Can you give us an overview of the legal team at the Office of the Privacy Commissioner and how you support the work of the Office?  

We are a team of 3 lawyers and a legal executive made up of the General Counsel (a member of the senior leadership team), senior legal adviser, legal adviser and executive assistant (legal). Our team is based in Wellington and we work flexibly in the office and remotely depending on our work-flow, bus, yoga and gym schedules. 

The General Counsel function supports the work of the Office by providing independent advice to the Commissioner and to different workstreams in the Office. We have a lot of specialist lawyers and privacy experts across the Office, particularly in the Investigations and Dispute Resolution team. The legal team provides problem solving input, a check and balance as quality assurance on exercise of the Commissioner’s functions and brings a wider perspective and expertise to novel and cutting-edge privacy issues. 

This can take a variety of different forms, from leading workstreams and external relationships, to close collaboration on cross-Office projects such as public inquiries. We frequently provide peer review, a second opinion or just a sounding board. 

What have been your most recent challenges as an organisation and how did the legal team help resolve them?  

Our recent challenges as an organisation have been implementing and embedding the new Privacy Act 2020 while at the same time the Commissioner and senior leadership team have taken the opportunity to modernise and review the way the Office works and will adapt under the new operating model. Our team has been at the centre of the law reform and implementation process so we have been well placed to contribute to the new operating model. 

We have seen a significant impact from Covid-19 which has kept us and other teams busy through and since lockdown providing advice and guidance. We worked seamlessly through lockdown from home thanks to remote working being embedded following the Kaikoura earthquake that dislocated the Office in 2016. 

We were able to provide some foundational advice that the Office could pick up and run with and link in with other teams to address key issues such as contact tracing, the Covid-19 response legislation and the activation of the Civil Defence National Emergencies (Information Sharing) Privacy Code by virtue of the declaration of the state of emergency in relation to the pandemic from 25 March to 11 June 2020. 

You run a lean legal function operating model – how do you manage demand for legal resource and ensure you are prioritising high value and high-risk matters? 

We check in frequently with the Privacy Commissioner and our colleagues at all levels to keep abreast of the top priorities and risks for the Office and resource the top priorities accordingly. This serves us well in a small office. We are enjoying better connectedness with Auckland colleagues in the current environment due to remote working and Zoom. 

It can be a juggle to provide support and resource to high priority areas while making sure our regular statutory obligations are running to schedule. Our Executive Assistant and Corporate Services support are invaluable to help us achieve seamless service and our structure is well suited to allocate work across the team while providing learning and development opportunities at every turn. On a practical basis we rely on our document management system and have now set up processes to manage our OIA request workflow. 

We also brief out work on a strategic basis to help us meet our targets given the limits to our resource. 

What do you do to enhance the influence of the in-house legal function across the organisation? 

Relationships, collaboration and connectedness are key here – we make it a priority to regularly catch up with our Office colleagues, join their team meetings, provide a listening ear, provide timely advice and make sure we are providing value and drive to cross office workstreams. While we are legal specialists, we have a lot in common with our colleagues as we are all engaged in providing practical engaging privacy advice in a variety of formats. We constantly leverage opportunities to engage and contribute to cross Office products and projects and we work hard on maintaining the mana of our mahi to enhance our influence. 

We are relaunching in-house collaborative seminars as one example, and we prioritise support for colleagues who are new to the Office. 

Are there any changes or new technologies you planning to roll out in the next 12 months?  

Change will continue for us over the next 12 months in transitioning to the new Privacy Act 2020 from 1 December and advising on the Office’s new functions and the new Act. We are recruiting another senior adviser for our team and moving premises in the new year. 

We hear you’ve got a new legal tech tool in the pipeline to help organisations with privacy breaches?  

We have contributed to a new tool called NotifyUs (currently in beta testing) that will enable agencies carry out a self-assessment of a privacy breach to work out if they have an obligation to notify OPC about the breach, and they can also use this tool to report a breach to OPC.  

We also launched our first podcasts with the Privacy Commissioner and General Counsel discussing some of the key changes in the new Act. The Office is developing free e-learning online modules to help agencies and the public get up to speed with the new legislation and privacy breach reporting, and we’ve put up some videos and a short animation as an introduction to the new legislation.