Gibson Sheat: Privacy Officer

7 October 2022

Does my organisation need a privacy officer?

All sport and recreation organisations that collect, use and store personal information are subject to the Privacy Act 2020 and must appoint a privacy officer for their organisation to deal with privacy issues that arise. What the role of a privacy officer will look like will depend on the size and type of your organisation. This article looks at the frequently asked questions that arise for organisations appointing a privacy officer.

Do you need a privacy officer?

Yes - there is a legal requirement under the Privacy Act 2020 for every agency to have a privacy officer. An ‘agency’ means “any person, or body of people, including government departments, companies, small businesses, social clubs and other types of organisations, whether they are in the public sector or private sector”.

What happens if your organisation does not have a privacy officer?

If your organisation does not have a privacy officer, you will need to appoint one as soon as possible. Your agency may be liable for a fine of up to $10,000 if it fails to comply with the requirements under the Privacy Act 2020.

Who is the best person to be a privacy officer?

It depends on the type and size of your organisation. Smaller organisations may have a manager or CEO as the privacy officer while larger organisations will often appoint someone specifically for the role of privacy officer.

Does a privacy officer have any training?

You don’t need to have any formal training to be a privacy officer but you must understand the Privacy Act and its privacy principles.

The Office of the Privacy Commissioner has some useful free training modules on its website: 

There is also a Privacy Officers Round Table forum called PORT in Auckland, Wellington and Christchurch. PORT is an active network that meets regularly and further information can be found here:

What does a privacy officer do?

A privacy officer ensures the agency is complying with the Act and they also are involved in responding to privacy requests, managing any complaints and dealing with data breaches. The privacy officer will also be responsible for working with the Office of the Privacy Commissioner during the investigation of complaints.

The privacy officer should also be responsible for developing privacy policies and educating and training staff about the Privacy Act and how it applies to your organisation. 

If the information in this article has raised some questions for you or you would like any further advice, please contact us.


AskUs | Article | What does the Privacy Act apply to? | Office of the Privacy Commissioner