A real key to getting privacy right is to identify your purpose for collecting or using personal information - and to stick to that purpose.
Your purpose is the outcome you are trying to achieve: for instance, delivering a service or product or employing someone to do a particular job.
Identifying your purpose clearly will allow you up to make good decisions about collecting and using personal information when you start putting your project into action. For instance:
If you don't know what your purpose is, you won't be able to explain it to anyone else!
If your purpose changes, or you want to use the personal information you have collected for an extra, unrelated purpose, you are likely to need the agreement of the people you collected it from.
The word 'agency' refers to almost anyone who holds personal information about others. Agency responsibilities are therefore your responsibilities.
Accuracy of personal information
Before you use personal information, you should take steps to check that it is accurate, up-to-date, complete, relevant and not misleading.
Incorrect information isn't any use to you, and it could lead you (or others) to make wrong decisions about the person involved.
[To read the law about this, click through to Privacy Principle 8]
Access to personal information
People have a right to access the personal information you hold about them. You should keep personal information in a way that is easily retrievable so you can:
There are sometimes good reasons for refusing to give a person access to information about themselves. There are strict timeframes for making decisions. If you are in the private sector, you may be able to charge for making information available.
[To read the law about this, click through to Privacy Principle 6]
Correction of personal information
People can ask you to correct their personal information if they think it is wrong. Tell them to let you know if the information is wrong - this is an easy way to ensure your information is up to date.
Even if you do not think a correction is justified, record that the person asked you to correct the information, and note exactly what they thought was wrong. Attach that record to the person's information so that everything is together. Knowing what the person thinks will help you (and anyone who looks at the record later) to make better decisions.
[To read the law about this, click through to Privacy Principle 7]
Holding on to personal information
Don't keep personal information for longer than is needed to achieve your purpose. Think about how long you need to keep it for.
[To read the law about this, click through to Privacy Principle 9]
Secure storage of personal information
Make sure that you hold and use personal information in a safe and secure way and that you dispose of it securely when you have finished with it. Security includes having good policies and training your staff to handle information properly.
Think about how you will keep documents secure - for instance, do you need a locked cabinet for physical documents? Who has access to your records storage? Do you need password protection or encryption for electronic documents or equipment? Don't forget to look after information in transit - for instance, if you have an e-commerce site, have you got a secure channel for payments?
[To read the law about this, click through to Privacy Principle 5]
For guidance on security of portable storage devices like USB sticks and laptops, go to our guidance on the use of personal storage devices.
Whenever you get personal information deliberately, you are 'collecting' it. If you collect personal information, you need to do so fairly. There's nothing that alienates people more than feeling they've been treated unfairly.
And it's not hard to get it right. Here are some tips.
Only collect information you need
Check back to your purpose. Are you only collecting information that you need to carry out that purpose?
[To read the law about this, click through to Privacy Principle 1]
Collect information directly from the person
It's nearly always best to get information directly from the person concerned. Start from that presumption. Then the person will know what information you've got and what you're doing with it - they're far less likely to be surprised or upset.
Sometimes you do need to get information from others. Often, you have to get the consent of the person concerned before you do so (for instance if you're checking job references, or doing a credit check). Occasionally, though, it's impracticable to get the information from the person directly or get their consent. Or it might thwart your purpose if you let them know you're getting information about them.
[To read the law about this, click through to Privacy Principle 2]
Make sure you collect personal information in a way that is lawful, fair and not unreasonably intrusive. For instance, covert surveillance is usually not allowed.
[To read the law about this, click through to Privacy Principle 4]
Tell people about what you are doing
Think about how and when you're going to tell the person what's happening with their information.
Again, sometimes you don't need to tell the person these things. But usually you should.
[To read the law on this, click through to Privacy Principle 3]
Limit new purposes
As a general rule, only use personal information for the purpose for which you collected it. People get upset when you use their information for purposes that they hadn't anticipated. And you risk losing your good name and the trust of your clients. Breaches of privacy can also cost you money.
There are circumstances under which you can use personal information for a new purpose. The most obvious circumstances is where you have got the permission of the person you collected the information from.
[To read the law about this, click through to Privacy Principle 10]
Control access to personal information
It's a good idea to limit or control how people within your organisation can use personal information. Make sure they know what they can and can't do. Keep information secure.
Personal information is a useful and valuable commodity. Other people or organisations may want to use the personal information you have collected, rather than collecting it from the individual themselves. You need to be careful about allowing disclosures of information outside your organisation, unless this is the purpose for which you got it, or the person involved has allowed you to do so.
There are some circumstances when you can disclose personal information to another person or organisation even if the person involved does not consent.
[To read the law about this, click through to Privacy Principle 11]
Once you no longer need the personal information for the reason you collected it, dispose of it securely so that no-one can retrieve it. Check it can't be linked back to an individual.
Think about things like:
What are the most significant privacy risks in your business? Privacy risks are likely to fall into one of these key areas. Consider each category and list the risks you can think of:
Think too about how you can reduce the risk of someone's privacy being compromised.
If you're unsure about your risks, the Privacy Commissioner's enquiries staff may be able to help.
It can be useful to present risks in the form of a table. Update the table periodically.
Summary of Privacy Risks and Mitigations
|*||Type of Risk||Risk||Mitigation(s)|
|1||Purpose||Individuals may not
know why we are
and what happens to
|We have an information use
statement and privacy
notice available on our
website, and in print form
at our office
|A disk containing
personal files may
|All disks are encrypted, and
kept in a secure place.
Disks cannot be taken
|3||Use of information||Employees may
personal files for
|Only authorised people have
permissions to access
personal files. Run an audit
programme to identify who
has accessed which files at
what time and spot any
irregular or unusual uses
|We are getting new
getting rid of the
|Once information is
transferred to our new
computers, the old
computer drives will be
Link to the Privacy Act for the authoritative legislation.