With the introduction of IPP3A from 1 May 2026, all businesses and organisations, and their advisers, face a significantly more onerous privacy obligations. Hear directly from the Office of the Privacy Commissioner and an experienced privacy practitioner on what IPP3A means in practice, how it affects existing privacy practices and processes and the steps agencies (all businesses and organisations) should be taking now to prepare for the new legal landscape.
Wednesday, 10 June 2026
Description
Attend and earn 1 CPD Hour
12.00pm to 1.00pm New IPPA3 Privacy Legislation: Hear from the Office of the Privacy Commissioner
From 1 May 2026, IPP3A comes into force and agencies and their advisors need to be ready. Join Steph Gregor (Office of the Privacy Commissioner) and Dr Maria Pozza (Gravity Lawyers) as they break down what the new principle requires, how it flows through to the Codes of Practice, and what practical compliance might look like for agencies.
- Understand what IPP3A requires, why it has been introduced, and how it changes existing collection obligations under the Privacy Act
- Hear directly from the Office of the Privacy Commissioner on regulatory intent, expectations, and areas of compliance risk
- Examine how IPP3A interacts with and flows through to the Codes of Practice, including where agencies may need to adjust current processes
- Identify the practical impacts for agencies, including changes to collection practices, notices, policies, and internal governance
- Gain clear, actionable guidance on practical compliance steps for agencies and lawyers advising them ahead of the 1 May 2026 commencement date
Presented by Steph Gregor, Manager – Capability and Guidance, Office of the Privacy Commissioner
Chair:
Dr Maria Pozza, Director - Lawyer, Gravity Lawyers
Learning Objectives:
- Understand the scope and effect of IPP3A, including how it changes personal information collection obligations under the Privacy Act
- Identify how IPP3A flows through to the Codes of Practice and where existing agency processes may need to change
- Recognise the key practical steps agencies and advisers should take to prepare for compliance from 1 May 2026
Presenters
Steph Gregor, Manager – Capability and Guidance, Office of the Privacy CommissionerSteph Gregor manages the Capability and Guidance team at the Office of the Privacy Commissioner. With a background as a lawyer, she has a reputation for taking technical, often complex information, and making it plain and clear. Steph has most recently overseen the development of biometrics guidance and has spoken to organisations across the motu about the upcoming IPP3A changes. She regularly speaks on behalf of the Office on a range of privacy-related topics.
Dr Maria Pozza, Director - Lawyer, Gravity Lawyers
Dr Maria Pozza is a seasoned corporate and commercial Lawyer in New Zealand. She’s the director of law firm - Gravity lawyers. Maria has a wealth of experience as both a private and in-house practitioner with a passion for contracts. Her goal is to simplify the complexities around contracts for her clients. Her expertise extends to space law, cyber, tech, IT, data and privacy.
