Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Knowledge is power – a cliché, sure, but for a reason. As an agency, the more you know about your clients, the more effective your service can be. It makes sense to gather as much information as possible about the people you interact with. So why wouldn’t you?
Well, the Privacy Act restricts what personal information you can collect and how you can collect it. The Act also obliges you to keep information safe from misuse or unnecessary disclosure, and make sure it’s accurate.
A quick tour of the privacy principles
Personal information is both a valuable asset and a risk, so it’s worth thinking about whether you really need the information you want to collect.
Do I have a legal reason for collecting personal information? Is that reason connected to my agency’s work? You should ask yourself these questions before collecting personal information.
It might be obvious why you need the information at first, but you may find you only need some of it, or you don’t need it at all.
You should only collect the smallest amount of personal information you need to complete a task. Let’s take landlords collecting information from potential tenants as an example. There’s some information you need, such as:
But some collection is harder to justify. People have complained to us about landlords asking for:
It’s not clear how this information would help you decide if someone would be a suitable tenant, and collecting it seems excessive.
Principle five of the Act requires you to take reasonable steps to secure the personal information you hold from loss, misuse, and disclosure.
What counts as reasonable depends in part on how much information you hold and how sensitive it is. Holding excessive personal information makes data breaches and accidental disclosures more likely and more serious.
Storage and security of personal information (principle five)
Principle six entitles people to access the information you hold about them. If you have lots of information, you’re going to get more requests and you’ll need more sophisticated record keeping so you can answer them.
Access to personal information (principle six)
Sometimes Police or other government agencies ask for information about someone to help them maintain the law. Principle 11 lets you disclose personal information to these agencies if you decide it’s necessary to maintain the law.
This can be a difficult decision, but collecting less information will make it simpler.
Our website has a lot of information to help you with collecting information and other obligations you have under the Act.
Get started with our Privacy Impact Assessment Toolkit
Your obligations under the Privacy Act
Image credit: Morepork by Duncan Watson via New Zealand Birds Online
Back