Skip to main content

DPUP terminology

These key terms will help agencies understand the Data Protection and Use Policy (DPUP).

Table 1: Common DPUP terms

Term Definition


Government agencies, non-governmental organisations (NGOs) and other providers of services.

Aggregated information

Can mean 2 different things, depending on how it’s used. Aggregated information can be either:

  • summarising information by adding it together into statistics — for example, by counting the number of service users accessing a service over a period of time
  • larger collections of information produced by taking multiple sources of information and putting them all together — in other words, adding or 'aggregating’ them together.

Aggregated information can be personal (still contains people’s identifiers in some form) or non-personal.

Consent vs. choice

Consent is given when a person voluntarily agrees to something based on a good understanding of the consequences. However, consent can have specific definitions in fields such as medicine, research and law. For this reason, DPUP uses a plainer word — choice — and focuses (in part) on the processes that help give people choices and enable them to act on those choices.


Data can be defined in several ways, such as:

  • most simply as facts or information used to analyse or plan something, which traditionally has meant facts and figures
  • in the wider sense — as data sources and analytical approaches have become richer, data can take the form of numbers, stories, research, and analyses of these for greater understanding.


Information that could identify an individual — like names, dates of birth and addresses — has been removed. Numbers that can be used to identify people, like IRD and National Health Index (NHI) numbers, are removed or encrypted (replaced with another number).


Non-personal information, including data and data sets, analysis, qualitative or quantitative information, statistics, research, reports or studies, that may support improved decision making.


Information privacy principle. Refers to any of the 13 key privacy principles in the Privacy Act 2020.

The privacy principles: overview — Privacy Commissioner

Layered privacy statement

A privacy statement that a person can choose to view at a number of different levels, starting with a summary and offering greater detail for people who would like to see it.


Non-governmental organisation — refers to social sector organisations that support people facing challenges, such as welfare, health, education, justice, child wellbeing, housing, and disability support services. Examples include the Salvation Army, Barnardos, and Presbyterian Support. There are thousands of such organisations in New Zealand.

Non-personal information

Non-personal information is information that does not identify people and that cannot be used, even if combined with other information, to identify individual people.


The Office of the Privacy Commissioner. See their website to learn more about OPC, the Privacy Act 2020 and other aspects of privacy.

Office of the Privacy Commissioner

Personal information

Information about identifiable individuals, which is the same meaning as in the Privacy Act 2020.

Subpart 2 of the Privacy Act 2020 — Parliamentary Counsel Office

It includes information relating to a death that is maintained by the Registrar-General under the Births, Death, Marriages, and Relationships Registration Act 1995 or any former Act (as defined in section 2 of the Births, Deaths, Marriages, and Relationships Registration Act 1995).

Privacy statement

A privacy statement or privacy notice is an external statement addressed to anyone whose personal information is handled by an agency. It must be provided when an agency collects personal information from an individual.

A privacy statement should include:

  • who the agency is and its contact information
  • a purpose statement, including: what personal information is collected, directly and indirectly, and how the agency will use the personal information
  • how the personal information is collected
  • who the agency will share the personal information with
  • if a law requires or authorises the collection of personal information, what the law is and whether collection is voluntary or mandatory
  • what the consequences are for the individual if any or all of the requested personal information is not provided
  • how the behaviour of website users is monitored
  • how individuals can access and correct their personal information.

Purpose statement

A purpose statement explains why you need to collect or use someone’s information. The information in a purpose statement is often reused in:

  • privacy statements or notices
  • consent forms
  • privacy impact assessments
  • leaflets for service users
  • partnering agreements and contracts.


Studying a topic, analysing a topic, exploring or researching.

Service delivery organisation

An agency responsible for direct delivery of services to service users. This includes agencies like the Ministry of Social Development (MSD) and the Accident Compensation Corporation (ACC), and organisations like the Salvation Army. It does not include agencies like the Social Wellbeing Agency that do not deliver services directly to service users.

Service provider

Another term for service delivery organisation.

Service user

A member of the public who applies for, receives or otherwise uses services delivered by service providers.

Social sector

The social sector is made up of government agencies, NGOs and other service providers to support New Zealanders’ wellbeing across a range of areas — such as welfare, education, health, justice, child wellbeing, housing and disability support services.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated