If you’re running a business in New Zealand and you’ve started using AI tools—ChatGPT for drafting emails, Claude for summarising reports, or Cursor for coding,you’ve probably had that nagging thought: am I breaking privacy law?

The short answer: possibly, but it’s fixable.

The longer answer is what this article covers. The Privacy Act 2020 didn’t anticipate the current wave of AI tools, but its thirteen Information Privacy Principles (IPPs) absolutely apply to how you handle customer and employee data when you feed it into these systems. And unlike the vague guidance you’ll find on overseas sites, this piece is written specifically for New Zealand business owners who need to know what actually matters here.

I’m Sam McKay, founder of Enterprise DNA. We work with NZ and Australian businesses on exactly this challenge. What follows is the practical framework we use when auditing AI use in local firms.

Why the Privacy Act 2020 Matters More Now

The Privacy Act 2020 replaced the 1993 version and introduced mandatory breach notification, higher penalties, and clearer rules about offshore data disclosure. That last part,offshore disclosure,is the big one for AI.

When you paste a client’s email into ChatGPT or upload a spreadsheet to Claude, you’re usually sending that data to servers overseas. OpenAI’s infrastructure is primarily US-based. Anthropic (Claude) operates across the US and UK. Google (Gemini) routes through multiple jurisdictions. Under Privacy Principle 12 (PP12), you need to take reasonable steps to ensure offshore recipients handle information in a way that’s comparable to New Zealand’s protections.

Most business owners don’t realise they’re making an offshore disclosure every time they use these tools. The Privacy Commissioner’s office has been clear: ignorance isn’t a defence. If you’re handling personal information,names, emails, financial details, health records,and you’re using AI tools, you need a process.

The penalties have teeth now. Serious or repeated breaches can result in fines up to NZD $10,000 for individuals or companies. The Privacy Commissioner can also issue compliance notices and, in extreme cases, seek prosecution. But the bigger risk is reputational. One Auckland law firm I know of had a junior associate paste a client’s property settlement details into an AI tool to draft a letter. The client found out. The firm settled quietly, but the partner told me it cost them six figures in legal fees and lost business.

The Thirteen Privacy Principles That Apply to AI Use

The Privacy Act 2020 has thirteen Information Privacy Principles. Not all are equally relevant to AI, but six matter a lot:

PP1: Purpose of collection. You can only collect personal information if you have a lawful purpose and it’s necessary for that purpose. This principle doesn’t directly govern AI use, but it governs what data you have in the first place. If you’re feeding customer data into AI tools for purposes beyond what you originally collected it for, you’re on shaky ground.

PP3: Collection from the individual. Generally, you should collect information directly from the person it’s about. If you’re using AI to scrape or infer information about people,say, using Perplexity to research a client’s background,you need to think about whether you’ve met this principle.

PP10: Limits on use of personal information. You can’t use personal information for purposes other than what you collected it for, unless the person authorises it or an exception applies. Using client data to train an AI model (which some tools do by default) is almost certainly a breach unless you’ve got explicit consent.

PP11: Limits on disclosure. You can’t disclose personal information unless the person authorises it or an exception applies. Uploading data to an AI platform is a disclosure. Most businesses miss this.

PP12: Disclosure of personal information outside New Zealand. Before you disclose personal information to someone overseas, you must take reasonable steps to ensure they’ll protect it in a way that’s comparable to New Zealand law. This is the big one for AI. OpenAI, Anthropic, Google,they’re all overseas entities. You need to satisfy yourself that their data handling meets this standard.

PP13: Unique identifiers. You can only assign unique identifiers (like customer IDs) if it’s necessary for your functions. Some AI tools generate or use unique identifiers for tracking purposes. If you’re using those identifiers in ways that go beyond what you told customers, you’re at risk.

The other principles (around accuracy, security, access, correction) also apply, but these six are where most businesses trip up with AI.

What “Reasonable Steps” Means for Offshore AI Tools

PP12 is the one that keeps compliance officers awake. The law says you must take “reasonable steps” to ensure offshore recipients protect information in a way that’s comparable to NZ law. What does that mean in practice?

The Privacy Commissioner’s guidance suggests you should:

• Check the recipient’s privacy policy and terms of service.
• Assess the legal protections in the recipient’s country.
• Use contractual protections where possible (data processing agreements).
• Consider technical safeguards (encryption, access controls).
• Document your assessment.

For most AI tools, you can’t negotiate a custom contract. You’re accepting their standard terms. So your “reasonable steps” come down to: read the privacy policy, understand where the data goes, assess the risks, and document your decision.

Let’s walk through the current major platforms:

OpenAI (GPT-4o, o3, o4-mini): OpenAI’s privacy policy states that data submitted via the API is not used to train models unless you opt in. Data submitted via the ChatGPT interface (free tier) is used for training unless you opt out in settings. Data is processed primarily in the US, with some infrastructure in the EU. OpenAI is not subject to NZ law, but it complies with GDPR in the EU, which is broadly comparable. For business use, you should use the API or ChatGPT Team/Enterprise plans, which offer data processing agreements and commit not to train on your data.

Anthropic (Claude Opus 4-8, Sonnet 4-6, Haiku 4-5, Fable 5): Anthropic’s terms state that data submitted via the API or Claude Pro/Team is not used for training. Data is processed in the US and AWS regions globally. Anthropic offers a data processing addendum for business customers. The new Claude Fable 5 model, released in June 2026 with enhanced safeguards, is available on the same terms.

Google (Gemini 2.5 Pro, Gemini 2.5 Flash): Google’s Gemini privacy policy distinguishes between consumer and Workspace use. If you’re using Gemini via a personal Google account, your data may be used to improve services. If you’re using it via Google Workspace with a business account, Google commits not to use your data for ad targeting or model training (with some exceptions for abuse detection). Data is processed globally across Google’s infrastructure. Workspace customers get a data processing amendment that references GDPR-level protections. The upcoming Gemini 3.5 Pro, expected in June 2026 with 2 million token context, will likely operate under the same terms,but verify with your lawyer or advisor when it launches.

Cursor (Bugbot, Composer 2.5): Cursor is an AI-powered IDE built on top of VS Code. It uses multiple underlying models (OpenAI, Anthropic, others) depending on the task. Cursor’s privacy policy states that code you write is not used to train models unless you explicitly opt in. However, when you use Cursor’s AI features, your code is sent to the underlying model providers. Cursor offers a privacy mode that keeps data local where possible, but some features require cloud processing. For businesses handling sensitive code, Cursor recommends using their Teams plan with a data processing agreement. The recent Bugbot update (June 2026) that completes reviews in 90 seconds uses the same privacy framework.

Perplexity (Sonar Pro, Computer): Perplexity is a search-augmented AI tool. When you use it, your queries and the results are processed on Perplexity’s servers, which use multiple underlying models. Perplexity’s privacy policy states that queries may be used to improve the service unless you opt out. For business use, Perplexity offers a Pro plan with a commitment not to train on your data. The new Computer feature (June 2026), which routes tasks across 20+ models, processes data across multiple jurisdictions,verify the current data flow with your advisor before using it for sensitive work.

Mistral (Mistral Large 2): Mistral is a European AI provider. Data is processed primarily in the EU, which has stronger privacy protections than the US (GDPR). Mistral’s terms state that API data is not used for training. For NZ businesses, Mistral’s EU base may make PP12 compliance easier, but you still need to document your assessment. Note that Mistral is currently seeking a €3B raise at a €20B valuation (June 2026), which may signal changes to their service offerings,verify current terms with your advisor.

The common thread: for business use, you need a paid plan with a data processing agreement. Free tiers almost always reserve the right to use your data for training or improvement.

Practical Steps for NZ Businesses Using AI

Here’s the framework we recommend:

Step 1: Audit what you’re using. Make a list of every AI tool your business uses. Include the obvious ones (ChatGPT, Claude) and the less obvious ones (AI features in Xero, MYOB, your CRM, your email client). Many SaaS platforms have quietly added AI features in the last year. You need to know what’s running.

Step 2: Identify what data you’re feeding in. For each tool, ask: what personal information are we putting into this? Customer names? Emails? Financial details? Health information? Employee records? Be specific. The Privacy Act defines “personal information” broadly,it’s anything about an identifiable individual.

Step 3: Check the tool’s privacy policy and terms. Look for:

• Where is data processed? (US, EU, other?)
• Is data used for training?
• Is there a data processing agreement available?
• What security measures are in place?
• What happens to data after you delete it?

Step 4: Assess the risk. Not all personal information carries the same risk. An email address in a marketing list is lower risk than a client’s financial details or an employee’s health record. For high-risk data, you need stronger protections. For low-risk data, standard safeguards may suffice.

Step 5: Document your decision. Write down what you found, what risk you assessed, and what steps you took to mitigate it. This documentation is your evidence of “reasonable steps” under PP12. If the Privacy Commissioner comes knocking, you need to show you thought about it.

Step 6: Update your privacy policy. If you’re using AI tools that process customer or employee data, your privacy policy needs to disclose this. You don’t need to name every tool, but you should say something like: “We may use artificial intelligence tools to assist with [specific purpose]. These tools may process your information on servers located overseas, including in the United States and European Union. We take steps to ensure these tools protect your information in accordance with New Zealand privacy law.”

Step 7: Train your team. Your staff need to know what’s allowed and what’s not. A simple rule: never paste customer names, emails, or other personal details into a free AI tool. If you need AI for work involving personal information, use a business-grade tool with a data processing agreement.

Step 8: Review regularly. AI tools change fast. A tool that was safe last month might change its terms next month. Set a calendar reminder to review your AI use every quarter.

Special Considerations for Sensitive Industries

If you’re in a regulated industry,health, finance, legal,you have additional obligations.

Health sector: If you’re a health practitioner or agency covered by the Health Information Privacy Code 2020, you have stricter rules. Rule 11 of that Code (equivalent to PP12) requires you to take “such steps as are, in the circumstances, reasonable” to ensure offshore recipients provide comparable safeguards. For health information, the bar is higher. Using a free AI tool to summarise patient notes is almost certainly a breach. You need a business associate agreement (or equivalent) with the AI provider, and you need to ensure the tool meets health-sector security standards. AHPRA (the Australian Health Practitioner Regulation Agency, which covers some NZ-registered practitioners) has issued guidance that using AI tools with patient data requires explicit consent unless the use falls within the scope of original consent. Verify the current position with your professional indemnity insurer and legal advisor.

Finance sector: If you’re a financial services provider, you’re likely subject to Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) obligations. Using AI tools to process customer due diligence information raises questions about data security and audit trails. The Financial Markets Authority (FMA) hasn’t issued specific AI guidance yet, but their general data security expectations apply. You need to ensure AI tools don’t compromise your AML/CFT record-keeping obligations.

Legal sector: Law firms hold privileged client information. Using AI tools to draft legal documents or summarise case files can waive privilege if the tool’s terms allow third-party access to the data. The New Zealand Law Society has issued guidance that lawyers must ensure AI tools don’t compromise client confidentiality. In practice, this means using business-grade tools with strong confidentiality commitments, and possibly seeking client consent for AI use in specific matters.

What About Data Sovereignty and Local Hosting?

Some NZ businesses ask: can I just use AI tools that keep data in New Zealand?

The short answer: there aren’t many. The major AI providers (OpenAI, Anthropic, Google) don’t offer NZ-only data residency. Google Workspace and Microsoft 365 (which includes Copilot) offer Australian data residency for some services, but not all AI features are covered.

If data sovereignty is critical,say, you’re a government contractor or handling classified information,you have a few options:

Run models locally. Open-source models like Mistral Large 2 or Meta’s Llama can be run on your own infrastructure. This keeps data entirely under your control, but it requires technical expertise and significant compute resources. For most small to medium NZ businesses, this isn’t practical.

Use Australian-hosted services. Some AI platforms offer Australian data residency, which may be sufficient for your risk appetite. Australia’s Privacy Act 1988 is broadly similar to NZ’s Privacy Act 2020, though there are differences (Australia doesn’t have a mandatory breach notification regime as robust as NZ’s, for example). Using an Australian provider doesn’t automatically satisfy PP12, but it may make the compliance case easier. Verify with your legal advisor.

Anonymise or de-identify data before using AI. If you remove personal identifiers before feeding data into an AI tool, it’s no longer “personal information” under the Privacy Act. This is often the simplest solution. For example, if you’re using AI to analyse customer feedback, you can strip out names and email addresses first. The Privacy Commissioner’s guidance on anonymisation is helpful here,verify the current guidance with your advisor.

Pricing and Practical Costs

What does compliance-friendly AI use cost?

For most NZ businesses, you’re looking at:

• ChatGPT Team: Approximately NZD $50 per user per month (USD $30 x 1.65). Includes data processing agreement, no training on your data, higher usage limits.

• Claude Pro or Team: Approximately NZD $33 per user per month for Pro (USD $20 x 1.65), higher for Team plans. Includes data processing agreement and no training on your data.

• Google Workspace Business Plus (includes Gemini): Approximately NZD $37 per user per month (USD $22 x 1.65). Includes data processing amendment and Gemini access, though some advanced features may cost extra.

• Cursor Teams: Approximately NZD $66 per user per month (USD $40 x 1.65). Includes privacy mode and data processing agreement.

• Perplexity Pro: Approximately NZD $33 per user per month (USD $20 x 1.65). Includes no training on your data.

These are rough approximations based on current USD pricing converted at approximately 1.65 (NZD rates fluctuate). Verify current pricing with each provider.

For a business with ten staff using AI tools, you’re looking at roughly NZD $500-$800 per month for compliance-friendly plans across a few tools. That’s material, but it’s a lot less than the cost of a privacy breach.

What We’re Seeing in NZ and AU Businesses Right Now

In the businesses we work with, the most common mistake is staff using free AI tools without realising the privacy implications. Marketing teams paste customer lists into ChatGPT to draft emails. Finance teams upload Xero reports to Claude to analyse trends. HR teams use AI to summarise employee feedback.

None of this is malicious. It’s just that the tools are so easy to use, and the privacy risks aren’t obvious until someone explains them.

The second most common issue is lack of documentation. Even businesses using paid, compliant AI tools often can’t show they did a PP12 assessment. If the Privacy Commissioner asks, “What steps did you take to ensure this offshore AI provider protects data in a way comparable to NZ law?”, you need an answer. “We paid for the business plan” isn’t enough. You need to show you read the terms, assessed the risk, and documented your reasoning.

The third issue is privacy policy lag. Most NZ business websites have privacy policies that were written before AI became widespread. They don’t mention AI use. If a customer complains, that’s a problem. The Privacy Commissioner expects your privacy policy to be current and accurate.

The Omni Audit Approach

Enterprise DNA works with NZ and AU businesses on this challenge. Our Omni Audit is a 60-minute session where we:

• Map your current AI tool use across the business.
• Identify where personal information is being processed.
• Assess your PP12 compliance for each tool.
• Flag high-risk practices that need immediate attention.
• Provide a written summary with recommended next steps.

We’re not lawyers,we don’t give legal advice,but we know the AI landscape and the NZ privacy framework well enough to help you spot the gaps. Most businesses walk away with a clear action list and a sense of what’s urgent versus what can wait.

Book a 60-minute Omni Audit here: https://calendly.com/sam-mckay/discovery-call?utm_source=edna-landing&utm_medium=blog&utm_campaign=nzau

Final Thoughts

The Privacy Act 2020 and AI tools can coexist. You don’t need to ban AI from your business. You just need to use it thoughtfully.

The key is to treat AI tools the same way you’d treat any other offshore service provider. Would you send customer data to a random overseas company without checking their privacy policy? Probably not. Apply the same logic to AI.

Read the terms. Use business-grade plans. Document your decisions. Update your privacy policy. Train your team.

And if you’re not sure where to start, talk to someone who’s done this before. The cost of getting it wrong,financially, reputationally,is too high to wing it.