Home | Browse Topics | Individual rights & freedoms | Privacy and information | Requirements about storing information and keeping it secure

Individual rights & freedoms

Requirements about storing information and keeping it secure


Storage and security of information

Privacy Act 2020, s 22, principle 5

A government agency, business or other organisation that holds information about you must make sure that reasonable security safeguards are in place to protect the information against being lost or misused (including if it’s accessed, used, changed or released without the organisation’s permission).

If the organisation needs to give the information to a contractor or someone else who provides a service to the organisation, the organisation must also make sure everything reasonable is done to prevent the information being used or disclosed without authorisation.

The steps that an organisation will need to take to keep your information secure will usually depend on the type of information. For example, an organisation will usually need to protect its databases with anti-virus software, and protect its physical premises from burglary or theft by having a monitored alarm.

What happens if there is a privacy breach?

Privacy Act 2020, ss 112-118

One of the biggest changes in the Privacy Act 2020 is that organisations now have obligations to let people know if there has been a “notifiable privacy breach”. This means that if a breach has caused (or is likely to cause) serious harm to someone, the organisation must tell the Privacy Commissioner and the individual whose privacy was breached.

When deciding if a privacy breach is likely to cause serious harm, organisations should get independent legal advice. If an organisation fails to notify the Privacy Commissioner of a “notifiable privacy breach,” they can be fined up to $10,000.

An organisation has to consider the following before deciding if the privacy breach is likely to cause serious harm:

  • any action taken by the organisation to reduce the risk of harm following the breach,
  • whether the personal information is sensitive in nature,
  • the nature of the harm that may be caused to affected individuals,
  • the person or body that has obtained or may obtain personal information as a result of the breach (if known),
  • whether the personal information is protected by a security measure, and
  • any other relevant matters.

Did this answer your question?

Privacy and information

Where to go for more support

Community Law

Your local Community Law Centre can provide you with free initial legal advice.

Find your local Community Law Centre online: www.communitylaw.org.nz/our-law-centres

Privacy Commission

The Privacy Commissioner website provides information about your rights and responsibilities under the Privacy Act 2020 and the Privacy Principles. It also outlines the role of the Privacy Commissioner and how to make a privacy complaint.

Website: www.privacy.org.nz
Email: enquiries@privacy.org.nz
Phone: 0800 803 909

To make a complaint online: www.privacy.org.nz/your-rights/making-a-complaint

Privacy of your health information

Information on the Health Information Privacy Code 2020:  www.privacy.org.nz/privacy-act-2020/codes-of-practice/hipc2020

Mental health: this pamphlet provides you information about the Programme for the Integration of Mental Health Data: www.health.govt.nz/system/files/documents/publications/hp7310-primhd-dl-v6-web.pdf

Nationwide Health & Disability Advocacy Service

The Nationwide Health & Disability Advocacy Service offers free, independent, and confidential advice to support you making a complaint about health and disability services.

Website: www.advocacy.org.nz
Email: advocacy@advocacy.org.nz
Phone: 0800 555 050

Also available as a book

The Community Law Manual

The Manual contains over 1000 pages of easy-to-read legal info and comprehensive answers to common legal questions. From ACC to family law, health & disability, jobs, benefits & flats, Tāonga Māori, immigration and refugee law and much more, the Manual covers just about every area of community and personal life.

Buy The Community Law Manual

Help the manual

We’re a small team that relies on the generosity of all our supporters. You can make a one-off donation or become a supporter by sponsoring the Manual for a community organisation near you. Every contribution helps us to continue updating and improving our legal information, year after year.

Donate Become a Supporter

Find the Answer to your Legal Question

back to top