Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

We have produced a general privacy brochure. It is called Your personal information - Know your privacy rights. Get your copy now or have some in your workplace. You can view and print off the brochure here (English version), or Te Reo version, or order copies from us by emailing orders@privacy.org.nz.

Here's the information you'll find in it:


What is ‘personal information’?

Personal information is any information that is about you. That’s quite a lot when you think about it!

Your name is the most basic example, but it’s just the beginning. Other examples of personal information include your address, a picture of your face or even a record of your opinion and views. Anything that is about you is personal information.

Protecting your personal information

Under the law, organisations and businesses have to respect your personal information.

How the Privacy Act can help you

The Privacy Act is about you and the information that is held about you.

The Privacy Act has a set of principles for handling personal information. It requires organisations and businesses to follow certain principles when collecting, using and storing your personal information.

The basics

When a business or other organisation gathers information about you, they need to get your permission to do so. They also need to be clear about what they are gathering and what they will use it for.

They must not share your information without your knowledge or approval. When organisations have information about you, they must let you see it whenever you ask.

Businesses and other organisations also need to make sure your information is accurate and is kept securely. When they no longer need your information, they need to safely destroy it.   

What a privacy breach looks like

Here are some of the ways that your privacy could be breached:

  • Your information is given to someone you didn’t authorise (for example, by delivering your letter to the wrong house)
  • Wrong information is held about you (for example, a record of a debt that you never had)
  • Information is collected without your consent (for example, a video camera in a private place)
  • You ask for your information and the business refuses to give it to you.

What do I do if my privacy is breached?

1)    Tell the agency responsible what happened. They may be able to quickly solve the problem for you.

2)    Contact our enquiries team: go to our website and fill in our online enquiries form. We’ll talk to you about possible next steps.

3)    Make a complaint to our office. You can file a complaint online on our website: www.privacy.org.nz.

Making a complaint and reaching a settlement

When you make a privacy complaint, investigators at the Office of the Privacy Commissioner will determine whether your complaint has substance and try to help you reach a settlement with the agency you’re complaining about.

Settlements don’t have to be financial. We’ve seen a range of measures over the years – for example, flowers, gift baskets and in one case, an overseas holiday for the complainant and their partner.

It’s a matter of what will resolve the complaint for both parties – the complainant and the respondent.

Case study: Medical information

A doctor dictated notes about a very ill patient. The employee who typed them up recognised the patient’s name and told a mutual friend that she was sick. The friend called the patient to console her. The patient was upset about this as she had not told any of her friends about her condition. When she made a complaint, the hospital apologised and gave her financial compensation her for the emotional harm the breach of her privacy had caused.  

Case study: A debt collection agency chases the wrong person

A debt collection agency demanded a man pay a rental debt that he said he did not owe. In an attempt to clear his name, the man requested information from the collection agency about the disputed debt but was refused the information. 

The man complained to our office and we investigated. We were able to help the man verify his identity with the collection agency. Once we confirmed to the collection agency that the man was not the debtor, the collection agency apologised to him and assured him that it would stop chasing him.

The Privacy Commissioner

The Privacy Commissioner makes sure people follow the Privacy Act and investigates possible breaches of the Act.

The Privacy Commissioner also makes sure people know their rights and obligations under the Act by promoting privacy to the public.

Of course, the Commissioner doesn’t work alone. The Privacy Commissioner’s office employs staff in areas like investigations, policy, law and communications.

Who needs to follow the Privacy Act?

Almost all organisations and businesses must follow the Privacy Act. This includes government departments, clubs, schools, churches, retail establishments and more.

In most cases, the Privacy Act does not apply to the actions of individuals. This changes when the personal information involved is highly offensive.


To find out more, or make a complaint online, visit our website: www.privacy.org.nz

For information about a privacy issue:

Facebook https://www.facebook.com/PrivacyNZ

Twitter @NZPrivacy

YouTube PrivacyNZ

Instagram  nzprivacy.

12 privacy principles

Businesses, government organisations and other organisations must...

  1. Only collect information about you that they really need
  2. Get it from you wherever possible
  3. Tell you what personal information they are collecting and why they are collecting it 
  4. Be fair about how they get it
  5. Keep it secure
  6. Let you see it if you want to
  7. Fix it if you think it's wrong
  8. Take care that it's accurate before using it
  9. Dispose of it as soon as possible when they don't need it any more
  10. Use it for the purpose they got it
  11. Only disclose it if they have a good reason
  12. If an agency uses a unique identifier (such as a client number) to identify you, it cannot use the same identifier that another agency uses.