Information privacy and data security services to keep you safe and secure

The Information Privacy Company is a business specialising in information privacy and data security. We help businesses and agencies to understand their obligations under New Zealand Privacy Law. Led by legal expert Michelle van Straalen, we provide a range of information privacy and data security services in relation to the Privacy Act 2020, including policy development, training, privacy impact assessments and systems reviews, development of data breach plans and undertaking privacy officer duties. 

"Whether it’s customer details or staff files, most businesses keep private information on file, so they need to ensure they understand and comply with Privacy Act 2020 rules"

Michelle van Straalen

SERVICES

PRIVACY STATEMENTS

We can create compliant privacy statements for all businesses

​REVIEW

We can conduct a review to ensure data vulnerabilities are identified and corrected

THIRD PARTIES

We can conduct a review to ensure personal information your business entrusts into a third party is kept safe and secure

TRAINING

We conduct regular online or on-site training to staff

PLAN

We can create a data breach plan to suit your business needs

RISK ASSESSMENTS

We carry out privacy impact assessments and provide privacy impact statements 

DATA BREACH MANAGEMENT

We can help you to manage a data breach, and advise you on taking steps to prevent it happening again


PRIVACY OFFICER

We can take care of the duties of your privacy officer and fill this role, including liaising with the Privacy Commissioner on your behalf. Or, we can train and support your onsite privacy officer if you have one

SUPPORT

We can provide advice and support around privacy issues that arise, and help to embed a good privacy practice in your organisation

WHO CAN WE HELP?

New Zealand Businesses

Overseas Businesses

Government Agencies

In-house Privacy Officers

Community Organisations

60% of complaints to the Office of the Privacy Commissioner are from people denied access to their information. 

THE NEW ZEALAND PRIVACY ACT 2020

Do you know your obligations under the New Zealand Privacy Act 2020 from 1 December 2020? Make sure you’re aware of and prepared for the changes so that you’re not in breach of the law.

All New Zealand businesses and organisations who collect, store or use personal information about their employees and/or customers are required to comply with new legal obligations under the Privacy Act 2020 as of 1 December 2020.

The more sensitive the information you collect, the more measures you’ll need to take to protect it. This includes information such as customer details and staff files.

Your obligations include:

  • REPORTING BREACHES: You will be required to report serious data breaches to both the people affected and the Office of the Privacy Commissioner
  • DATA DESTRUCTION: You are prohibited from destroying any personal information held by your business to avoid providing it if someone requests it
  • REVIEWING SERVICE PROVIDERS: You will need to ensure your service providers meet the new privacy law if they are based overseas (e.g. Cloud Software)

PREPARE NOW

Breaches and careless handling of private information can cost businesses heavily including with penalties. Customers can lose confidence in you, and your brand and reputation can take a hit. We’re encouraging businesses to take it seriously and prepare. 

If someone requests their information from you, you are required to respond to the request within 20 working days. You need to ensure you have a process in place to handle customer requests for information held about them if, and when, they are made. 

SUBSCRIPTION-BASED SERVICES

We offer subscription-based services to businesses and organisations to help you manage your obligations under New Zealand privacy law on an on-going basis. Packages can be tailored to your individual needs, or you can choose from one of our packages below. 

Please get in touch to enquire about our large business package (20+ employees).

BASIC

  • Initial 1.5 hour training session with Michelle to ensure your staff are compliant and aware of their obligations under the new law. 
  • Unlimited access to our email-based online help-desk support for advice and guidance on all information privacy related issues 
  • Quarterly webinar training on NZ privacy law and what you need to be aware of - including unlimited attendees from your company. This is perfect for 'inducting' new staff and 'refreshing' existing staff on their obligations under the new law 
  • Regular e-updates from the Privacy Commissioner cases and guidelines
  • Cost: 

    • 1-5 employees: $500 deposit, then $35 per week for 12 months*. 

    • 6-10 employees: $500 deposit, then $50 per week for 12 months*. 

    • 11-20 employees: $500 deposit, then $75 per week for 12 months*

    • 20+ by consultation.

*10% discount if 12 months paid up front and in full. All prices are excluding GST. 

STANDARD

  • Initial 1.5 hour training session with Michelle to ensure your staff are compliant and aware of their obligations under the new law
  • Privacy Officer Duties including advising and investigating possible breaches, reporting to the Privacy Commissioner and liaising with effected customers to help preserve relationships
  • Optional weekly call-based and email-based help desk support for advice and guidance on all information privacy related issues
  • Quarterly webinar training on NZ privacy law and what you need to be aware of - including unlimited attendees from your company. This is perfect for 'inducting' new staff and 'refreshing' existing staff on their obligations under the new law 

  • Initial audit of your organisation's privacy law readiness - we will review your existing systems and policies, assess your readiness and supply some recommendations to implement where needed. 30% discount on our services to draft privacy notices, policies and privacy breach guidelines. 

  • Regular e-updates from the Privacy Commissioner cases and guidelines 
  • Cost: 
    • 1-5 employees: $500 deposit, then $50 per week for 12 months*. 
    • 6-10 employees: $500 deposit, then $75 per week for 12 months*. 
    • 11-20 employees: $500 deposit, then $100 per week for 12 months*
    • 20+ by consultation.  

*10% discount if 12 months paid up front and in full. All prices are excluding GST. 

PREMIUM

  • Initial 1.5 hour training session with Michelle to ensure your staff are compliant and aware of their obligations under the new law
  • Privacy Officer Duties including advising and investigating possible breaches, reporting to the Privacy Commissioner and liaising with effected customers to help preserve relationships
  • Unlimited weekly call-based and email-based online help-desk support for advice and guidance on all information privacy related issues
  • Quarterly webinar training on NZ privacy law and what you need to be aware of - including unlimited attendees from your company. This is perfect for 'inducting' new staff and 'refreshing' existing staff on their obligations under the new law 

  • Initial audit of your organisation's privacy law compliance - we will review your existing systems and policies, assess your compliance. Re-draft or draft privacy notices, policies and privacy breach guidelines for your organisation.  

  • Privacy Officer duties - we take care of the duties of your privacy officer and fill this role.  Including investigating and managing potential privacy breaches including liaising with the Privacy Commissioner and effected customers on your behalf, (both of which are now required by the new law).  

  • Regular e-updates from the Privacy Commissioner cases and guidelines 
  • Cost:  
    • 1-5 employees: $750 deposit, then $75 per week for 12 months*. 
    • 6-10 employees: $750 deposit, then $100 per week for 12 months*. 
    • 11-20 employees: $750 deposit, then $125 per week for 12 months*
    • 20+ by consultation.  

*10% discount if 12 months paid up front and in full.  All prices are excluding GST. 

2020 sees the biggest reforms to New Zealand privacy law in more than 25 years with the introduction of The Privacy Act 2020 from 1 December 2020.

ABOUT US

The Information Privacy Company was founded in 2020 by legal expert Michelle van Straalen. With her experience working with government agencies and local government, Michelle launched The Information Privacy Company in response to The New Zealand Privacy Act 2020. 

MICHELLE VAN STRAALEN

DIRECTOR
PRIVACY AND INFORMATION SECURITY SPECIALIST 

Michelle van Straalen is a legal expert specialising in information and data security. She holds a LLB (Hons) from Waikato University and has extensive experience working in-house as a legal expert for leading organisations, with heightened data security obligations. This includes government agencies and local government. Michelle's key responsibilities included ensuring the organisations met their obligations under The Privacy Act 1993, The Official Information Act 1982, and The Local Government Official Information and Meetings Act 1987. This broad-base of in-house experience has allowed Michelle to launch her own consultancy company, The Information Privacy Company, in 2020. She now advises a range of businesses and organisations of all sizes on their responsibilities in relation to relevant information and privacy legislation. Michelle is a great communicator with a strong commitment to customer service. She prides herself on finding solutions that fit situations, while remaining friendly and approachable throughout. 

027 225 7700
michelle@informationprivacycompany.com

CHRISTINE LETFORD

EXECUTIVE ASSISTANT TO MICHELLE VAN STRAALEN

Christine Letford is the Executive Assistant to Michelle van Straalen. She has a keen interest in privacy and has had a close association with Michelle’s career to date. Before joining The Information Privacy Company, Christine enjoyed a 15-year career in the education sector as well as over 9 years as a business owner where she managed and oversaw all the administration requirements. Her work in both sectors means she is able to identify the importance of ensuring personal information is kept secure and the harm that can flow when privacy is compromised. Her  experience has also highlighted a wide-spread lack of understanding and knowledge on privacy best practice. When the opportunity to join The Information Privacy Company arose, Christine was excited at the prospect of joining a team that was passionate about improving the information security culture and compliance of all businesses, whether large or small.

027 403 2798
christine@informationprivacycompany.com

Get In Touch

Phone: 027 225 7700
Email: michelle@informationprivacycompany.com or christine@informationprivacycompany.com
Sign up for our e-updates: click here