Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Personal information is a useful and valuable commodity. Other people or organisations may want to use personal information you have collected through your organisation, rather than collecting it themselves.
Below are guidelines for using and disclosing personal information:
Before you use personal information, check that it’s accurate, up-to-date, complete, relevant and not misleading.
Incorrect information isn't any use to you, and it could lead you to make wrong decisions about the person involved.
Privacy principle 8 governs the accuracy of personal information.
The Privacy Act doesn’t specify how long you can keep personal information – only that agencies shouldn’t keep information for longer than they need it.
Your agency can set its own policies. It can be expensive to store and secure large quantities of information. Holding more information means a greater risk of a privacy breach. However, retaining key information can be helpful, for example if a customer returns to your service.
Privacy principle 9 governs the retention of personal information.
Disposing of personal information
Dispose of personal information securely so that no-one can retrieve it.
For example:
Generally, only use personal information for the purpose for which you collected it. People get upset if you use their information without their knowledge or permission, and you risk losing their trust.
There are circumstances under which you may be able to use personal information for a new purpose, for example:
Privacy principle 10 governs the use of personal information.
Be careful about disclosing personal information to people, both inside and outside your agency. You can only do this in some situations, such as when:
Privacy principle 11 governs disclosure of personal information.
A business or organisation may only disclose personal information to another organisation outside New Zealand if the receiving organistion:
Privacy principle 12 governs sending information overseas.
A business or organisation may only use a unique identifier (such as a driver licence number) where it is necessary. They must take reasonable steps to protect unique identifiers from misuse.
Privacy principle 13 governs unique identifiers.