The Privacy Act
This Act applies to almost every person, business or organisation in New Zealand.

Privacy Act - summary

The Privacy Act 1993 came into force on 1 July 1993. It was preceded by the Privacy Commissioner Act 1991 which established the office of Privacy Commissioner and legal requirements for data matching.

The Privacy Act has as one of its main purposes the promotion and protection of individual privacy in general accordance with the 1980 Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. With few exceptions it applies across the public and private sectors.

The Act is primarily concerned with good personal information handling practices.

The Act contains twelve information privacy principles dealing with collecting, holding, use and disclosure of personal information and assigning unique identifiers. The principles also give individuals the right to access personal information and to request correction of it. They do not override other laws which govern the collection, use or disclosure of personal information.

The Privacy Act gives the Privacy Commissioner the power to issue codes of practice that become part of the law.

The Act also contains four public register privacy principles which limit:

• the manner in which information can be made available from public registers;
• re-sorting or combining public register information for commercial gain;
• electronic transmission of public registers;
• charging for access to public register information.

The Act sets out a complaints mechanism and contains rules regulating data matching.

In special circumstances the Privacy Commissioner may authorise agencies to collect, use or disclose information even though that would otherwise breach information privacy principles 2, 10 or 11.