Tūhono│Connect

Privacy Week is five days of free webinars that promote privacy awareness regardless of how much you already know.

The theme for this year is Foundations of the Future | He Tūāpapa Anamata.

You can download and use Privacy Week 2026 design assets

We've created a suite of bilingual design assets like posters, social media posts, and screensavers for you to use to promote Privacy Week. We've also made editable posts that you can change to promote a webinar of your choice, as well as dyslexic-friendly poster options.

See the downloadable design assets further down this page.

Privacy Week 2026 programme

If you have accessibility needs please let us know. We can translate some webinars into sign language, or ask for slides from presenters if that will help your experience. Contact us at privacyweek@privacy.org.nz

We will record our webinars and share them soon afterwards on our YouTube channel
We will automatically send out CPD confirmations after each webinar. You don't need to request those.

Monday 11 May
10am-11am	Sharing Our Most Sensitive Data in an Age of Future Risk (beginner) Speaker: Associate Professor Andelka Phillips, Associate Professor in Law, Technology Law specialist We are living in a data driven age where rapid deployment of Artificial Intelligence in a wide variety of contexts is contributing to increasing privacy risks on a massive scale. This webinar will provide an overview of risks for privacy in the context of services that rely on sensitive data. This will consider the example of the personal genomics industry and the 23andMe data breach and its aftermath. It will also consider some related examples of other industries that rely on sensitive data, such as online data. It will include suggestions for key questions to consider when we share our sensitive data and make suggestions for reform. Sign up to watch this webinar.
12pm-1pm	Your AI Doesn’t Know Where It Is: Privacy Foundations for a Cross-Border World (intermediate) Speaker: Adrian J. Carter, Strategic Director, AI Governance Australia (AIGA) AI tools don’t respect borders - but privacy regulators (increasingly) do. In the sprint to 2026, businesses across the Asia-Pacific were caught between frameworks that range from what was once voluntary (Australia) to actively enforced with traditional and modern compliance mechanisms (Thailand and APAC). This session explores what happens when the same AI system is legal in one country and a compliance risk in another, and what privacy professionals need to build into their foundations now before the regulatory walls go up. Drawing on real-world examples from the Australia-ASEAN corridor, Adrian J. Carter - Governance and Strategy Lead at AI Governance Australia (AIGA) and admitted New Zealand and Australian lawyer - breaks down the practical collision between AI adoption and cross-border privacy enforcement, with a focus on what “doing the basics well” actually looks like when the basics depend on which jurisdiction you woke up in. Expect sharp insights, zero jargon, and at least one cautionary tale involving iris scans and cryptocurrency. Sign up to watch this webinar.
1.30pm-2.30pm	Cybersecurity is a solved problem: why are breaches still happening? (beginner) Speaker: Jim Rush, Principal Security Consultant We’ve collectively solved a lot of the technical reasons that privacy and data breaches happen, yet individuals and organisations are still getting hacked. Let's look at why this is, some more technical reasons this happens, the human factors, the economic incentives and the operational realities that prevent us from securing things properly in 2026. Sign up to watch this webinar.
3pm-4pm	Privacy, Disinformation and the Safety of Women in Public Leadership (beginner) Speaker: Tory Whanau, Former Mayor of Wellington This webinar features an interactive discussion on how privacy frameworks intersect with the safety, wellbeing and participation of women in public life. Drawing on the perspective of a former civic leader with lived experience of disinformation and online abuse, the session will also explore how these challenges may evolve and intensify as we approach the General Election. Rather than focusing solely on policy theory, this conversation centres on practical solutions, connecting privacy principles with real-world leadership experience to identify clear, actionable pathways forward. Sign up to watch this webinar.
Tuesday 12 May
10am-11am	Indigenous Data Sovereignty and AI (intermediate) Speaker: Dr Sam Manuela, Associate Professor Faculty of Science, Psychology and Associate Dean Pacific, University of Auckland Details to come.
12pm-1pm	Privacy after search. What changes when AI becomes the interface to organisational knowledge? (intermediate) Speaker: Sarah Heal, Chief Executive Officer, Information Leadership Most privacy and governance approaches were designed for a world where people had to go looking for information. AI removes that step. Asking a question can now surface, summarise, and connect information from across an organisation in seconds. The underlying access may not have changed. But exposure has. This session looks at how the shift from search to synthesis changes the privacy conversation. From access to exposure. From documents to meaning. From what exists to what can be inferred. A practical, thought-provoking look at what needs to evolve as AI becomes embedded in everyday work. Sign up to watch this webinar.
1.30pm-2.30pm	In the Eye of the Storm: Navigating Privacy Incidents with Clarity and Control (intermediate) Sukhjit Gill, Head of Risk, Compliance and Regulatory Affairs at Southern Cross Privacy incidents test more than systems - they test governance frameworks, decision-making discipline, organisational culture, and how effectively risk, legal and operational teams work together under pressure. They reveal whether escalation pathways function in practice and whether risk appetite translates into sound real-time judgement. This session will explore how organisations can respond to privacy events with clarity, proportionality and control. We will examine decision-making in the first 72 hours, board engagement, and how to avoid the common pitfalls of overreaction or paralysis. Designed for senior leaders, risk and privacy professionals, this webinar offers practical frameworks and structured thinking to help organisations hold their centre, communicate with confidence, and emerge from incidents with trust intact. Sign up for this webinar.
3pm-4pm	Introduction to Identification Management (beginner) Speakers: Joanne Knight & Daniel Anderson, Identification Management team at the Government Digital Delivery Agency Learn about the foundations of identification management and how to apply consistent, good practice methods to protect people from fraud and keep their information safe. Sign up for this webinar.
Wednesday 13 May
9am-10am (note the earlier start time)	On Privacy and Technology - in partnership with IAPP Speaker: Dan Solove, International Expert in Privacy Dan will address the question: Can privacy law keep up with new digital technologies such as AI? He will argue that it is possible to protect privacy in the age of AI, but it requires dispelling common myths of technology that impede regulation, such as the myth that regulation stifles innovation, the myth of technology neutrality, the myth of technology exceptionalism, and the myth of the privacy paradox. Sign up for this webinar.
12pm-1pm	Who's responsible? Controllers, processors and the Privacy Act in practice (intermediate) Speakers: Daimhin Warner and Frith Tweedie, partners at Simply Privacy Recent incidents such as the Manage My Health and MediMap breaches have highlighted ongoing confusion about where accountability lies when organisations rely on service providers. The use of third-party services, including SaaS platforms and AI tools, is now commonplace, making it increasingly important to understand who remains responsible for personal information. This practical session will explore how section 11 of the Privacy Act applies when personal information is handled by service providers. It will help organisations and vendors understand when a third party is acting on behalf of another organisation, where accountability for privacy compliance sits, and what this means in practice when engaging external platforms and services. Sign up for this webinar.
1.30pm-2.30pm	Patching the Leaks in Your NFP Organisation - Privacy and Data Security for Not-For-Profits (beginner) Speakers: Louisa Joblin, Special Counsel at MoranLaw; Jo Cribb, experienced Chief Executive; and Anthony McMahon, IT expert This webinar steps through the principles of good privacy practice in a way that works for NFP realities: Understanding the Law (Louisa Joblin) Louisa (Lou) Joblin, Special Counsel at MoranLaw and specialist in privacy and not for profit law, will break down the legal requirements that matter most for NFPs. Lou will explain how the Privacy Act applies in practice, what “reasonable steps” look like for small or resource constrained organisations, and where NFPs often face risk. Governance in the Real World (Dr Jo Cribb) Dr Jo Cribb, experienced Chief Executive, board director, strategist, and gender and policy expert who regularly supports not for profit organisations, will explore what good privacy and data security governance looks like from a board and leadership perspective. She’ll discuss the reality of setting expectations, managing risk, and embedding privacy practice when capacity is limited. Practical Implementation (Anthony McMahon) With over 20 years’ experience in the IT sector and deep involvement in building secure systems for NFPs, Anthony McMahon will share an honest view of what implementing privacy and security measures actually looks like on the ground. He’ll talk through the challenges, what has worked well, what hasn’t, and simple changes that make a big difference, drawing on his own experience as Chair of the Board of Camp Quality. Sign up for this webinar.
3pm-4pm	OPC Guidance: tell us how we can help you! (beginner) Speaker: Steph Gregor, Manager, Capability & Guidance at the Office of the Privacy Commissioner Steph wants to hear about what guidance works best for you. Steph will talk about OPC's evolving approach to guidance, how we currently go about drafting guidance, and what we've learned over the last few years. She also wants to hear from you about what works and what doesn't. Are there topics you'd like us to create or update guidance on? Are there different ways of communicating our guidance that would work better for you? Is there anything we've done that you've found particularly useful and want us to do more of? Come along with any questions you have and take the opportunity to influence where OPC's guidance heads in the future! Sign up for this webinar.
Thursday 14 May
10am-11am	Are Principles Enough? Children, Algorithms and the Case for Greater Protection Annette Mills, The University of Canterbury, and Privacy Foundation New Zealand Children’s Privacy Working Group Children and young people in Aotearoa New Zealand are growing up in an increasingly data-driven world. From educational technology platforms and learning analytics in schools to social media, gaming apps, and AI-powered services, children’s personal information is routinely collected, analysed and used to shape their online experiences. Recent guidance released by the Office of the Privacy Commissioner as part of its Children and Young People Policy Project highlights the need for organisations to take greater care when handling children’s data. At the same time, internationally there has been a growing shift toward stronger, child-specific protections, including the UK’s Age Appropriate Design Code, enhanced safeguards under the GDPR, and Australia’s recently enacted Online Safety Amendment (Social Media Minimum Age) Bill. This raises an important question: Is New Zealand’s principles-based Privacy Act enough to protect children in the age of algorithms? As part of Privacy Week, this webinar will explore: 1. How algorithmic processing and AI-driven systems affect children’s privacy in schools and online environments. 2. Whether existing consent and transparency models adequately protect tamariki and rangatahi. 3. The emerging global move toward child-specific privacy protections. 4. What stronger safeguards might look like in Aotearoa. 5. What practical steps can educators, organisations, parents and policymakers take now. This session is open to anyone interested in children’s privacy, digital governance, and the future of data protection in New Zealand, including educators, privacy professionals, policymakers, industry, and whānau seeking to better understand how to safeguard children in a rapidly evolving digital landscape. Sign up for this webinar.
12pm-1pm	Your data will be used against you (beginner) Speaker: Andrew Guthrie Ferguson, the George Washington University Law School In this webinar George Washington University Law Professor Ferguson warns us of how the rise of sensor-driven technology, social media monitoring, and artificial intelligence can be weaponised against democratic values and personal freedoms. At the same time, that data will solve crimes, radically transforming how criminal cases are prosecuted. Ferguson will explore how this proliferation of private data in combination with public surveillance networks promises new ways to solve previously unsolvable crimes but also leaves us vulnerable to governmental overreach and abuse. He will propose legal interventions that address the threat of digital self-surveillance and provide concrete suggestions about how legislators, judges, and communities should respond to the growing threats to privacy in the digital age. Sign up to this webinar.
1.30pm-2.30pm	Identity, Applications, and the New Privacy Risk Surface: Lessons from Aotearoa’s Evolving Threat Landscape (intermediate) Speakers: Ian Peters, Director of Security Testing and Assurance and Damien Ryder, Identity and Access Management at CyberCX New Zealand organisations are facing a rapidly shifting privacy and cyber risk environment, with recent high‑profile breaches highlighting how attackers continue to seek sensitive personal information. As cloud adoption accelerates and digital services become more interconnected across government and industry, the identity of both the consenting source of the data, and the consumers and processors of it, have become more complex. When paired with issues in the underlying implementation of controls, this can leave the privacy of personal information at risk. This session explores how application security and identity & access management play separate but related roles in protecting personal information in Aotearoa, and the many areas where design and implementation can lead to security vulnerabilities. Attendees will gain practical, high-level, guidance aligned with the Privacy Act 2020 for uplifting identity security, and application logic across modern cloud and SaaS environments, with relevance to both public and private sector digital services. Sign up for this webinar.
3pm-4pm	Doing the right thing with personal information - Kia tika te tiaki raraunga Māori (beginner) Speaker: Shane Heremaia, Pou Ārahi at the Office of the Privacy Commissioner How can we ensure our use of personal information is tika? This presentation explores a te ao Māori approach to protecting personal information, using a practical example about flawed image use to illustrate how tikanga concepts guide respectful decisions that are tika or correct. Privacy law supports this approach through a shared focus on protecting human dignity and avoiding harm. Sign up for this webinar.
Friday 15 May
10am-11am	Balancing Privacy and Access - When Adaptations Are Necessary (beginner) Speaker: Ben O’Meara, Policy and insights Deputy Chief Executive, Whaikaha Ben, who is blind, will talk about privacy considerations for the disabled community and give insights into what it’s like navigating personal information when you sometimes need to rely on other people. Sign up for this webinar.
12pm-1pm	Sharing information to protect the wellbeing and safety of children and young people (intermediate) Speaker: Clare Ruru, Information sharing and privacy specialist Timely and effective information sharing is a critical to ensuring the wellbeing and safety of children and young people and protecting people from family violence. New Zealand has bespoke legislation enabling agencies and organisations to share information with each other in for these purposes, but we are not using this legislation as well as we should be. In this webinar, Clare Ruru provides an overview of this legislation and practical guidance on how to apply it your day-to-day work. Clare wrote guidance on this topic while on secondment to the Office of the Privacy Commissioner. Read the guidance. Sign up for this webinar.
1.30pm - 2.30pm	One step at a time: getting your privacy system sorted (beginner) Speaker: Steph Gregor, Manager, Capability & Guidance at the Office of the Privacy Commissioner If you're brand new to thinking about privacy it can be overwhelming to work out where to start. The good news is that getting your privacy systems up to scratch doesn't have to be hard. Steph Gregor, Manager of Capability & Guidance at the Office of the Privacy Commissioner will work through a step by step approach that you can take to figure out: what is required for your organisation to meet privacy requirements how to identify any changes you need to make simple ways to make these changes. Expect a practical, pragmatic session that will help you understand what you have to do and how to do it. Sign up for this webinar.
3pm-4pm	The Privacy Pitfalls of AI (beginner) Speakers: Varun Joshi, risk specialist at OneTrust Join this session to learn how rapid AI adoption can expose organisations to hidden privacy risks. In this session we'll unpack how core privacy principles - such as purpose limitation, data minimisation, and consent - apply to generative AI, and share practical guidance for managing risk without slowing innovation. Sign up for this webinar.