.

More about INFO by Design

INFO by Design are New Zealand’s leading privacy consultants, providing specialist privacy and information governance support to organisations.

Paul Holmes started the business in 2017 after over four years leading the recovery program for ACC after a breach in 2012.

“It was a classic email sent to the wrong person with a spreadsheet attachment with a whole heap of information in there and it absolutely blew up in the media,” Holmes retells.

Many heads rolled as a result, including the Minister, and the story featured on the front page of newspapers for a couple of months.

“I realised that these days, with how much data and information is out there, the issue of privacy touches on every part of an organisation. So I figured I’d have a crack at setting up a business and it’s grown from there.”

Indeed it has, with the INFO by Design team currently sitting at 12 members from a mix of backgrounds, including law, technology and operational management.

Holmes says INFO by Design looks at an organisations’ data from an organic perspective, sorting through what type of data they hold and where it came from. Typically, the answer to the latter is “lots of different places”. Personal data can come from a multitude of sources – direct from customers, through third parties or even purchased.

“We step in and look at it all and say ‘Ok, how are you managing that? How do you know you’re complying with the requirements of the Privacy Act to collect it lawfully and look after it and use it in appropriate ways?” Holmes says.

However, managing your data is not just about privacy compliance– the other piece of the puzzle is operational. As Holmes points out, proactive privacy design is essential for avoiding pitfalls like a spreadsheet falling into the wrong hands.

Fortunately, there are platforms such as Securiti, the leader in multi-cloud data protection, privacy and governance, to help ensure your business is the guardian your customers deserve.

Built from the data layer up, Securiti uses a combination of AI and Machine learning to scan and classify both structured and unstructured data, enabling dynamic sensitive data intelligence and management of privacy and security requirements.

“Securiti is transformative in how it enables organisations to truly understand what information they have across all their data stores, and ensure they are able to manage the risks associated with it,” Holmes says.

Securiti was recently awarded the Privacy Trust Mark from the New Zealand Office of the Privacy Commissioner, and is the first data privacy, protection and governance product to receive such an accolade.

“We were particularly impressed by the system’s ability to both help people exercise their right to access and correct their personal information and help agencies facilitate these requests rapidly, completely, and accurately. The emphasis on minimising unnecessary data collection and storage and improving the ability to audit data holdings will also help reduce the risks associated with privacy breaches.” said Liz MacPherson, Acting Privacy Commissioner.

When looking at new technologies or systems, your organisation needs to make sure they’re:

  1. Compliant
  2. Transparent
  3. Offering the right options and choices to people in order to access services.

Holmes uses the example of a company newsletter to show how the Securiti platform would help tick all three boxes.

“On the consent side, you can link your forms wherever people sign up or join, and every time they sign up on a form and say ‘Yes, I want to receive the newsletter’ or whatever, that’ll create a consent record in your system.”

This creates a record of evidence that organisations can then trace if needed – something that just can’t be achieved using a spreadsheet.

Privacy, as Holmes points out, is about trust – and trust is key to brand, reputation and engagement.

“It’s not a “nice to have” or an extra thing you do. Privacy has got to be core to the DNA of how your organisation operates and how you take care of that information because if you don’t, then you end up on the front page of the paper.”

Much of the work INFO by Design carries out with larger organisations involves benchmarking where they’re at and then working alongside them to implement capability uplift as well as conduct discrete assessments around activities.

Holmes says there are more mid-size organisations becoming mindful of associated risks and taking more proactive steps with privacy. As he states, “New Zealand is an interesting one because a lot of other countries have a size threshold, so you have to have over $5 million in revenue or something like that for it to apply to you, whereas in New Zealand the Privacy Act applies to everyone – every organisation of any size has to ensure they are compliant.”

However, he says he finds lots of organisations don’t do things because they think “We can’t do that because of the Privacy Act” but actually the privacy principles are written in an enabling fashion, as in “If you do it this way, then it’s ok”.

“A lot of it is about openness and transparency and no surprises. It’s when surprises happen, like a data breach, that issues arise.”


INFO by Design’s specialised team, partnered with the Securiti platform, put your customers at the centre of your privacy and information management protocols.

Avatar photo

Umbrellar Connect

Umbrellar Connect is the leading multi-media hub for New Zealand's tech innovations. We keep you informed on the need-to-know impact stories, the trends shaping our world, and the tech enabling us to go further.

INFO by Design

See Profile

It's about them - putting your customers at the centre of how you manage their information.

Information Privacy

See Profiles

Information privacy is the privacy of personal information and usually relates to personal data stored on computer systems. The need to maintain information privacy is applicable to collected personal information, such as medical records, financial data, criminal records, political records, business-related information or website data. Information privacy is also known as data privacy. Information privacy is considered an important aspect of information sharing. With the advancement of the digital age, personal information vulnerabilities have increased.

You might also like

[ajax_load_more id="9462509724" container_type="div" post_type="post" posts_per_page="6" post__in="" pause="false" placeholder="true" scroll="false" button_loading_label="Loading" button_done_label="No results" no_results_text="No results"]

Our Vendors

Subscribe to
Protection of personal data - the "must-have" for every organisation - Umbrellar Connect

Get the latest news content in your inbox each week