Definitions
Definitions for words that have a specific meaning under the information sharing standard and guidance.
List of definitions
- Access
- The action of a government agency providing personal information to a non-government third party.
- Agency
- See ‘Public service agency’ and ‘State services agency’.
- Agreement
- Any form of legally binding agreement between a government agency and a non-government third party. For example, a contract, deed or information sharing agreement.
- Collection
- The action of a non-government third party providing personal information to a government agency.
- Conflict of interest
-
A conflict of interest arises if the non-government third party (or any of its staff or approved subcontractors) has personal or business interests or obligations that conflict or could conflict, or be perceived to conflict, with the access to or collection of personal information.
This conflict can result in the independence, objectivity or impartiality of either party (or both parties) being called into question.
Types of conflicts of interest:
- actual — where the conflict currently exists
- potential — where the conflict is about to happen or could happen
- perceived — where other people may reasonably think that a conflict exists.
The guidance on agency responsibilities will have more information about conflicts of interest. This will be available soon.
- Deed
-
A legal document that contains a binding promise or commitment, which can be used to:
- turn an existing arrangement into a legally binding agreement, or
- create a legally binding agreement when there is no ‘consideration’ (payment or benefit).
- Delivery of public services
-
The actions related to designing, providing, improving and measuring public goods and services in the public interest. These include services delivered by (or on behalf of) government for the benefit of New Zealanders.
The boundaries of what public services are is not fixed, with different boundaries applying in different locations at different times.
- Information sharing agreement
- An agreement between a government agency and a non-government third party that sets out the provisions both parties agree to before personal information is accessed, collected, or shared.
- Legal authority
-
The authority in a specific clause within an act or code of practice or other legal instrument that authorises personal information to be accessed, collected, or shared.
This definition is closely linked to the lawful purpose connected with a function or an activity of a government agency.
- Māori Data
-
As defined in the Māori Data Governance Model, Māori data refers broadly to data, information or knowledge (including mātauranga Māori) that is about, from or connected to Māori. It also includes data about the population, place, culture and environment. In the context of this standard, this includes personal information about individuals.
Māori Data Governance Model — Te Kāhui Raraunga
The guidance on sharing Māori data will have more information about agency responsibilities. This will be available soon.
- Must
- This is an absolute requirement.
- Non-government third party (third party)
-
Any organisation or individual outside the public and State services.
Public and State services are defined in section 5 of the Public Service Act .
Public Service Act : section 5 — New Zealand Legislation
For this standard, entities listed in sub-section 5(e) of the Act for the definition of State services are included as a State services agency.
There are 2 exceptions:
- 5(e)(v) organisations listed in Schedule 1 of the State-Owned Enterprises Act
- 5(e)(vi) tertiary education institutions.
These exceptions are defined as non-government third parties for the information sharing standard.
- Notifiable privacy breach
-
As defined in section 112 of the Privacy Act . Also see ‘Privacy breach’.
- Personal information
-
As defined in section 7 of the Privacy Act and in Codes of Practice issued under section 33 of the Privacy Act .
This definition includes all metadata — this is data generated about the personal information that is accessed or collected.
Privacy Act : section 7 — New Zealand Legislation
Privacy Act : section 33 — New Zealand Legislation
Personal information can include information that:
- does not directly identify an individual except in a specific context
- would identify an individual if combined with other information.
Know your personal information — Office of the Privacy Commissioner
- Privacy Act
-
The Privacy Act and any Codes of Practice or regulations issued under that Act is the legal framework to govern how personal information in New Zealand is collected, stored, used and shared.
Privacy Act — New Zealand Legislation
The information sharing standard outlines the requirements for government agencies and non-government third parties to follow. These requirements are in addition to the legal requirements of the Privacy Act and any Codes of Practice or regulations.
This standard is subordinate to the Privacy Act and no requirement of this standard overrides anything in the Privacy Act .
- Privacy breach
-
As defined in section 112 of the Privacy Act .
Privacy Act : section 112 — New Zealand Legislation
Government agencies and non-government third parties have the responsibility to prevent:
- the unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, personal information
- an action that prevents the agency or third party from accessing the information on either a temporary or permanent basis.
Information sharing agreements made under the standard have an objective to minimise the risk of a privacy breach. They need to be clear about what is required if there is a privacy breach.
- Public Records Act
-
The Public Records Act and any standards, instructions, advice or guidelines issued under that Act.
Public Records Act — New Zealand Legislation
Government agencies hold personal information to the requirements set out in the Public Records Act . These requirements can extend to non-government third parties who hold personal information, if those requirements are set out in an information sharing agreement.
- Public service agency
-
A public service agency is defined in section 10(a) of the Public Service Act . Public service agencies are departments, departmental agencies, interdepartmental executive boards and interdepartmental ventures.
Public service agencies must adopt this standard and use this guidance.
- Relationship
- A recognised connection or association between 2 or more entities, where each entity has a set of rights and responsibilities.
- Risk assessment
-
An agency process, method or tool used to determine the level of risk to manage and control in a specific information sharing situation.
A risk assessment considers the:
- operating context and controls available
- personal information to be accessed or collected
- parties involved.
- Schedule
-
A document that is appended to an information sharing agreement, that outlines specific details related to executing that information sharing agreement.
A schedule can be updated by mutual agreement between the parties to the information sharing agreement as circumstances change.
A schedule could be, for example, an inventory, list or documented process.
The guidance on legally binding agreements will have more information about schedules. This will be available soon.
- Sharing
- The action to provide personal information, including the secure transfer of personal information between 2 or more parties.
- Should
- This indicates a recommended course of action that may be ignored under certain conditions.id However, the reasons to ignore and the full implications of ignoring it must be understood and carefully weighed.
- State services agency
-
A State services agency is defined in section 5 of the Public Service Act .
State services agencies are encouraged to adopt this standard and use this guidance.
Contact us
For further information, to ask questions or give feedback, email the Government Chief Digital Office (GCDO).
Email: gcdo@dia.govt.nz
Utility links and page information
Last updated
