Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Principle 5 states that organisations must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information.
If an organisation has a serious privacy breach it must notify the Office of the Privacy Commissioner as soon as possible (within 72 hours).
Further information
Case notes
Information privacy principle 5 | |||
Storage and security of personal information | |||
An agency that holds personal information must ensure— |
|||
(a) |
that the information is protected, by such security safeguards as are reasonable in the circumstances to take, against— |
||
(i) |
loss; and |
||
(ii) |
access, use, modification, or disclosure that is not authorised by the agency; and |
||
(iii) |
other misuse; and |
||
(b) |
that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information. |