Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Show items from between:

Latest in Guidance resources

Displaying 21 - 40 of 44

Information Notice Credit Reporting Privacy Code Amendment No 3

The Privacy Commissioner has recently issued the Credit Reporting Privacy Code Amendment No 3, as notified in the Gazette. The amendment was publicly consulted on in 2009 and will come into force on 22 February 2010.

The Code anticipated a full review two years after it became fully operational. Please note that the Commissioner is undertaking that general review of the code at the present time. This amendment does not arise from that review. Any proposed changes arisi...

Guidance material for Health Practitioners on Mental Health information

Providing mental health services to consumers while recognising their rights to privacy under the law can present unique challenges. Attached are some guidelines, prepared by the Office of the Privacy Commissioner and Mental Health Commission, examining ways in which the sometimes complex balance between private and public interests can be maintained.

Checklist for Ministers and departmental officials

Has the Minister received a request for access to official information?

This may depend on whether it is comment or information already in existence that is requested. A request for information such as a report, memorandum or policy is an official information request and subject to the Official Information Act.

If the Minister is asked to comment on an issue rather than to provide specific information, the request may not be a request for official information. Principle 11 could...

A Guide to the Privacy Act 1993

Personal information held by agencies

The Privacy Act controls how 'agencies' collect, use, disclose, store and give access to 'personal information'.
The privacy Codes of Practice do the same, but they apply to specific areas - particularly health, telecommunications and credit reporting.

Personal information is information about identifiable, living people.

Almost every person or organisation that holds personal information is an 'agency'. So, for...

Guidance Note to Applicants seeking Exemption under Section 54 of the Privacy Act 1993

This guidance note is intended to assist anyone who may be contemplating applying under section 54 of the Privacy Act for an exemption. It has no formal legal status and in all cases persons are referred to the wording of section 54 of the Act itself (the text of which is appended to this note).

1.0 Introduction

1.1 Section 54 of the Privacy Act empowers the Privacy Commissioner to authorise an agency to collect, use or disclose personal information even though th...

Guidance Note on Codes of Practice under Part VI of the Privacy Act

1.0 Introduction
2.0 Nature of Codes of Practice
3.0 Consultation
4.0 Operational Procedures
5.0 Format
6.0 General Content
7.0 Detailed Content
8.0 The Privacy Commissioner's Involvement
9.0 Further Information
10.0 Guidelines Kept Under Review
Appendix A Formulation of a Code of Practice
Appendix B Preferred style for Codes of practice

1.0 INTRODUCTION

1.1 This note considers codes of practice as provided for in the Priv...

Information held by Clubs and Societies

Introduction

The Privacy Commissioner sometimes receives enquiries from voluntary organisations, clubs and societies (we have called these groups “societies” in this paper). These societies ask us how they can protect their members’ privacy.

Sometimes, we also receive complaints that these organisations have breached privacy.

The most common issues are whether societies can collect information about members, whether they can publish membership lists to...

Guidance Note for Departments Seeking Legislative Provision for Information Matching

Information Matching Privacy Impact Assessments

16 May 2008

OFFICE OF THE PRIVACY COMMISSIONER

1. Introduction

1.1 Information matching - or data matching as it is called overseas - is an application of computer technology which carries particular privacy risks. Its use warrants careful scrutiny. Guidelines and rules have been developed and incorporated into law as part of the Privacy Act which seek to identif...

Drafting suggestions for departments preparing public register provisions

When legislation creating a public register of information about identifiable individuals is contemplated or being reviewed the information privacy implications need to be considered. This note discusses how legislative provisions might be drafted to resolve privacy problems. Careful attention must also be given to accompanying administrative or technical controls, which are not discussed in this note.

View the full guidance notes (8 p...

Information Privacy Principles

At the core of the Privacy Act are 12 information privacy principles that set out how agencies may collect, store, use and disclose personal information.

The Privacy Act uses the term "agency". An agency is any individual, organisation or business, whether in the public sector or the private sector. There are a few exceptions such as MPs, courts, and the news media. Generally, though, if a person or body holds personal information, they have to comply with the privacy principles. See t...

Statement to Assist Coroner

I have been asked to provide a statement concerning the application of the Privacy Act and the Health Information Privacy Code in situations such as that being inquired into by the coroner.

I have not read the evidence which has been given and so it is inappropriate for me to apply the law to the evidence given.

The Privacy Act 1993 establishes 12 information privacy principles which relate to the collection, storage, retention, use and disclosure of personal information - infor...

A Guide For Journalists

Requesting personal information from public sector agencies in matters of public controvers

Should the journalist make a request for access to official information?

Requests by journalists for information held by public sector agencies are requests for official information and are subject to the Official Information Act. They should be dealt with according to that Act. If the official information includes personal information, consider section 9(2)(a), Official Information A...

Using the cloud

Can businesses be confident client and staff information will be safe if they switch to cloud services? We've developed a privacy checklist to help you.

Privacy Impact Assessment Handbook

Use of privacy impact assessments is an effective way to better privacy risks and is increasingly being used here and internationally.

Effective website privacy notices

Giving notice to website visitors about how your agency collects and uses personal information is good practice. An effective approach to this task is to use a layered privacy notice, and we have recommended '10 Steps to develop a multilayered privacy notice' as a source of detailed information.

Now, based upon continuing collaboration with a small group of NZ agencies who are piloting the layered notice approach, the Office of the Privacy Commissioner has published 'Questions & An...

Health Information Privacy Fact Sheet 1 : Overview

Health Information Privacy Code 1994

The code regulates how health agencies (such as doctors, nurses, pharmacists, health insurers, Primary Health Organisations and District Health Boards) collect, hold, use and disclose health information about identifiable individuals.

Key concepts in the code

The two key concepts in the code are:

  • Purpose: Agencies must know why they are collecting health information and co...