Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Your responsibilities

Print | Email this page

Privacy officers

Two Maori woman at work look at a laptop screen together.

The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.

The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.

Who should be a privacy officer

The person responsible for privacy matters depends on the size of your organisation, the work it does, and what personal information it handles.

In smaller organisations, the manager is normally responsible for all legal compliance, including privacy. Often an in-house complaints, human resources, or legal team will do privacy work as part of their duties. Large organisations, or organisations that handle a lot of personal information, may need one or more employees to be focused exclusively on privacy matters.

Whoever takes on the duties of a privacy officer, it’s important for managers in the organisation to take their advice seriously.

Why you need a privacy officer

As well as being required by law, having a privacy officer is useful for your organisation. Good privacy builds trust with clients and employees and enhances a business’ reputation. An internal privacy adviser who is familiar with the business and privacy law adds value to your organisation.

Privacy officers can prevent or fix privacy issues before they become serious problems. This can save you money, or lost business. If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.

The duties of a privacy officer

Under the Privacy Act, the privacy officer must:

  • be familiar with the privacy principles in the Privacy Act
  • work to make sure the organisation complies with the Privacy Act
  • deal with any complaints from the organisation's clients about possible privacy breaches
  • deal with requests for access to personal information, or correction of personal information
  • act as the organisation's liaison with the Office of the Privacy Commissioner.

This doesn’t mean that the person who has been appointed as the Privacy Officer has to be the person individually responding to access and correction requests or complaints, but they will need to have oversight over the processes and policies that are followed by the people in the organisation who are responding to the requests and complaints. 

They may also:

  • train other staff at the organisation to deal with privacy matters
  • advise their organisation on compliance with privacy requirements
  • advise their organisation on the potential privacy impacts of changes to the organisation's business practices
  • advise their organisation if improving privacy practices might improve the business
  • be familiar with any other legislation governing what the organisation can and cannot do with personal information.

Help for privacy officers

Back to top