Skip to main content

Why DPUP was developed

The Data Protection and Use Policy (DPUP) was developed by the Social Wellbeing Agency to provide a shared set of rules for the respectful, trusted and transparent use of personal information.

Developing DPUP

DPUP was developed to provide both government agencies and non-governmental organisations (NGOs) with clear guidance about what’s reasonable, and what’s not, when collecting or using people’s personal information. Creating and maintaining authentic relationships, and trust, with different communities is important.

Developing DPUP involved broad engagement with a diverse range of people from a variety of agencies and communities. The engagement aimed to understand their view of what agencies need to do to:

  • establish and maintain respectful use of people’s information
  • build trust and confidence between people and agencies.

DPUP’s Principles and Guidelines were created from their thoughts, ideas, experiences and viewpoints.

Data Protection and Use Policy — Social Wellbeing Agency

Refining the Principles and Guidelines 

The engagement produced many ideas and suggestions about what the policy required. Once refined, these became DPUP’s 5 Principles and 4 Guidelines. The Principles are the values and behaviours behind collecting and using personal information that should be part of an agency’s culture. The Guidelines are the key topics and processes that will help agencies put the Principles in place.

The He tāngata Principle sprang from the community design sessions and has a special role. It wraps around DPUP as a whole. It is a reminder that everything an agency does with personal information should be with the following question in mind: “How does this contribute toward the wellbeing of the individual, or community?”.

To learn more about the engagement results, ‘What you told us’ and ‘From Listening to Learning’ on the Social Wellbeing Agency website provides more detailed information.

Revising the Privacy Maturity Assessment Framework

In 2021, the Government Chief Privacy Officer revised the Privacy Maturity Assessment Framework (PMAF). This revision put a greater focus on the:

  • people who provide information to agencies
  • diverse responsibilities that contribute to good privacy maturity
  • relationship between good privacy practice, good service delivery and agencies’ duty to build and maintain public trust.

DPUP fits well with this shift.

Privacy Maturity Assessment Framework (PMAF) and self-assessments

Working with other laws and guidance

DPUP provides good-practice advice about the collection and use of people’s information. In some areas, and for good reasons, that advice goes beyond the law.

DPUP's relationship to other laws and guidance

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated