Principle 1 — Purpose for collection of personal information

Owners and managers of websites or services should review all forms that require users to provide any type of personal data to ensure the forms only require data necessary for meeting the purpose for which the form was designed.

Collection of data for analytics and use of cookies should also use no more data than required. 

More about Principle 1 — Purpose for collection of personal information (Privacy Commissioner)

Principle 2 — Source of personal information

Principle 2 can be met through the use of robust, secure authentication and consent processes, and ideally integration with RealMe.

Authentication systems not using RealMe should be tested for flaws which are known to allow unauthorised access to other users’ data.

Agencies should engage a security panel vendor for this purpose.

RealMe

Security and Related Services Panel

More about Principle 2 — Source of personal information (Privacy Commissioner)

Principle 3 — Collection of information from subject

Agencies can meet Principle 3 by fully complying with section 2.4 of the NZ Government Web Usability Standard.

This standard outlines the required content of a Privacy Statement for each website or service.

Additionally, where user information is stored on a server accessible from the public domain, agencies should outline how information is protected but state that risk is ever-present on the web, and allow users to acknowledge acceptance via checkbox or similar.

NZ Government Web Usability Standard — Section 2.4 Privacy

More about Principle 3 — Collection of information from subject (Privacy Commissioner)

Principle 4 — Manner of collection of personal information

The Privacy Statement (refer to Principle 3) should comprehensively describe the collection of information.

It should also describe the collection and use of all behind-the-scenes data, such as data collected for analytics purposes or data collected from cookies.

More about Principle 4 — Manner of collection of personal information (Privacy Commissioner)

Principle 5 — Storage and security of personal information

For measures to secure personal data stored on web systems, see:

• Establish a risk profile
• Designing for security and privacy.

More about Principle 5 — Storage and security of personal information (Privacy Commissioner)

Principle 6 — Access to personal information

There are a number of provisions related to this principle.

Principle 6 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service.

NZ Government Web Usability Standard — Section 2.4 Privacy

More about Principle 6 — Access to personal information (Privacy Commissioner)

Principle 7 — Correction of personal information

Principle 7 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service.

It also requires the publication of contact details for this purpose, and agencies should be responsive to such requests.

NZ Government Web Usability Standard — Section 2.4 Privacy

More about Principle 7 — Correction of personal information (Privacy Commissioner)

Principle 8 — Accuracy of personal information to be checked before use or disclosure

At the least, where agencies are holding user data, users should be given opportunities to review and advise of any updates to that data.

More about Principle 8 — Accuracy of personal information to be checked before use or disclosure (Privacy Commissioner)

Principle 9 — Agency not to keep personal information for longer than necessary

Managers of sites and services should ensure that personal information is held only as long as required to deliver an online function or service. Users should also be informed via the privacy statement that they can request that their information be deleted. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.

More about Principle 9 — Agency not to keep personal information for longer than necessary (Privacy Commissioner)

Principle 10 — Limits on use of personal information

This can be viewed in terms of privacy domains — personal information cannot flow from one privacy domain to another without consent.

Agencies should review online systems to ensure that personal information is not re-used for purposes other than that for which it was supplied. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.

More about Principle 10 — Limits on use of personal information (Privacy Commissioner)

Principle 11 — Limits on disclosure of personal information

Agencies should ensure that personal information held online is secured in accordance with this guidance and the principles of the NZISM.

Hosting agreements (whether internally or externally hosted) should explicitly preclude access to personal information by any unauthorised party.

More about Principle 11 — Limits on disclosure of personal information (Privacy Commissioner)

Principle 12 — Disclosure of personal information outside New Zealand

You may only send personal information to organisations or people outside New Zealand if they meet the criteria for Principle 12 — Disclosure of personal information outside New Zealand.

If the criteria do not apply, you can only make a cross-border disclosure with the permission of the person whose personal information you want to send. You'll need to make it clear to this person that their information may not be given the same protection as provided by New Zealand's Privacy Act 2020.

More about Principle 12 — Disclosure of personal information outside New Zealand (Privacy Commissioner)

Principle 13 — Unique identifiers

Unique identifiers are forms of identification, such as numbers or references given to people by agencies. Some examples are IRD numbers, passport numbers and driver licence numbers.

You should ensure that any identifiers are only used to enable particular functions necessary for the operation of the site or service. Make sure that analytic data is anonymised, secured from unauthorised access and only used for the purpose of understanding usage of a site or service.

You should consider the benefits that RealMe offers in providing protection to user privacy.

More about Principle 13 — Unique identifiers (Privacy Commissioner)

Other considerations

The context in which information is supplied can affect the sensitivity of that information. While many people may not be concerned about information such as their street address (for example, as published in a phone book), this may be very sensitive information to disclose for a person under a Domestic Protection Order, or for reasons best known to them. These considerations should be taken into account when determining the risk impact of a breach.

You should inform users about measures taken to protect their information, and ask them for their consent before storing any information on your agency web server.

Agencies storing in-confidence information on a web server should be aware of the aggregation effect: larger collections of information invariably present a bigger risk than each individual piece of such information. Substantial collections of in-confidence information require higher levels of protection and assurance. In these circumstances, agencies should consult their Information Technology Security Manager (ITSM) or Chief Information Security Officer (CISO).

Security and privacy governance

Privacy resources

For more advice, guidance and tools to help government agencies manage their privacy, see the rest of the privacy section on Digital.govt.nz.

Privacy

Privacy Act 2020

Read the Privacy Act 2020 in full.

Privacy Act 2020 — Parliamentary Counsel Office