Published
Guidance is now available to help government agencies to implement the ‘Standard for providing non-government third parties with access to, or collection of, government-held personal information’.
A risk-informed approach
Before sharing personal information, government agencies need to assess the risks and determine if a legally binding agreement is required.
This guidance helps agencies to, for example:
- implement the standard when sharing personal information to deliver public services
- work with non-government third parties if a legally binding agreement is required
- record protections in sharing agreements and get assurance they are working properly
- choose model clauses for a legally binding agreement from a template.
Subject matter experts from a range of government agencies that share personal information helped to create this guidance.
Who this guidance is for
This guidance will help all:
- public service departments and departmental agencies that are required to implement this standard
- state services agencies who want to implement the standard.
Guidance topics and links
- Purpose and scope — of the standard and guidance.
- Definitions — for words that have a specific meaning in the context of the information sharing standard.
- Agency responsibilities — when sharing personal information with third parties.
- Sharing Māori data — agency responsibilities when sharing Māori data with third parties.
- Due diligence — factors to inform an agency’s due diligence process.
- Risk assessment guidance — how to do a proportional agency risk assessment and the areas to cover.
- Assurance — the assurance measures and requirements.
- Legally binding agreements — when they are needed and what they must include.
- Template of model clauses — examples of legally binding clauses to use in an agreement.
Read the information sharing standard
Contact us
Email: gcdo@gdda.govt.nz
Published
31 October 2025
