Home | Browse Topics | Individual rights & freedoms | Privacy and information | Overview of the privacy and information laws

Individual rights & freedoms

Privacy and information

Overview of the privacy and information laws

The Privacy Act 2020

New privacy laws came into force on 1 December 2020. The main changes to be aware of are:

  • Agencies must report privacy breaches that cause, or are likely to cause, serious harm (like being hacked) to the Privacy Commissioner and have to tell the people affected.
  • The Privacy Commissioner can issue compliance notices to make an agency do or stop doing something. Failure to comply could result in a penalty of up to $10,000.
  • New Zealand agencies will have to take reasonable steps to make sure that personal information they send overseas is protected by privacy standards as high as New Zealand standards.
  • The new law applies to businesses whether or not they have a legal or physical presence in New Zealand. This means that international companies carrying on business in New Zealand and holding New Zealanders’ personal information, have to comply with New Zealand law no matter where they or their servers are based.

What kinds of information does the Privacy Act apply to?

Privacy Act 2020, ss 7, 27, 30 

The privacy and information rules in the Privacy Act apply only to information about identifiable individual people (but not people who are now dead). The Act calls this “personal information”. This doesn’t necessarily mean information that is particularly private or sensitive – it means information that’s about an identifiable individual person.

The Act doesn’t apply to information:

  • about organisations (like companies, incorporated societies or charitable trusts)
  • that you collect or keep about someone else for personal, family or household use. So, if you give out a friend’s contact details to a third person, you’re not breaching the Act.
  • that the Privacy Commissioner has authorised to be collected, used and/or disclosed.

Who has to follow the rules in the Privacy Act?

Privacy Act 2020, ss 5, 7, 8

The Act covers government departments, companies of all sizes, religious groups, schools, clubs and individuals. The Act uses the word “agency” as a general term to refer to any person or group that have to follow the rules.

There are a few organisations and individuals that don’t have to follow the rules in the Privacy Act. Other rules govern how they manage personal information. Organisations and individuals that are exempt include:

  • the news media, when they’re involved in news activities (such as producing TV programmes, or publishing newspaper articles or letters to the editor). Complaints about the news media are made to the Broadcasting Standards Authority, the New Zealand Press Council or the courts.
  • members of parliament acting in their official capacity. Complaints about members of parliament are dealt with by parliament or political parties.
  • courts or tribunals when they’re carrying out their judicial functions.
  • the Ombudsman.

Some individuals or organisations are allowed to give out information in a way that would usually breach the Privacy Act if they have been authorised to do so by another law. For example, section 15 of the Oranga Tamariki Act 1989 allows anyone to report suspected child abuse to the police or to Oranga Tamariki / Ministry for Children without breaching the rules about disclosing personal information.

You can find more helpful information at the Privacy Commissioner’s website:

For example, navigate to the “Resources” tab, and then click on “Rental sector guidance” for in-depth guidelines about what information your landlord can ask you to provide.

Did this answer your question?

Privacy and information

Where to go for more support

Community Law

Your local Community Law Centre can provide you with free initial legal advice.

Find your local Community Law Centre online: www.communitylaw.org.nz/our-law-centres

Privacy Commission

The Privacy Commissioner website provides information about your rights and responsibilities under the Privacy Act 2020 and the Privacy Principles. It also outlines the role of the Privacy Commissioner and how to make a privacy complaint.

Website: www.privacy.org.nz
Email: enquiries@privacy.org.nz
Phone: 0800 803 909

To make a complaint online: www.privacy.org.nz/your-rights/making-a-complaint

Privacy of your health information

Information on the Health Information Privacy Code 2020:  www.privacy.org.nz/privacy-act-2020/codes-of-practice/hipc2020

Mental health: this pamphlet provides you information about the Programme for the Integration of Mental Health Data: www.health.govt.nz/system/files/documents/publications/hp7310-primhd-dl-v6-web.pdf

Nationwide Health & Disability Advocacy Service

The Nationwide Health & Disability Advocacy Service offers free, independent, and confidential advice to support you making a complaint about health and disability services.

Website: www.advocacy.org.nz
Email: advocacy@advocacy.org.nz
Phone: 0800 555 050

Also available as a book

The Community Law Manual

The Manual contains over 1000 pages of easy-to-read legal info and comprehensive answers to common legal questions. From ACC to family law, health & disability, jobs, benefits & flats, Tāonga Māori, immigration and refugee law and much more, the Manual covers just about every area of community and personal life.

Buy The Community Law Manual

Help the manual

We’re a small team that relies on the generosity of all our supporters. You can make a one-off donation or become a supporter by sponsoring the Manual for a community organisation near you. Every contribution helps us to continue updating and improving our legal information, year after year.

Donate Become a Supporter

Find the Answer to your Legal Question

back to top