Act as a steward in a way that people understand and trust.
Be a kaitiaki rather than an owner of people’s information
- Those who collect, use, share and store data and information are kaitiaki, stewards and caretakers, not owners, of that data and information.
- Being a kaitiaki is about working in the service of, and being accountable to, New Zealanders around the collection, use and sharing of their data and information, and ensuring that it is valued and respected.
- A kaitiaki recognises the importance of people being able to access their information and helps them do that.
Be open and transparent — support people’s interest or need to understand
- Have open conversations about the collection, use and sharing of data and information and the reasons for them. This means building trust, being inclusive, respecting a wide range of views, and working in partnership.
- Explain things in an accessible and easy to understand way, and in a manner that matches people’s needs and interests. Use different types or formats of data and information, as well as levels of detail, to match different interests, levels of comprehension, context and needs of different groups.
Keep data and information safe and secure and respect its value
- Use data management practices that are safe and secure. Keep in mind the nature of the information and data, as well as how it is being collected, used, shared, analysed and reported.
- Those who collect data and information need easy-to-use tools and processes for accurately and efficiently collecting, using and sharing information.
- Treat data as a valuable asset. Store and maintain it so that it is accessible and reliable, and only keep it for as long as it is necessary and relevant.
- Those who hold people’s information are able to grow its value. They may do this by creating and sharing insights, or by returning collective, non-personal data back to the people and community it came from for their use. In all cases they must comply with the law, protect people’s privacy and maintain people’s trust and confidence.
If there’s a privacy breach, act quickly and openly
If a privacy breach occurs, recognise its potential significance to people, address it quickly, and be accountable for it.
If serious harm has occurred or is likely to occur, notify the Privacy Commissioner and affected service users in accordance with the Privacy Act 2020.
Even if serious harm has not occurred and is not likely to occur, consider whether to notify affected service users.
Take steps to make amends, to avoid similar breaches in the future, and to maintain or restore trust and confidence in the service.
What kaitiakitanga means for DPUP
Kaitiakitanga means to have guardianship and stewardship of people’s data and information. This is a trusted role that protects and keeps people’s stories and information safe, respects what has been shared, understands its value and enables the sharing of that information when that is appropriate.
The kaitiaki or guardian realises that they do not own this information but keep it in trust — making it easily accessible for the person whose information it is and growing the value of the information. Growth can mean using the information to create and share insights, or returning collective, non-personal data back to the people and community it came from for their use.
This type of stewardship results in benefits and wellbeing for the individual, whānau and wider communities both now and between generations — protecting information and delivering value into the future.