Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Print | Email this page

Case Note 204195 [2009] NZPrivCmr 5 : Man objects to retention of information on Police database

A man discovered that the New Zealand Police had been informed that he had assaulted a young woman. The Police had noted the information on the National Intelligence Application, its main database. The man believed that the information was incorrect, and that the Police should not have retained it once he told them that it was incorrect. He asked the Police to delete it from the database.

The Police refused to remove the information from the database, since they believed it was correct. They also told the man that they could retain the information on their database indefinitely. The man then complained to us.

The complaint raised issues under principles 7 and 9 of the Privacy Act.

Principle 7

Principle 7 states, among other things, that:

(1) Where an agency holds personal information, the individual concerned shall be entitled -

(a) to request correction of the information; and
(b) to request that there be attached to the information a statement of the correction sought but not made.

The man and the Police had different views about the accuracy of the information. The Police therefore did not have to comply with the man's request to correct the information by removing it from the database. Instead, they attached a statement of correction to the database. The statement expressed the man's views that the information was incorrect. Any future reader or recipient of the information would therefore be able to see not only the original information, but also the fact that it was disputed.

Since the Police had attached the statement of correction to the database, they had not breached principle 7.

Principle 9

Principle 9 provides that:

An agency that holds personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used.

Most agencies do not have a lawful reason for keeping information indefinitely. However, the legitimate purpose of the Police database is to maintain a record of information to support the Police in their work of detecting, preventing, investigating and prosecuting crime. Where, as here, someone has alleged that a person has committed a criminal offence, the Police have an ongoing lawful purpose for retaining the information on their database.

The Police are still subject to the other privacy principles - such as the need to check accuracy of information before use, and to provide for access and correction on request. These are important protections for people's rights. However, retaining information did not breach principle 9 in this case.

We informed the man that the Police had not breached either principle 7 or principle 9. We then closed the file.

March 2009

Correction of personal information - Police - information about alleged assault on database - statement of correction attached - Privacy Act 1993, principle 7

Retention of personal information - Police - information about alleged assault kept on database - lawful purpose to use the information - Privacy Act 1993, principle 9

Back to top