The complainant was the holder of an Internet domain name. He registered the name first with the University of Waikato and then with Domainz, the company that took over the operation and administration of domain name registration in New Zealand.

The complainant learned that Domainz had made personal information about the complainant, including his address, available through its website. The complainant claimed that this was an interference with his privacy.

The complaint was based on alleged breaches of information privacy principles 3, 10 and 11.

Principle 3

This principle provides that where an agency collects personal information directly from the individual concerned, the agency shall take any such steps as are reasonable in the circumstances, to ensure that the individual concerned is aware of, among other matters, the purpose for which the information is being collected, and the intended recipients of the information.

The information collected by Domainz had been provided by an Internet Service Provider (ISP) with the complainant's authority. The ISP had previously collected the information directly from the complainant. Principle 3 applies at the time the information is collected from the individual and was therefore relevant to the actions of the ISP, not those of Domainz.

Even if principle 3 had applied to Domainz, the company had taken steps to provide the ISP with the information required under principle 3. When Domainz took over administration of domain names, it adopted a policy of contacting every current domain name holder and requesting each of them to re-register on the conditions under which Domainz operated. Full details were given about the way Domainz would use the information about domain name holders and these conditions were published on Domainz's website. Also all individual holders were contacted, usually through their ISPs.

Principles 10 and 11

Principles 10 and 11 limit the way personal information may be used and disclosed. Both principle 10 and principle 11 provide that an agency may use and disclose information in certain circumstances. An agency may use and disclose information where the agency believes on reasonable grounds that the use or disclosure of the information was one of the purposes, or is directly related to a purpose, for which the information was obtained (principle 10(e) and principle 11(a)).

In this case, I was satisfied that Domainz's policy had always been to make the information available through its website, as was stated in the conditions of registration. Using and disclosing the personal information in this way was one of the purposes for collecting it. Further, Domainz advised me that when Waikato University had registered domain names, personal details of domain name holders were made available through the Internet.

I considered there was no breach of privacy principles 3, 10 and 11.

_Indexing terms: Collection of personal information - Internet Registry - Purpose for which collected - Not collected from individual - Information privacy principle 3
Use of personal information - Internet Registry - Clearly stated policy followed - Information privacy principle 10(e)
Disclosure of personal information - Internet Registry - Clearly stated policy followed - Information privacy principle 11(a)_

June 2001