Home | Browse Topics | Individual rights & freedoms | Privacy and information | Special privacy rules for specific areas and issues

Individual rights & freedoms

Special privacy rules for specific areas and issues

Privacy codes of practice for specific areas

Privacy Act 2020, ss 32–38

The Privacy Commissioner has the power to issue codes of practices, which may modify the usual privacy laws (the privacy principles) to take account of the special characteristics of particular industries or particular types of information.

Three existing codes of practice are discussed below.

Health Information Privacy Code 1994

This code sets out specific rules that regulate the handling of health information by health agencies.

Your “health information” includes information about:

  • your health – for example, your medical history
  • any disability you have, or used to have
  • any health or disability services that have been provided to you.

The aims of the code are to:

  • give extra protection to health information, as most people see that as being highly sensitive
  • take account of the particular characteristics of the health sector and health information – for example, the code allows for a representative to act on your behalf if you’re unable to exercise your rights under the code because you’re unconscious or for some other reason.

The rules in the code include, for example, that health professionals can share information about you when there’s a serious threat to your life or well-being.

Telecommunications Information Privacy Code 2003

This code sets out specific rules regulating telecommunications agencies to provide better protection for individual privacy. It mainly covers the telecommunications industry in its dealings with the information of customers and users.

For example, one of the rules in the code concerns where a phone company offers a number display service that allows you to see the number of the person calling you – commonly called “caller ID” or “caller display”, but in the code called “Caller Line Identification Presentation”. In these cases the phone company must provide the caller with the ability to block their number from appearing on the phone of the person they’re calling.

Credit Reporting Privacy Code 2004

This code sets out specific rules regulating credit reporters. Credit reporters are businesses that gather and sell information about individuals’ credit histories, including failing to pay bills and being going into bankruptcy.

There’s more about credit reporting in this manual. See “Debt recovery and enforcement” in the chapter “Credit and debt”.

The Credit Reporting Privacy Code deals with:

  • what information can be reported about you
  • who the information can be reported to
  • how long credit reporters can continue to report on things after they happen
  • when your permission is needed for credit reporters to report information
  • your rights to have access to and correct information that credit reporters hold about you
  • how to complain about a breach of this code.

The Credit Reporting Privacy Code allows banks, finance companies, and phone and power companies to share repayment information with credit reporters, subject to a number of conditions.

People who can get access to your credit history information may include lenders, prospective landlords, employers and insurers, but you have consent before they be given the information. However, credit reporting agencies generally don’t need your consent in order to disclose reports to debt collectors, people involved in court proceedings against you, and certain government agencies.

Credit reporting agencies must take reasonable steps to make sure the information they hold about you is accurate, up-to-date, complete, relevant, and not misleading.

Did this answer your question?

Privacy and information

Where to go for more support

Community Law


Your local Community Law Centre can provide initial free legal advice and information.

Office of the Privacy Commissioner

Website: www.privacy.org.nz
Phone: (04) 474 7590 or freephone 0800 803 909
Email: enquiries@privacy.org.nz

For complaints, You can submit a complaint online using the online self-assessment form, ring the 0800 number above or send an email.

Mental health and addiction pamphlet


“What happens to your mental health and addiction information” – available from the Ministry of Health website.

This pamphlet gives you details of how and why consumer information is collected by PRIMHD (Programme for the Integration of Mental Health Data). It also looks at who uses the information, and the privacy rights of consumers under the Health Information Privacy Act 1993.

Also available as a book

The Community Law Manual

The Manual contains over 1000 pages of easy-to-read legal info and comprehensive answers to common legal questions. From ACC to family law, health & disability, jobs, benefits & flats, Tāonga Māori, immigration and refugee law and much more, the Manual covers just about every area of community and personal life.

Buy The Community Law Manual

Help the manual

We’re a small team that relies on the generosity of all our supporters. You can make a one-off donation or become a supporter by sponsoring the Manual for a community organisation near you. Every contribution helps us to continue updating and improving our legal information, year after year.

Donate Become a Supporter

Find the Answer to your Legal Question

back to top