Home | Browse Topics | Individual rights & freedoms | Privacy and information | Rules for when people collect information about you

Individual rights & freedoms

Rules for when people collect information about you

Overview

When can an organisation collect my personal information?

Privacy Act 2020, s 22, information privacy principle 1

A government agency, business or other organisation can only collect information about you if:

  • they’re doing this for a lawful purpose that’s connected with their functions or activities, and
  • collecting the information is necessary for that purpose.

This means that if an organisation does not need your personal information to achieve something closely linked to their activities, they should not ask for your personal information. For example, if a school enrolment form asks parents to state their occupations, the school must be able to show that it needs this information to carry out its lawful purpose. 

Who can organisations collect personal information from?

Privacy Act 2020, s 22, information privacy principle 2 

When an organisation collects information about you, they must collect it directly from you, rather than from someone else, unless they believe on reasonable grounds that:

  • collecting it from someone else wouldn’t be detrimental to you in any way,
  • collecting it from you directly would undermine the purposes of collecting the information,
  • you’ve given them permission to collect the information from someone else,
  • the information is already publicly available,
  • collecting it from someone else is necessary to enforce the law, or to protect government revenue, or for any court or tribunal proceedings,
  • collecting it from someone else is necessary to prevent or lessen a serious threat to your health or safety, or the health or safety of someone else,
  • it’s not reasonably practicable to collect it directly from you in this particular case, or
  • the information won’t be used in a way that identifies you (for example, this includes if the information will be used for statistical or research purposes and won’t be published in a way that could identify the individual concerned).

Privacy Act 2020, s 30 

Note: The Privacy Commissioner can authorise an organisation to depart from the rules in the Privacy Act for collecting, using or disclosing information if this would be in the public interest or if there would be a clear benefit to the individuals involved.

In general, information that’s about you should be collected from you. This is because you’re usually in the best position to give accurate information. For example, if you’re applying for a job and the employer wants to get references about you, the employer must get you to nominate referees and get your permission to talk to them.

If the referee wants their comments about you to be kept between the employer and the referee, and not made available to you, then the referee and employer can agree to consider it as “evaluative” material. This will allow them both to refuse to give you the contents of the reference.

What information should I be given when my information is collected?

Privacy Act 2020, s 22, information privacy principle 3 

In general, organisations should tell you if they are collecting information that relates to you. When an organisation collects your information directly from you, it must take reasonable steps to make you aware of:

  • the fact that the information is being collected,
  • the reason that it’s being collected,
  • who will be given the information,
  • the organisation’s name and address, and the name and address of any other organisation that will be holding the information,
  • any particular law that governs the collection of the information, and whether that law requires you to provide the information,
  • any consequences for you if you don’t provide the information, and
  • your right to have access to the information after it’s been collected, and to ask for it to be corrected if it’s wrong (see: “How you can access your information and correct it if necessary”).

Note: These things should be explained to you before the information is collected or as soon as practicable after the information is collected. However, an agency doesn’t have to explain these things if it has already done so when it collected similar information, from the same individual, on a recent occasion.

The organisation collecting the information from you doesn’t have to comply with those requirements if it believes, on reasonable grounds, that:

  • your interests wouldn’t be affected,
  • not complying with those requirements is necessary to enforce the law, or to protect government revenue, or for any court proceedings,
  • complying would undermine the purpose of collecting the information,
  • it’s not reasonably practical to comply in this particular case, or
  • the information won’t be used in a way that identifies you (for example, this includes if the information will be used for statistical or research purposes and won’t be published in a way that could identify the individual concerned).

What methods can agencies use to collect my information?

Your information must be collected by methods that are legal, fair, and that don’t intrude unreasonably on your personal affairs.

For example, a private investigator who lied about their identity and intentions in order to find out information for an insurance company would be using an unfair means of collecting information.

Did this answer your question?

Privacy and information

Where to go for more support

Community Law

Your local Community Law Centre can provide you with free initial legal advice.

Find your local Community Law Centre online: www.communitylaw.org.nz/our-law-centres

Privacy Commission

The Privacy Commissioner website provides information about your rights and responsibilities under the Privacy Act 2020 and the Privacy Principles. It also outlines the role of the Privacy Commissioner and how to make a privacy complaint.

Website: www.privacy.org.nz
Email: enquiries@privacy.org.nz
Phone: 0800 803 909

To make a complaint online: www.privacy.org.nz/your-rights/making-a-complaint

Privacy of your health information

Information on the Health Information Privacy Code 2020:  www.privacy.org.nz/privacy-act-2020/codes-of-practice/hipc2020

Mental health: This pamphlet provides you information about the Programme for the Integration of Mental Health Data: www.health.govt.nz/system/files/documents/publications/hp7310-primhd-dl-v6-web.pdf

Nationwide Health & Disability Advocacy Service

The Nationwide Health & Disability Advocacy Service offers free, independent, and confidential advice to support you making a complaint about health and disability services.

Website: www.advocacy.org.nz
Email: advocacy@advocacy.org.nz
Phone: 0800 555 050

Also available as a book

The Community Law Manual

The Manual contains over 1000 pages of easy-to-read legal info and comprehensive answers to common legal questions. From ACC to family law, health & disability, jobs, benefits & flats, Tāonga Māori, immigration and refugee law and much more, the Manual covers just about every area of community and personal life.

Buy The Community Law Manual

Help the manual

We’re a small team that relies on the generosity of all our supporters. You can make a one-off donation or become a supporter by sponsoring the Manual for a community organisation near you. Every contribution helps us to continue updating and improving our legal information, year after year.

Donate Become a Supporter

Find the Answer to your Legal Question

back to top