Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Show items from between:

Latest in Guidance resources

Displaying 21 - 40 of 49

Keep your information safe

Keeping Your Information Safe: This is a set of five advice cards to help people keep their information safe.

Comprehensive Credit Reporting Fact Sheet

This fact sheet outlines, and provides links to, resources from overseas on the case for comprehensive credit reporting and associated issues arising in the transition from a negative to a positive system.

Seasonal privacy tips

Some seasonal privacy tips on how to keep your personal details safe over the holiday period from the Office of the Privacy Commissioner:

  • When shopping on-line, you can limit the risk of someone stealing your credit card details and racking up huge purchases by having a separate, low-limit credit card.

  • You can a get a free copy of your credit record (once a year) to check for accuracy and that nobody is applying for credit in your name. (Visit

Fact Sheet on Part 11A of the Privacy Act 1993: Transfer of Personal Information outside New Zealand

The Privacy (Cross-border Information) Amendment Act 2010, which commenced on 8 September 2010, inserted a new Part 11A (Transfer of Personal Information outside New Zealand) into the Privacy Act 1993.

The objective of Part 11A is to empower the Privacy Commissioner in exceptional cases to prohibit the onward transfer of personal information received from overseas. The power to prohibit transfers is intended to meet the expectations of NZ's trading partners whose own laws limit cross-b...

Information Notice Credit Reporting Privacy Code Amendment No 3

The Privacy Commissioner has recently issued the Credit Reporting Privacy Code Amendment No 3, as notified in the Gazette. The amendment was publicly consulted on in 2009 and will come into force on 22 February 2010.

The Code anticipated a full review two years after it became fully operational. Please note that the Commissioner is undertaking that general review of the code at the present time. This amendment does not arise from that review. Any proposed changes arisi...

Guidance material for Health Practitioners on Mental Health information

Providing mental health services to consumers while recognising their rights to privacy under the law can present unique challenges. Attached are some guidelines, prepared by the Office of the Privacy Commissioner and Mental Health Commission, examining ways in which the sometimes complex balance between private and public interests can be maintained.

Checklist for Ministers and departmental officials

Has the Minister received a request for access to official information?

This may depend on whether it is comment or information already in existence that is requested. A request for information such as a report, memorandum or policy is an official information request and subject to the Official Information Act.

If the Minister is asked to comment on an issue rather than to provide specific information, the request may not be a request for official information. Principle 11 could...

A Guide to the Privacy Act 1993

Personal information held by agencies

The Privacy Act controls how 'agencies' collect, use, disclose, store and give access to 'personal information'.
The privacy Codes of Practice do the same, but they apply to specific areas - particularly health, telecommunications and credit reporting.

Personal information is information about identifiable, living people.

Almost every person or organisation that holds personal information is an 'agency'. So, for...

Guidance Note to Applicants seeking Exemption under Section 54 of the Privacy Act 1993

This guidance note is intended to assist anyone who may be contemplating applying under section 54 of the Privacy Act for an exemption. It has no formal legal status and in all cases persons are referred to the wording of section 54 of the Act itself (the text of which is appended to this note).

1.0 Introduction

1.1 Section 54 of the Privacy Act empowers the Privacy Commissioner to authorise an agency to collect, use or disclose personal information even though th...

Guidance Note on Codes of Practice under Part VI of the Privacy Act

1.0 Introduction
2.0 Nature of Codes of Practice
3.0 Consultation
4.0 Operational Procedures
5.0 Format
6.0 General Content
7.0 Detailed Content
8.0 The Privacy Commissioner's Involvement
9.0 Further Information
10.0 Guidelines Kept Under Review
Appendix A Formulation of a Code of Practice
Appendix B Preferred style for Codes of practice


1.1 This note considers codes of practice as provided for in the Priv...

Guidance Note for Departments Seeking Legislative Provision for Information Matching

Information Matching Privacy Impact Assessments

16 May 2008


1. Introduction

1.1 Information matching - or data matching as it is called overseas - is an application of computer technology which carries particular privacy risks. Its use warrants careful scrutiny. Guidelines and rules have been developed and incorporated into law as part of the Privacy Act which seek to identif...

Drafting suggestions for departments preparing public register provisions

When legislation creating a public register of information about identifiable individuals is contemplated or being reviewed the information privacy implications need to be considered. This note discusses how legislative provisions might be drafted to resolve privacy problems. Careful attention must also be given to accompanying administrative or technical controls, which are not discussed in this note.

View the full guidance notes (8 p...

Information Privacy Principles

At the core of the Privacy Act are 12 information privacy principles that set out how agencies may collect, store, use and disclose personal information.

The Privacy Act uses the term "agency". An agency is any individual, organisation or business, whether in the public sector or the private sector. There are a few exceptions such as MPs, courts, and the news media. Generally, though, if a person or body holds personal information, they have to comply with the privacy principles. See t...

Statement to Assist Coroner

I have been asked to provide a statement concerning the application of the Privacy Act and the Health Information Privacy Code in situations such as that being inquired into by the coroner.

I have not read the evidence which has been given and so it is inappropriate for me to apply the law to the evidence given.

The Privacy Act 1993 establishes 12 information privacy principles which relate to the collection, storage, retention, use and disclosure of personal information - infor...

A Guide For Journalists

Requesting personal information from public sector agencies in matters of public controvers

Should the journalist make a request for access to official information?

Requests by journalists for information held by public sector agencies are requests for official information and are subject to the Official Information Act. They should be dealt with according to that Act. If the official information includes personal information, consider section 9(2)(a), Official Information A...

Using the cloud

Can businesses be confident client and staff information will be safe if they switch to cloud services? We've developed a privacy checklist to help you.

Privacy Impact Assessment Handbook

Use of privacy impact assessments is an effective way to better privacy risks and is increasingly being used here and internationally.