Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
We have an important role in monitoring the information sharing that government agencies undertake. Our approach is to support the sharing of personal information that is of public benefit and that is necessary and proportional.
The Privacy Act authorises government agencies to share personal information in several ways:
The Privacy Act also provides for agencies (both government and non-government) to share personal information in accordance with the Privacy Principles or Codes of Practice issued by the Privacy Commissioner.
Government agencies can also be authorised through legislation to over-ride some of the Privacy Principles.
Introduced in 2011, AISAs enable personal information to be shared between (or within) agencies for the purpose of delivering public services. These agreements are created by regulations through Order in Council and in consultation with the Privacy Commissioner.
AISAs are listed in Schedule 2 of the Privacy Act. We provide a summary of the current AISAs.
The lead agency for the AISA must publish a copy of the agreement online, and must report on activity as specified by the Privacy Commissioner (see s13 of the Privacy Regulations 2020).
An online training module 'An A to Z of AISAs' teaches you what an AISA is, how to build a case for one, how to develop one and how to get one approved. You can also read our guidance, “An A to Z of Approved Information Sharing Agreements” (opens to PDF, 885 KB).
These provisions in the Privacy Act enable the sharing and verification of identity information between core public services such as policing, health, immigration, corrections, and at the border. Introduced in 2017, these provisions provide for information flows about identifying information (including biometric information) between specific government agencies to enable better identity verification of individuals for the purposes of preventing, detecting, investigating, and prosecuting offences.
These provisions were part of the original Privacy Act 1993 to enable the sharing of law enforcement information between the Courts, Police, Corrections the Ministry of Justice and also the registrar of motor vehicles.
Part of the original Privacy Act 1993, Part 7 sub-part 4 and Schedule 6 of the Privacy Act provides a set of rules dealing with the supervision and operation of authorised information matching programmes, which are specific provisions in legislation that authorise government agencies to share personal information.
Information matching provisions are authorised by statute and these are listed in Schedule 5 of the Privacy Act 2020.
Our list of the information matching provisions and the matching programmes operated under those provisions provides a description and the compliance rating of each provision.