New Zealanders need to have trust and confidence in the way their information is being managed and used by government agencies. Agency obligations are defined in the 12 Information Privacy Principles that underpin the Privacy Act 1993.
The Privacy Act controls how 'agencies' (as defined in the Act) collect, use, disclose, store and give access to 'personal information'. This is defined as information about identifiable, living people.
The Act requires all agencies to have a privacy officer.
The Office of the Privacy Commissioner provides resources and information to help all agencies meet their obligations under the Act, including specific guidance on the 12 information privacy principles that underpin the Act.
Privacy codes of practice are issued by the privacy commissioner to guide practice and modify how the principles apply in specific situations, for example Health, telecommunications and credit reporting.
Additional guidance is provided for government agencies to help them improve their capability in managing personal information. The Government Chief Privacy Officer has issued core expectations that represent good practice for privacy management and governance in the State services.
A Privacy Maturity Assessment Framework has also been developed to help agencies assess their existing capability and implement appropriate improvements.
The personal information you collect and store is seen as an information asset, and by managing your processes and information security carefully, you can realise opportunities for delivering more effective and efficient services to make a real difference for New Zealanders.
By putting people at the centre of any design process whilst protecting their privacy and personal information you can:
- ensure services will meet their needs
- make them happier
- reduce the risk of complaints and safeguard your agency's reputation.
Privacy officers can:
- provide valuable insights about people who use your agency’s services
- prevent problems from arising, and save expense, or lost business in the future
- help maintain relationships in situations where there may be complaints.
Privacy Act and Privacy Principles
NZ government privacy guidance
Privacy management guidance—Dealing with privacy breaches and incidents, managing risks and tips on aligning customer centric processes and related privacy requirements.
Security and privacy management
There is a strong link between privacy and protective security measures, particularly in relation to managing the interactions between people and government.
Much of the risk management around security is related to protecting personal or protected information, as well as government assets.
The webtoolkit security and privacy management guidance covers:
- Foundations (governance, personal information and information classification)
- Establishing a risk profile
- Designing for security and privacy
- Related resources
Key organisations and people
The Office of the Privacy Commissioner works to develop and promote a culture in which personal information is protected and respected, in a world of evolving technologies. They publish:
- Information for agencies
- Getting started guidelines
- Blogs and education resources
The Chief Government Privacy Officer develops expectations, issues guidance and provides assurance to support public service to build capability in privacy and security management.
The role sits within the Government Chief Digital Officer's team.