What is a privacy officer? Am I required to have a privacy officer?

Under the Privacy Act, every agency(external link) is required to have a privacy officer. If you encounter an organisation that does not have a privacy officer, you should let it know that it is required by law to have one.

No special training or qualification is required to be a privacy officer, but you do need to understand the Privacy Act's privacy principles, as the privacy officer is responsible for:

• Ensuring that the agency complies with the Act;

• Dealing with requests made to the agency for access to, or correction of, personal information (in large agencies the privacy officer may do this by ensuring there is a process in place for responding to such requests. In a smaller agency the privacy officer might deal with such requests directly).

• Working with the Privacy Commissioner during the investigation of complaints.

For basic training on the Privacy Act, you can check out our online modules (you’ll need to register to use the modules, but this is completely free).

Privacy Officers are also always welcome to contact us on 0800 803 909 with general enquiries.

From time to time, we also get asked if a privacy officer needs to be a New Zealander. The answer is no. Anyone can be a privacy officer as long as they have the right qualities for the role.

Updated December 2020