How New Zealand and Australian businesses keep offshored data compliant — the NZ Privacy Act 2020 and the Australian Privacy Principles, explained plainly.
Information Privacy Principle 12 governs disclosing personal information to a recipient outside New Zealand. It is permitted where the overseas recipient is required to protect the information with safeguards comparable to the Act — for example through certification and contractual obligations. A provider with NZ-led management and clear data terms is built to meet this test.
APP 8 covers cross-border disclosure of personal information. The disclosing entity generally remains accountable for the overseas recipient's handling of the data, so it must take reasonable steps to ensure the recipient complies. Certified security controls plus contractual data-handling provisions are the practical way Australian businesses discharge that responsibility.
Generally yes, with appropriate safeguards. Under the NZ Privacy Act 2020 (IPP 12) you may disclose personal information overseas where the recipient has comparable safeguards; under the Australian Privacy Principles (APP 8) you remain accountable for the recipient's handling. A provider with contractual data terms and NZ-led management helps satisfy both. This is general information, not legal advice.
Yes. PCS works under confidentiality and data-handling terms appropriate to each engagement — including NDAs and data-processing provisions — backed by documented security controls.
Work is performed in the PCS-managed, access-controlled delivery centre in Suva, Fiji, on managed devices and a secured network — not from unmanaged home setups unless explicitly agreed and secured.
Yes. We provide certification evidence and complete standard security questionnaires as part of onboarding. Start the conversation.
We'll complete it from our existing security evidence pack and walk your team through our controls.
Talk to PCS about compliance →