How do I avoid a privacy complaint?
The best way to avoid a privacy complaint is to ensure you are complying with your obligations under the Privacy Act. To begin with you should appoint a Privacy Officer (either a member of staff, a volunteer, or an external professional) to help make sure that you are complying with the Act. For information on these obligations, familiarise yourself with the Privacy Act’s privacy principles. OPC also has free e-learning modules to explain the Privacy Act.
If you are running a business or organisation, here are some simple steps you can take to reduce the risk of complaints:
- Be open about the purpose for which you are getting information. You should do this both for your customers and employees. Then they won't be taken by surprise when you use the information. If you need a privacy statement - see Priv-o-Matic.
- Tell people if you're going to pass the information on to anyone else (and maybe tell them why this is necessary). Again, this means they won't be taken by surprise, and they're less likely to object. You should do this when you collect the personal information.
- If someone asks for access to their personal information, give it to them promptly, unless a good reason exists to not release the information. The only good reasons not to release are those withholding grounds set out in sections 49 - 53 of the Privacy Act 2020(external link).
- Don't collect more information than is necessary for that purpose. Information is costly to store. The more you have, the more you have to keep up to date. And the more you have, the more likely mistakes are to happen.
- Don't use the information for other purposes, it annoys people.
- Have a plan in place to check that information is correct before using it. People are quick to complain if they think that you've used wrong information. If a person thinks the information is wrong and you don't, put their letter, or record their views, on the file. This way, at least their view is taken into account.
- Make sure that the information is stored securely. A lot of damage can be done by sensitive information getting into the wrong hands.
- Reduce the risk of a privacy breach or accidental disclosure and have a plan in place in case something goes wrong. There’s helpful guidance on our website.
- If you have a serious privacy breach, you must notify the Privacy Commissioner and must consider whether to notify affected individuals. You can use our online tool NotifyUs to check whether a privacy breach is serious and needs to be notified to OPC.
If you have any specific questions about a policy you have or a decision about personal information that you have to make, or are concerned about a privacy breach or accidental disclosure of information, contact our enquiries team by email - enquiries@privacy.org.nz - for more detailed guidance.
Updated December 2020