New Zealanders need to have trust and confidence in the way government manages their personal information.
The Privacy Act requires all private and public sector agencies to have a privacy officer.
A privacy officer will:
- be familiar with the privacy principles in the Privacy Act, relevant privacy codes and other legislation, and work to ensure compliance with them
- deal with any privacy incidents and breaches, complaints about possible privacy breaches, and requests for access to personal information
- act as the agency’s liaison with the Office of the Privacy Commissioner
- promote privacy awareness and training within the agency
- advise their organisation on the potential privacy impacts of changes to the organisation’s business practices and how improving privacy practices might improve the business.
To fulfil these responsibilities the privacy officer needs to develop, implement and maintain a privacy programme.
- Manage a privacy programme
- Office of the Privacy Commissioner — Privacy Officers
- Office of the Privacy Commissioner — Privacy Act Information Privacy Principles
The Government Chief Privacy Officer (GCPO) has issued core expectations of government agencies that represent good practice for privacy management and governance. Meeting these core expectations will align an agency’s privacy practices with the Privacy Act’s Information Privacy Principles.
The Privacy Maturity Assessment Framework (PMAF) has been developed to help agencies meet these core expectations.Core expectations
Annual privacy self-assessments
The core expectations and the PMAF form the basis of the privacy self-assessment that the GCPO requires agencies to complete annually. The GCPO uses the completed self-assessment to report to the Minister of State Services on public sector-wide capability and maturity as required to by Cabinet.Privacy Maturity Assessment Framework (PMAF)
The GCPO supports agencies to implement these core expectations and provides advice on core expectations, PMAF and self-assessment.