Principle 1. Personal information can only be collected when it's necessary to achieve a legitimate agency function.

Owners and managers of websites or services should review all forms that require users to provide any type of personal data to ensure the forms only require data necessary for meeting the purpose for which the form was designed.

Collection of data for analytics and use of cookies should also use no more data than required. 

More about Principle 1

Principle 2. Personal information should be collected directly from the person concerned.

Principle 2 can be met through the use of robust, secure authentication and consent processes, and ideally integration with RealMe.

Authentication systems not using RealMe should be tested for flaws which are known to allow unauthorised access to other users’ data.

Agencies should engage a security panel vendor for this purpose.

RealMe

Security and Related Services Panel

More about Principle 2

Principle 3. People should be made aware of what is collected, why it is collected, how it will be used, and their right to review and correct it.

Agencies can meet Principle 3 by fully complying with section 2.4 of the NZ Government Web Usability Standard.

This standard outlines the required content of a Privacy Statement for each website or service.

Additionally, where user information is stored on a server accessible from the public domain, agencies should outline how information is protected but state that risk is ever-present on the web, and allow users to acknowledge acceptance via checkbox or similar.

NZ Government Web Usability Standard

More about Principle 3

Principle 4. Agencies can only collect information from people in a way that is fair and legal.

The Privacy Statement (refer to No 3 above) should comprehensively describe the collection of information.

It should also describe the collection and use of all behind-the-scenes data, such as data collected for analytics purposes or data collected from cookies.

More about Principle 4

Principle 5. Personal information should be protected with safeguards that are considered reasonable, to prevent loss, disclosure or misuse.

For measures to secure personal data stored on web systems, see:

Establish a risk profile

Designing for security and privacy

More about Principle 5

Principle 6. Where personal information is held, the person concerned has the right to seek confirmation that an agency holds their personal information, and the right to access it.

There are a number of provisions related to this principle.

Principle 6 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service.

NZ Government Web Usability Standard

More about Principle 6

Principle 7. People have the right to ask that their personal information is corrected, and an agency holding their personal information must take reasonable steps to make sure it is up-to-date, accurate and not misleading if requested.

Principle 7 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service.

It also requires the publication of contact details for this purpose, and agencies should be responsive to such requests.

NZ Government Web Usability Standard

More about Principle 7

Principle 8. An agency holding personal information must not use that information without taking reasonable steps to ensure that it is up-to-date, accurate and not misleading.

At the least, where agencies are holding user data, users should be given opportunities to review and advise of any updates to that data. 

More about Principle 8

Principle 9. Personal information cannot be kept for longer than is required for the purposes for which the information is to be used.

Managers of sites and services should ensure that personal information is held only as long as required to deliver an online function or service. Users should also be informed via the privacy statement that they can request that their information be deleted. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.

More about Principle 9

Principle 10. In most circumstances, personal information collected for one purpose cannot be used for any other purpose without the permission of the person concerned.

This can be viewed in terms of privacy domains — personal information cannot flow from one privacy domain to another without consent.

Agencies should review online systems to ensure that personal information is not re-used for purposes other than that for which it was supplied. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.

More about Principle 10

Principle 11. Personal information cannot normally be disclosed to other parties unless it is for the purposes of fulfilling the function for which it was provided.

Agencies should ensure that personal information held online is secured in accordance with this guidance and the principles of the NZISM.

Hosting agreements (whether internally or externally hosted) should explicitly preclude access to personal information by any unauthorised party.

More about Principle 11

Principle 12. People cannot be assigned unique identifiers unless it is necessary for the agency to perform its legal functions efficiently.

You should ensure that any identifiers are only used to enable particular functions necessary for the operation of the site or service, and ensure that analytic data is anonymised, secured from unauthorised access and only used for the purpose of understanding usage of a site or service.

You should consider the benefits that RealMe offers in providing protection to user privacy.

More about Principle 12

Other considerations

The context in which information is supplied can affect the sensitivity of that information. While many people may not be concerned about information such as their street address (for example as published in a phone book), this may be very sensitive information to disclose for a person under a Domestic Protection Order, or for reasons best known to them. These considerations should be taken into account when determining the risk impact of a breach.

You should inform users about measures taken to protect their information, and ask them for their consent before storing any information on your agency web server.

Agencies storing in-confidence information on a web server should be aware of the aggregation effect: larger collections of information invariably present a bigger risk than each individual piece of such information. Substantial collections of in-confidence information require higher levels of protection and assurance. In these circumstances, agencies should consult their IT Security Manager (ITSM) or Chief Information Security Officer (CISO).

Security and privacy governance

Privacy Toolkit

The Privacy Toolkit on the Public Sector Intranet has guidance and tools to help people working for government agencies to manage privacy at an organisational level.

Privacy Toolkit

Email psi@dia.govt.nz if you don't have access to the Public Sector Intranet.