11. Be a good data and information steward
- Collect data once to avoid duplication and ensure data and information is well governed across platforms, repositories and custodians.
- Make government information and data easily accessible to help support decision-making.
- Ensure that data is collected in a way so that it can easily be integrated and reused by others.
- Ensure that relevant standards, recordkeeping requirements, and digital preservation obligations are met.
Why it matters
New Zealand citizens need to have trust that government will look after their data and information well. Lack of trust in government systems is a disincentive to citizens providing data and information willingly and openly. Service users have a right to expect that their information is well governed and looked after for the entire lifetime of its use and retention.
For government-wide and sector-wide approaches to be enabled information and data classification, collection, description and storage needs to be standardised. Consistent metadata attribution, classification and tagging, supports:
- data being re-used and shared effectively
- system analytics and service intelligence being extracted and feeding back into systemic improvement of services
- consistent archiving and information retention and disposal being applied
- consistent security and privacy protocols being applied
- collect once and use many times approaches being implemented.
New Zealander’s data and information protection rights also need to be respected and understood when crossing jurisdictional boundaries, where other national or international legislative frameworks apply (for example, Australian Privacy Act, European Union: General Data Protection Regulations [UE GDPR], Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act [USA PATRIOT Act]). The same applies in the commercial context, ownership, reuse, sale or legislative control must reside with the government, not the third party service supplier.
How to meet this principle
At a minimum you need to describe:
- assessments of personal risk or safety of personal information of users collected for a service
- consideration of risks to individuals, and possibilities of re-integrating separated/anonymized data
- opportunities and obligations for safe data and information reuse, to improve services, do research, inform policy, etc
- your retention and disposal of data/information policies, and related information management practice and governance
- digital continuity plans for migration, storage and archiving of data/information
- the metadata models and tagging policies you use
Rules, requirements and directives to follow
- Public Records Act 2005 (16/F6) (Word)
- Public Records Act 2005 (16/F6) (PDF)
- Information and records management standard (16/S1) (Word)
- Information and records management standard (16/S1) (PDF)
- Implementation guide - Information and records management standard (16/G8) (Word)
- Implementation guide - Information and records management standard (16/G8) (PDF)
When managing public sector information and records, it is important to be aware of the many other legislative and regulatory frameworks affecting information and records management in New Zealand. Examples of other relevant Acts are the Contract and Commercial Law Act 2017, Evidence Act 2006, Local Government Act 2002, Official Information Act 1982, Local Government Official Information and Meetings Act 1987, and the Privacy Act 1993. These Acts and other relevant legislation are accessible on the New Zealand legislation website
- Information management guidance
- Best practice guidance for systems design (Records Toolkit)
- Data and information governance and maturity toolkit
- Data management guidance
- Digital transfer guidance
- File formats for digital transfers — what you need to know
- File format migration — considerations before you begin
- New Zealand data and information management principles
- Web curator tool