Why DPUP was developed
The Data Protection and Use Policy (DPUP) was developed by the Social Wellbeing Agency to provide a shared set of rules for the respectful, trusted and transparent use of personal information.
DPUP was developed to provide both government agencies and non-governmental organisations (NGOs) with clear guidance about what’s reasonable, and what’s not, when collecting or using people’s personal information. Creating and maintaining authentic relationships, and trust, with different communities is important.
Developing DPUP involved broad engagement with a diverse range of people from a variety of agencies and communities. The engagement aimed to understand their view of what agencies need to do to:
- establish and maintain respectful use of people’s information
- build trust and confidence between people and agencies.
DPUP’s Principles and Guidelines were created from their thoughts, ideas, experiences and viewpoints.
Refining the Principles and Guidelines
The engagement produced many ideas and suggestions about what the policy required. Once refined, these became DPUP’s 5 Principles and 4 Guidelines. The Principles are the values and behaviours behind collecting and using personal information that should be part of an agency’s culture. The Guidelines are the key topics and processes that will help agencies put the Principles in place.
The He tāngata Principle sprang from the community design sessions and has a special role. It wraps around DPUP as a whole. It is a reminder that everything an agency does with personal information should be with the following question in mind: “How does this contribute toward the wellbeing of the individual, or community?”.
To learn more about the engagement results, ‘What you told us’ and ‘From Listening to Learning’ on the Social Wellbeing Agency website provides more detailed information.
- What you told us — Social Wellbeing Agency
- From listening to learning — Social Wellbeing Agency (PDF 476KB)
- Read the DPUP Principles
- Read the DPUP Guidelines
Revising the Privacy Maturity Assessment Framework
In 2021, the Government Chief Privacy Officer revised the Privacy Maturity Assessment Framework (PMAF). This revision put a greater focus on the:
- people who provide information to agencies
- diverse responsibilities that contribute to good privacy maturity
- relationship between good privacy practice, good service delivery and agencies’ duty to build and maintain public trust.
DPUP fits well with this shift.
Working with other laws and guidance
DPUP provides good-practice advice about the collection and use of people’s information. In some areas, and for good reasons, that advice goes beyond the law.