Privacy Act 1993. Public Act 1993 nº 28. Date of assent 17 May 1993
Privacy Amendment Act: 1993, nº 59; 1996, n1 142; 1997, nº 71; 1998 nº 57; 2000 nº 76; 2002 nº 73; 2003 nº 94; 2005 nº 80; 2006 nº 11; 2007 nº 73; 2009 nº 39; 2010 nº 113; 2011 nº 44; 2013 nº 1
An Act to promote and protect individual privacy in general accordance with the Recommendation of the Council of the Organisation for Economic Co-operation and Development Concerning Guidelines Governing the Protection of Privacy and
Transborder Flows of Personal Data, and, in particular :
(a) to establish certain principles with respect to:
(i) the collection, use, and disclosure, by public and private sector agencies, of information relating to individuals; and
(ii) access by each individual to information relating to that individual and held by public and private sector agencies; and
(b) to provide for the appointment of a Privacy Commissioner to investigate complaints about interferences with individual privacy; and
(c) to provide for matters incidental thereto
1.- Short Title and commencement
(1) This Act may be cited as the Privacy Act 1993.
(2) Except as provided by section 31(2), this Act shall come into force on 1 July 1993.
Part 1.- Preliminary provisions
2.- Interpretation
(1) In this Act, unless the context otherwise requires,:
action includes failure to act; and also includes any policy or practice
agency:
(a) means any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector; and, for the avoidance of doubt, includes a department; but
(b) does not include:
(i) the Sovereign; or
(ii) the Governor-General or the Administrator of the Government; or
(iii) the House of Representatives; or
(iv) a member of Parliament in his or her official capacity; or
(v) the Parliamentary Service Commission; or
(vi) the Parliamentary Service, except in relation to personal information about any employee or former employee of that agency in his or her capacity as such an employee; or
(vii) in relation to its judicial functions, a court; or
(viii) in relation to its judicial functions, a tribunal; or
(ix) an Ombudsman; or
(x) a Royal Commission; or
(xi) a commission of inquiry appointed by an Order in Council made under the Commissions of Inquiry Act 1908; or
(xii) a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or
(xiii) in relation to its news activities, any news medium
collect does not include receipt of unsolicited information
Commissioner means the Privacy Commissioner referred to in section 12 of this Act and appointed in accordance with section 28(1)(b) of the Crown Entities Act 2004
correct, in relation to personal information, means to alter that information by way of correction, deletion, or addition; and
correction has a corresponding meaning
department means a government department named in Part 1 of Schedule 1 of the Ombudsmen Act 1975
Deputy Commissioner means the Deputy Privacy Commissioner appointed under section 15
Director of Human Rights Proceedings means the Director of Human Rights Proceedings or alternate Director of Human Rights Proceedings appointed under section 20A of the Human Rights Act 1993
document means a document in any form; and includes:
(a) any writing on any material:
(b) any information recorded or stored by means of any tape recorder, computer, or other device; and any material subsequently derived from information so recorded or stored:
(c) any label, marking, or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means:
(d) any book, map, plan, graph, or drawing:
(e) any photograph, film, negative, tape, or other device in which 1 or more visual images are embodied so as to be capable (with or without the aid of some other equipment) of being reproduced
enactment means any provision of:
(a) any Act of Parliament; or
(b) any regulations within the meaning of the Regulations (Disallowance) Act 1989 made by Order in Council
Human Rights Review Tribunal or Tribunal means the Human Rights Review Tribunal continued by section 93 of the Human Rights Act 1993
individual means a natural person, other than a deceased natural person
individual concerned, in relation to personal information, means the individual to whom the information relates
information matching programme has the meaning given to it by section 97
information privacy principle or principle means any of the information privacy principles set out in section 6
information privacy request has the meaning given to it by section 33
intelligence organisation means:
(a) the New Zealand Security Intelligence Service; and
(b) the Government Communications Security Bureau
international organisation means any organisation of states or governments of states or any organ or agency of any such organisation; and includes the Commonwealth Secretariat
local authority:
(a) means a local authority or public body named or specified in Schedule 1 of the Local Government Official Information and Meetings Act 1987; and
(b) includes:
(i) any committee or subcommittee or standing committee or special committee or joint standing committee or joint special committee which the local authority is empowered to appoint under its standing orders or rules of procedure or under any enactment or Order in Council constituting the local authority or regulating its proceedings; and
(ii) a committee of the whole local authority
Minister means a Minister of the Crown in his or her official capacity
news activity means:
(a) the gathering of news, or the preparation or compiling of articles or programmes of or concerning news, observations on news, or current affairs, for the purposes of dissemination to the public or any section of the public:
(b) the dissemination, to the public or any section of the public, of any article or programme of or concerning:
(i) news:
(ii) observations on news:
(iii) current affairs
news medium means any agency whose business, or part of whose business, consists of a news activity; but, in relation to principles 6 and 7, does not include Radio New Zealand Limited or Television New Zealand Limited
Ombudsman means an Ombudsman appointed under the Ombudsmen Act 1975
organisation:
(a) means:
(i) an organisation named in Part 2 of Schedule 1 of the Ombudsmen Act 1975; and
(ii) an organisation named in Schedule 1 of the Official Information Act 1982; and
(b) includes:
(i) the Office of the Clerk of the House of Representatives:
(ii) an intelligence organisation
permanent resident of New Zealand means a person who:
(a) resides in New Zealand; and
(b) is not:
(i) a person to whom section 15 or 16 of the Immigration Act 2009 applies (except if the person has been granted a visa or entry permission in accordance with section 17 of that Act); or
(ii) a person obliged by or under that Act to leave New Zealand immediately or within a specified time; or
(iii) treated for the purposes of that Act as being unlawfully in New Zealand
personal information means information about an identifiable individual; and includes information relating to a death that is maintained by the Registrar-General pursuant to the Births, Deaths, Marriages, and Relationships Registration Act 1995, or any former Act (as defined by the Births, Deaths, Marriages, and Relationships Registration Act 1995)
public register has the meaning given to it in section 58
public register privacy principle has the meaning given to it in section 58
public sector agency:
(a) means an agency that is a Minister, a department, an organisation, or a local authority; and
(b) includes any agency that is an unincorporated body (being a board, council, committee, or other body):
(i) which is established for the purpose of assisting or advising, or performing functions connected with, any public sector agency within the meaning of paragraph (a); and
(ii) which is so established in accordance with the provisions of any enactment or by any such public sector agency
publicly available information means personal information that is contained in a publicly available publication
publicly available publication means a magazine, book, newspaper, or other publication that is or will be generally available to members of the public; and includes a public register
responsible Minister means the Minister of Justice
serious threat, for the purposes of principle 10(d) or 11(f), means a threat that an agency reasonably believes to be a serious threat having regard to all of the following:
(a) the likelihood of the threat being realised; and
(b) the severity of the consequences if the threat is realised; and
(c) the time at which the threat may be realised
statutory officer means a person:
(a) holding or performing the duties of an office established by an enactment; or
(b) performing duties expressly conferred on that person by virtue of that person´s office by an enactment
unique identifier means an identifier:
(a) that is assigned to an individual by an agency for the purposes of the operations of the agency; and
(b) that uniquely identifies that individual in relation to that agency;:
but, for the avoidance of doubt, does not include an individual´s name used to identify that individual
working day means any day of the week other than:
(a) Saturday, Sunday, Good Friday, Easter Monday, Anzac Day, Labour Day, the Sovereign´s birthday, and Waitangi Day; and
(b) a day in the period commencing with 25 December in any year and ending with 15 January in the following year.
(2) For the avoidance of doubt, it is hereby declared that the fact that any body (being a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, by any provision of an Act, to inquire into a specified matter) is not excluded from the definition of the term agency in subsection (1) by virtue of subparagraph (xii) of paragraph (b) of that definition does not mean that such a body is not excluded from that definition by virtue of subparagraph (vii) or subparagraph (viii) of that paragraph.
3.- Information held by agency
(1) Subject to subsection (2), information that is held by an officer or employee or member of an agency in that person´s capacity as such an officer or employee or member or in that person´s capacity as a statutory officer shall be deemed, for the purposes of this Act, to be held by the agency of which that person is an officer or employee or member.
(2) Nothing in subsection (1) applies in respect of any information that any officer or employee or member of a public sector agency would not hold but for that person´s membership of, or connection with, a body other than a public sector agency, except where that membership or connection is in that person´s capacity as an officer or an employee or a member of that public sector agency or as a statutory officer.
(3) Nothing in subsection (1) applies in respect of any information that any officer or employee or member of any agency (not being a public sector agency) would not hold but for that person´s membership of, or connection with, any other agency, except where that membership or connection is in that person´s capacity as an officer or an employee or a member of that first-mentioned agency.
(4) For the purposes of this Act, where an agency holds information:
(a) solely as agent; or
(b) for the sole purpose of safe custody; or
(c) for the sole purpose of processing the information on behalf of another agency;
and does not use or disclose the information for its own purposes, the information shall be deemed to be held by the agency on whose behalf that information is so held or, as the case may be, is so processed.
4.- Actions of, and disclosure of information to, staff of agency, etc
For the purposes of this Act, an action done by, or information disclosed to, a person employed by, or in the service of, an agency in the performance of the duties of the person´s employment shall be treated as having been done by, or disclosed to, the agency.
5.- Act to bind the Crown
This Act binds the Crown.
Part 2.- Information privacy principles
6.- Information privacy principles
The information privacy principles are as follows:
Information privacy principles
Principle 1.- Purpose of collection of personal information
Personal information shall not be collected by any agency unless:
(a) the information is collected for a lawful purpose connected with a function or activity of the agency; and
(b) the collection of the information is necessary for that purpose.
Principle 2.- Source of personal information
(1) Where an agency collects personal information, the agency shall collect the information directly from the individual concerned.
(2) It is not necessary for an agency to comply with subclause (1) if the agency believes, on reasonable grounds,:
(a) that the information is publicly available information; or
(b) that the individual concerned authorises collection of the information from someone else; or
(c) that non-compliance would not prejudice the interests of the individual concerned; or
(d) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(e) that compliance would prejudice the purposes of the collection; or
(f) that compliance is not reasonably practicable in the circumstances of the particular case; or
(g) that the information:
(i) will not be used in a form in which the individual concerned is identified; or
(ii) will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(h) that the collection of the information is in accordance with an authority granted under section 54.
Principle 3.- Collection of information from subject
(1) Where an agency collects personal information directly from the individual concerned, the agency shall take such steps (if any) as are, in the circumstances, reasonable to ensure that the individual concerned is aware of:
(a) the fact that the information is being collected; and
(b) the purpose for which the information is being collected; and
(c) the intended recipients of the information; and
(d) the name and address of:
(i) the agency that is collecting the information; and
(ii) the agency that will hold the information; and
(e) if the collection of the information is authorised or required by or under law,:
(i) the particular law by or under which the collection of the information is so authorised or required; and
(ii) whether or not the supply of the information by that individual is voluntary or mandatory; and
(f) the consequences (if any) for that individual if all or any part of the requested information is not provided; and
(g) the rights of access to, and correction of, personal information provided by these principles.
(2) The steps referred to in subclause (1) shall be taken before the information is collected or, if that is not practicable, as soon as practicable after the information is collected.
(3) An agency is not required to take the steps referred to in subclause (1) in relation to the collection of information from an individual if that agency has taken those steps in relation to the collection, from that individual, of the same information or information of the same kind, on a recent previous occasion.
(4) It is not necessary for an agency to comply with subclause (1) if the agency believes, on reasonable grounds,:
(a) that non-compliance is authorised by the individual concerned; or
(b) that non-compliance would not prejudice the interests of the individual concerned; or
(c) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(d) that compliance would prejudice the purposes of the collection; or
(e) that compliance is not reasonably practicable in the circumstances of the particular case; or
(f) that the information:
(i) will not be used in a form in which the individual concerned is identified; or
(ii) will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned.
Principle 4.- Manner of collection of personal information
Personal information shall not be collected by an agency:
(a) by unlawful means; or
(b) by means that, in the circumstances of the case:
(i) are unfair; or
(ii) intrude to an unreasonable extent upon the personal affairs of the individual concerned.
Principle 5.- Storage and security of personal information
An agency that holds personal information shall ensure:
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:
(i) loss; and
(ii) access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
(iii) other misuse; and
(b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information.
Principle 6.- Access to personal information
(1) Where an agency holds personal information in such a way that it can readily be retrieved, the individual concerned shall be entitled:
(a) to obtain from the agency confirmation of whether or not the agency holds such personal information; and
(b) to have access to that information.
(2) Where, in accordance with subclause (1)(b), an individual is given access to personal information, the individual shall be advised that, under principle 7, the individual may request the correction of that information.
(3) The application of this principle is subject to the provisions of Parts 4 and 5.
Principle 7.- Correction of personal information
(1) Where an agency holds personal information, the individual concerned shall be entitled:
(a) to request correction of the information; and
(b) to request that there be attached to the information a statement of the correction sought but not made.
(2) An agency that holds personal information shall, if so requested by the individual concerned or on its own initiative, take such steps (if any) to correct that information as are, in the circumstances, reasonable to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading.
(3) Where an agency that holds personal information is not willing to correct that information in accordance with a request by the individual concerned, the agency shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the information, in such a manner that it will always be read with the information, any statement provided by that individual of the correction sought.
(4) Where the agency has taken steps under subclause (2) or subclause (3), the agency shall, if reasonably practicable, inform each person or body or agency to whom the personal information has been disclosed of those steps.
(5) Where an agency receives a request made pursuant to subclause (1), the agency shall inform the individual concerned of the action taken as a result of the request.
Principle 8.- Accuracy, etc, of personal information to be checked before use
An agency that holds personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.
Principle 9.- Agency not to keep personal information for longer than necessary
An agency that holds personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used.
Principle 10.- Limits on use of personal information
An agency that holds personal information that was obtained in connection with one purpose shall not use the information for any other purpose unless the agency believes, on reasonable grounds,:
(a) that the source of the information is a publicly available publication; or
(b) that the use of the information for that other purpose is authorised by the individual concerned; or
(c) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(d) that the use of the information for that other purpose is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to:
(i) public health or public safety; or
(ii) the life or health of the individual concerned or another individual; or
(e) that the purpose for which the information is used is directly related to the purpose in connection with which the information was obtained; or
(f) that the information:
(i) is used in a form in which the individual concerned is not identified; or
(ii) is used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(g) that the use of the information is in accordance with an authority granted under section 54.
Principle 11.- Limits on disclosure of personal information
An agency that holds personal information shall not disclose the information to a person or body or agency unless the agency believes, on reasonable grounds,:
(a) that the disclosure of the information is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained; or
(b) that the source of the information is a publicly available publication; or
(c) that the disclosure is to the individual concerned; or
(d) that the disclosure is authorised by the individual concerned; or
(e) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(f) that the disclosure of the information is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to:
(i) public health or public safety; or
(ii) the life or health of the individual concerned or another individual; or
(g) that the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern; or
(h) that the information:
(i) is to be used in a form in which the individual concerned is not identified; or
(ii) is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(i) that the disclosure of the information is in accordance with an authority granted under section 54.
Principle 12.- Unique identifiers
(1) An agency shall not assign a unique identifier to an individual unless the assignment of that identifier is necessary to enable the agency to carry out any 1 or more of its functions efficiently.
(2) An agency shall not assign to an individual a unique identifier that, to that agency´s knowledge, has been assigned to that individual by another agency, unless those 2 agencies are associated persons within the meaning of subpart YB of the Income Tax Act 2007.
(3) An agency that assigns unique identifiers to individuals shall take all reasonable steps to ensure that unique identifiers are assigned only to individuals whose identity is clearly established.
(4) An agency shall not require an individual to disclose any unique identifier assigned to that individual unless the disclosure is for one of the purposes in connection with which that unique identifier was assigned or for a purpose that is directly related to one of those purposes.
7.- Savings
(1) Nothing in principle 6 or principle 11 derogates from any provision that is contained in any enactment and that authorises or requires personal information to be made available.
(2) Nothing in principle 6 or principle 11 derogates from any provision that is contained in any other Act of Parliament and that:
(a) imposes a prohibition or restriction in relation to the availability of personal information; or
(b) regulates the manner in which personal information may be obtained or made available.
(3) Nothing in principle 6 or principle 11 derogates from any provision:
(a) that is contained in any regulations within the meaning of the Regulations (Disallowance) Act 1989 made by Order in Council and in force:
(i) in so far as those principles apply to a department, a Minister, an organisation, or a public sector agency (as defined in paragraph (b) of the definition of that term in section 2(1)) that is established for the purposes of assisting or advising, or performing functions connected with, a department, a Minister, or an organisation, immediately before 1 July 1983; and
(ii) in so far as those principles apply to a local authority or a public sector agency (as so defined) that is established for the purposes of assisting or advising, or performing functions connected with, a local authority, immediately before 1 March 1988; and
(iii) in so far as those principles apply to any other agency, immediately before 1 July 1993; and
(b) that:
(i) imposes a prohibition or restriction in relation to the availability of personal information; or
(ii) regulates the manner in which personal information may be obtained or made available.
(4) An action is not a breach of any of principles 1 to 5, 7 to 10, and 12 if that action is authorised or required by or under law.
(5) Nothing in principle 7 applies in respect of any information held by the Department of Statistics, where that information was obtained pursuant to the Statistics Act 1975.
(6) Subject to the provisions of Part 7, nothing in any of the information privacy principles shall apply in respect of a public register.
8.- Application of information privacy principles
(1) Subject to subsection (4), principles 1 to 4 apply only in relation to information collected after the commencement of this section.
(2) Subject to section 9, principles 5 to 9 and principle 11 apply in relation to information held by an agency, whether the information was obtained before, or is obtained after, the commencement of this section.
(3) Principle 10 applies only in relation to information obtained after the commencement of this section.
(4) Nothing in principle 3 shall apply in relation to the collection, by means of any printed form, of any personal information, if the form was printed before the commencement of this section and is used, before 1 July 1995, for the purpose of collecting personal information.
(5) Subclauses (1) to (3) of principle 12 apply only in relation to the assignment of unique identifiers after the commencement of this section.
(6) Subclause (4) of principle 12 applies to any unique identifier, whether assigned before or after the commencement of this section.
9.- Postponement of application of principle 11 to lists used for direct marketing
(1) Nothing in principle 11 shall apply, before 1 July 1996, in relation to the disclosure, by any agency, of personal information collected before 1 July 1993 for direct marketing purposes, where that disclosure is made to another agency for the purpose of enabling that other agency to engage in direct marketing.
(2) For the purposes of subsection (1), direct marketing means:
(a) the offering of goods or services; or
(b) the advertising of the availability of goods or services; or
(c) the solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political, or other purposes, by means of:
(d) information or goods sent to any person by mail, facsimile transmission, electronic mail, or other similar means of communication, where the information or goods are addressed to a specific person or specific persons by name; or
(e) telephone calls made to specific persons by name.
10.- Application of principles to information held overseas
(1) For the purposes of principle 5 and principles 8 to 11, information held by an agency includes information that is held outside New Zealand by that agency, where that information has been transferred out of New Zealand by that agency or any other agency.
(2) For the purposes of principles 6 and 7, information held by an agency includes information held outside New Zealand by that agency.
(3) Nothing in this section shall apply to render an agency in breach of any of the information privacy principles in respect of any action that the agency is required to take by or under the law of any place outside New Zealand.
11.- Enforceability of principles
(1) The entitlements conferred on an individual by subclause (1) of principle 6, in so far as that subclause relates to personal information held by a public sector agency, are legal rights, and are enforceable accordingly in a court of law.
(2) Subject to subsection (1), the information privacy principles do not confer on any person any legal right that is enforceable in a court of law.
Part 3.- Privacy Commissioner
12.- Privacy Commissioner
(1) There shall be a Commissioner called the Privacy Commissioner.
(2) The Commissioner is:
(a) a corporation sole; and
(b) a Crown entity for the purposes of section 7 of the Crown Entities Act 2004; and
(c) the board for the purposes of the Crown Entities Act 2004.
(3) The Crown Entities Act 2004 applies to the Commissioner except to the extent that this Act expressly provides otherwise.
(4) (Repealed)
13.- Functions of Commissioner
(1) The functions of the Commissioner shall be:
(a) to promote, by education and publicity, an understanding and acceptance of the information privacy principles and of the objects of those principles:
(b) when requested to do so by an agency, to conduct an audit of personal information maintained by that agency for the purpose of ascertaining whether or not the information is maintained according to the information privacy principles:
(c) to monitor the use of unique identifiers, and to report to the Prime Minister from time to time on the results of that monitoring, including any recommendation relating to the need for, or desirability of taking, legislative, administrative, or other action to give protection, or better protection, to the privacy of the individual:
(d) to maintain, and to publish, in accordance with section 21, directories of personal information:
(e) to monitor compliance with the public register privacy principles, to review those principles from time to time with particular regard to the Council of Europe Recommendations on Communication to Third Parties of Personal Data Held by Public Bodies (Recommendation R (91) 10), and to report to the responsible Minister from time to time on the need for or desirability of amending those principles:
(f) to examine any proposed legislation that makes provision for:
(i) the collection of personal information by any public sector agency; or
(ii) the disclosure of personal information by one public sector agency to any other public sector agency, or both; to have particular regard, in the course of that examination, to the matters set out in section 98, in any case where the Commissioner considers that the information might be used for the purposes of an information matching programme; and to report to the responsible Minister the results of that examination:
(g) for the purpose of promoting the protection of individual privacy, to undertake educational programmes on the Commissioner´s own behalf or in co-operation with other persons or authorities acting on behalf of the Commissioner;
(h) to make public statements in relation to any matter affecting the privacy of the individual or of any class of individuals;
(i) to receive and invite representations from members of the public on any matter affecting the privacy of the individual;
(j) to consult and co-operate with other persons and bodies concerned with the privacy of the individual;
(k) to make suggestions to any person in relation to any matter that concerns the need for, or the desirability of, action by that person in the interests of the privacy of the individual;
(l) to provide advice (with or without a request) to a Minister or an agency on any matter relevant to the operation of this Act;
(m) to inquire generally into any matter, including any enactment or law, or any practice, or procedure, whether governmental or non-governmental, or any technical development, if it appears to the Commissioner that the privacy of the individual is being, or may be, infringed thereby;
(n) to undertake research into, and to monitor developments in, data processing and computer technology to ensure that any adverse effects of such developments on the privacy of individuals are minimised, and to report to the responsible Minister the results of such research and monitoring:
(o) to examine any proposed legislation (including subordinate legislation) or proposed policy of the Government that the Commissioner considers may affect the privacy of individuals, and to report to the responsible Minister the results of that examination;
(p) to report (with or without request) to the Prime Minister from time to time on any matter affecting the privacy of the individual, including the need for, or desirability of, taking legislative, administrative, or other action to give protection or better protection to the privacy of the individual;
(q) to report to the Prime Minister from time to time on the desirability of the acceptance, by New Zealand, of any international instrument relating to the privacy of the individual;
(r) to report to the Prime Minister on any other matter relating to privacy that, in the Commissioner´s opinion, should be drawn to the Prime Minister´s attention;
(s) to gather such information as in the Commissioner´s opinion will assist the Commissioner in carrying out the Commissioner´s functions under this Act:;(t) to do anything incidental or conducive to the performance
of any of the preceding functions;
(u) to exercise and perform such other functions, powers, and duties as are conferred or imposed on the Commissioner by or under this Act or any other enactment.
(1AA) Without limiting subsection (1), the functions of the Commissioner in relation to information sharing under Part 9A are:
(a) to make submissions on an information sharing agreement for which approval by Order in Council under section 96J is being sought;
(b) to report to a relevant Minister, under section 96P(1), on any matter relating to privacy that arises or is likely to arise in respect of an approved information sharing agreement and on any other matter specified in that section;
(c) to publish a copy of a report referred to in paragraph (b) in accordance with section 96P(3);
(d) to receive and investigate complaints about any alleged interference with privacy under an approved information sharing agreement in accordance with Part 8;
(e) if appropriate under the circumstances, to exempt an agency, under section 96R, from the requirement to give notice of adverse action under section 96Q or to reduce the period of notice required under that section;
(f) to conduct a review under section 96W on the operation of an approved information sharing agreement;
(g) to report to a relevant Minister under section 96X on the findings of a review conducted under section 96W;
(h) to require a public sector agency to report, in accordance with section 96S, on the operation of each approved information sharing agreement for which it is the lead agency.
(1AB) In subsection (1AA), adverse action, approved information sharing agreement, information sharing agreement, lead agency, and relevant Minister have the meanings given to them by section 96C.
(1A) Except as expressly provided otherwise in this or another Act, the Commissioner must act independently in performing his or her statutory functions and duties, and exercising his or her statutory powers, under:
(a) this Act; and
(b) any other Act that expressly provides for the functions, powers, or duties of the Commissioner (other than the Crown Entities Act 2004).
(2) The Commissioner may from time to time, in the public interest or in the interests of any person or body of persons, publish reports relating generally to the exercise of the Commissioner´s functions under this Act or to any case or cases investigated by the Commissioner, whether or not the matters to be dealt with in any such report have been the subject of a report to the responsible Minister or the Prime Minister.
14.- Commissioner to have regard to certain matters
In the performance of his or her functions, and the exercise of his or her powers, under this Act, the Commissioner shall:
(a) have due regard for the protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information and the recognition of the right of government and business to achieve their objectives in an efficient way; and
(b) take account of international obligations accepted by New Zealand, including those concerning the international technology of communications; and
(c) consider any developing general international guidelines relevant to the better protection of individual privacy; and
(d) have due regard to the information privacy principles and the public register privacy principles.
15.- Deputy Commissioner
(1) The Governor-General may, on the recommendation of the Minister, appoint a deputy to the person appointed as Commissioner.
(2) Part 2 of the Crown Entities Act 2004, except section 46, applies to the appointment and removal of a Deputy Commissioner in the same manner as it applies to the appointment and removal of a Commissioner.
(3) Subject to the control of the Commissioner, the Deputy Commissioner shall have and may exercise all the powers, duties, and functions of the Commissioner under this Act or any other enactment.
(4) On the occurrence from any cause of a vacancy in the office of the Commissioner (whether by reason of death, resignation, or otherwise), and in the case of the absence from duty of the Commissioner (from whatever cause arising), and so long as any such vacancy or absence continues, the Deputy Commissioner shall have and may exercise all the powers, duties, and functions of the Commissioner.
(5) (Repealed)
(6) Subject to this Act, the Deputy Commissioner shall be entitled to all the protections, privileges, and immunities of the Commissioner.
16.- Term of office
(Repealed)
17.- Continuation in office after term expires
(Repealed)
18.- Vacation of office
(Repealed)
19.- Holding of other offices
(1) In addition to the matters in section 30(2) of the Crown Entities Act 2004, a member of a local authority is disqualified from being appointed as Commissioner.
(2) The appointment of a Judge as the Commissioner, or service by a Judge as the Commissioner, does not affect that person´s tenure of his or her judicial office or his or her rank, title, status, precedence, salary, annual or other allowances, or other rights or privileges as a Judge (including those in relation to superannuation), and, for all purposes, that person´s service as the Commissioner shall be taken to be service as a Judge.
20.- Powers relating to declaratory judgments
(1) If at any time it appears to the Commissioner that it may be desirable to obtain a declaratory judgment or order of the High Court in accordance with the Declaratory Judgments Act 1908, he or she may refer the matter to the Proceedings Commissioner for the purpose of deciding whether proceedings under that Act should be instituted.
(2) In respect of any matter referred to the Proceedings Commissioner under subsection (1), the Proceedings Commissioner shall, notwithstanding anything to the contrary in the Declaratory Judgments Act 1908 or any other enactment or rule of law, have sufficient standing to institute proceedings under that Act whether or not the matter is one within his or her own functions and powers under this Act or under the Human Rights Commission Act 1977.
21.- Directories of personal information
(1) The Commissioner may from time to time, as the Commissioner thinks fit, cause to be published 1 or more publications that include all or any of the following information:
(a) the nature of any personal information held by any agency;
(b) the purpose for which any personal information is held by any agency;
(c) the classes of individuals about whom personal information is held by any agency:
(d) the period for which any type of personal information is held by any agency;
(e) the individuals who are entitled to have access to any personal information held by any agency, and the conditions under which they are entitled to have that access;
(f) the steps that should be taken by any individual wishing to obtain access to any personal information held by any agency.
(2) The Commissioner may from time to time bring the material contained in any publication published pursuant to subsection (1) up to date, either by causing to be published a new edition of that publication or by causing to be published supplementary material.
(3) In determining whether or not any publication should be published pursuant to this section, the Commissioner shall have regard, among other things, to the need to assist members of the public to obtain personal information and to effectively exercise their rights under this Act.
(4) Nothing in this section requires the publication of any information for which good reason for withholding would exist under section 27 or section 28.
22.- Commissioner may require agency to supply information
For the purpose of:
(a) the publication of any directory or any supplementary material pursuant to section 21; or
(b) enabling the Commissioner to respond to enquiries from the public seeking information of the kind referred to in any of paragraphs (a) to (f) of section 21(1), the Commissioner may, from time to time, require any agency to supply to the Commissioner such information as the Commissioner may reasonably require in relation to the personal information held by that agency, and the agency shall comply with that requirement.
23.- Privacy officers
It shall be the responsibility of each agency to ensure that there are, within that agency, 1 or more individuals whose responsibilities include:
(a) the encouragement of compliance, by the agency, with the information privacy principles;
(b) dealing with requests made to the agency pursuant to this Act;
(c) working with the Commissioner in relation to investigations conducted pursuant to Part 8 in relation to the agency;
(d) otherwise ensuring compliance by the agency with the provisions of this Act.
24.- Annual report
(1) Without limiting the right of the Commissioner to report at any other time, but subject to section 120, the annual report of the Commissioner under section 150 of the Crown Entities Act 2004 must include a report with respect to the operation of this Act during the year to which the report relates.
(2) (Repealed)
25.- Further provisions relating to Commissioner
The provisions of Schedule 1 shall have effect in relation to the Commissioner and the Commissioner´s affairs.
26.- Review of operation of Act
(1) As soon as practicable after the expiry of the period of 3 years beginning on the commencement of this section, and then at intervals of not more than 5 years, the Commissioner shall:
(a) review the operation of this Act since:
(i) the date of the commencement of this section (in the case of the first review carried out under this paragraph); or
(ii) the date of the last review carried out under this paragraph (in the case of every subsequent review); and
(b) consider whether any amendments to this Act are necessary or desirable; and
(c) report the Commissioner´s findings to the responsible Minister.
(2) As soon as practicable after receiving a report from the Commissioner under subsection (1)(c), the responsible Minister shall lay a copy of that report before the House of Representatives.
Part 4.- Good reasons for refusing access to personal information
27.- Security, defence, international relations, etc
(1) An agency may refuse to disclose any information requested pursuant to principle 6 if the disclosure of the information would be likely:
(a) to prejudice the security or defence of New Zealand or the international relations of the Government of New Zealand; or
(b) to prejudice the entrusting of information to the Government of New Zealand on a basis of confidence by:
(i) the government of any other country or any agency of such a government; or
(ii) any international organisation; or
(c) to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial; or
(d) to endanger the safety of any individual.
(2) An agency may refuse to disclose any information requested pursuant to principle 6 if the disclosure of the information would be likely:
(a) to prejudice the security or defence of:
(i) the self-governing state of the Cook Islands; or
(ii) the self-governing state of Niue; or
(iii) Tokelau; or
(iv) the Ross Dependency; or
(b) to prejudice relations between any of the Governments of:
(i) New Zealand;
(ii) the self-governing state of the Cook Islands;
(iii) the self-governing state of Niue; or
(c) to prejudice the international relations of the Governments of:
(i) the self-governing state of the Cook Islands; or
(ii) the self-governing state of Niue.
28.- Trade secrets
(1) Subject to subsection (2), an agency may refuse to disclose any information requested pursuant to principle 6 if the withholding of the information is necessary to protect information where the making available of the information:
(a) would disclose a trade secret; or
(b) would be likely unreasonably to prejudice the commercial position of the person who supplied or who is the subject of the information.
(2) Information may not be withheld under subsection (1) if, in the circumstances of the particular case, the withholding of that information is outweighed by other considerations which render it desirable, in the public interest, to make the information available.
29.- Other reasons for refusal of requests
(1) An agency may refuse to disclose any information requested pursuant to principle 6 if:
(a) the disclosure of the information would involve the unwarranted disclosure of the affairs of another individual or of a deceased individual; or
(b) the disclosure of the information or of information identifying the person who supplied it, being evaluative material, would breach an express or implied promise:
(i) which was made to the person who supplied the information; and
(ii) which was to the effect that the information or the identity of the person who supplied it or both would be held in confidence; or
(c) after consultation undertaken (where practicable) by or on behalf of the agency with an individual´s medical practitioner, the agency is satisfied that:
(i) the information relates to that individual; and
(ii) the disclosure of the information (being information that relates to the physical or mental health of the individual who requested it) would be likely to prejudice the physical or mental health of that individual; or
(d) in the case of an individual under the age of 16, the disclosure of that information would be contrary to that individual´s interests; or
(e) the disclosure of that information (being information in respect of an individual who has been convicted of an offence or is or has been detained in custody) would be likely to prejudice the safe custody or the rehabilitation of that individual; or
(f) the disclosure of the information would breach legal professional privilege; or
(g) in the case of a request made to Radio New Zealand Limited or Television New Zealand Limited, the disclosure of the information would be likely to reveal the source of information of a bona fide news media journalist and either:
(i) the information is subject to an obligation of confidence; or
(ii) the disclosure of the information would be likely to prejudice the supply of similar information, or information from the same source; or
(h) the disclosure of the information, being information contained in material placed in any library or museum or archive, would breach a condition subject to which that material was so placed; or
(i) the disclosure of the information would constitute contempt of court or of the House of Representatives; or
(ia) the request is made by a defendant or a defendant´s agent and is:
(i) for information that could be sought by the defendant under the Criminal Disclosure Act 2008; or
(ii) for information that could be sought by the defendant under that Act and that has been disclosed to, or withheld from, the defendant under that Act; or
(j) the request is frivolous or vexatious, or the information requested is trivial.
(2) An agency may refuse a request made pursuant to principle 6 if:
(a) the information requested is not readily retrievable; or
(b) the information requested does not exist or cannot be found; or
(c) the information requested is not held by the agency and the person dealing with the request has no grounds for believing that the information is either:
(i) held by another agency; or
(ii) connected more closely with the functions or activities of another agency.
(3) For the purposes of subsection (1)(b), the term evaluative material means evaluative or opinion material compiled solely:
(a) for the purpose of determining the suitability, eligibility, or qualifications of the individual to whom the material relates:
(i) for employment or for appointment to office; or
(ii) for promotion in employment or office or for continuance in employment or office; or
(iii) for removal from employment or office; or
(iv) for the awarding of contracts, awards, scholarships, honours, or other benefits; or
(b) for the purpose of determining whether any contract, award, scholarship, honour, or benefit should be continued, modified, or cancelled; or
(c) for the purpose of deciding whether to insure any individual or property or to continue or renew the insurance of any individual or property.
(4) In subsection (1)(c), medical practitioner means a health practitioner who is, or is deemed to be, registered with the Medical Council of New Zealand continued by section 114(1)(a) of the Health Practitioners Competence Assurance Act 2003 as a practitioner of the profession of medicine.
30.- Refusal not permitted for any other reason
Subject to sections 7, 31, and 32, no reasons other than 1 or more of the reasons set out in sections 27 to 29 justifies a refusal to disclose any information requested pursuant to principle 6.
31.- Restriction where person sentenced to imprisonment
(Repealed)
32 Information concerning existence of certain information
Where a request made pursuant to principle 6 relates to information to which section 27 or section 28 applies, or would, if it existed, apply, the agency dealing with the request may, if it is satisfied that the interest protected by section 27 or section 28 would be likely to be prejudiced by the disclosure of the existence or non-existence of such information, give notice in writing to the applicant that it neither confirms nor denies the existence or non-existence of that information.
Part 5.- Procedural provisions relating to access to and correction of personal information
33.- Application
This Part applies to the following requests (in this Act referred to as information privacy requests):
(a) a request made pursuant to subclause (1)(a) of principle 6 to obtain confirmation of whether or not an agency holds personal information:
(b) a request made pursuant to subclause (1)(b) of principle 6 to be given access to personal information:
(c) a request made pursuant to subclause (1) of principle 7 for correction of personal information.
34.- Individuals may make information privacy requests
An information privacy request may be made only by an individual.
35.- Charges
(1) Subject to section 36, a public sector agency shall not require the payment, by or on behalf of any individual who wishes to make an information privacy request, of any charge in respect of:
(a) the provision of assistance in accordance with section 38; or
(b) the making of the request to that agency; or
(c) the transfer of the request to any other agency; or
(d) the processing of the request, including deciding whether or not the request is to be granted and, if so, in what manner; or
(e) the making available of information in compliance, in whole or in part, with the request; or
(f) in the case of a request made pursuant to subclause (1) of principle 7 :
(i) the correction of any information in compliance, in whole or in part, with the request; or
(ii) the attaching, to any information, of a statement of any correction sought but not made.
(2) Subject to subsection (4), an agency that is not a public sector agency shall not require the payment, by or on behalf of any individual who wishes to make an information privacy request, of any charge in respect of:
(a) the provision of assistance in accordance with section 38; or
(b) the making of the request to that agency; or
(c) the transfer of the request to any other agency; or
(d) the processing of the request, including deciding whether or not the request is to be granted and, if so, in what manner.
(3) An agency that is not a public sector agency may require the payment, by or on behalf of any individual who wishes to make a request pursuant to subclause (1)(a) or subclause (1)(b) of principle 6 or pursuant to principle 7, of a charge in respect of:
(a) the making available of information in compliance, in whole or in part, with the request; or
(b) in the case of a request made pursuant to subclause (1) of principle 7,:
(i) the correction of any information in compliance, in whole or in part, with the request; or
(ii) the attaching, to any information, of a statement of any correction sought but not made.
(4) Where an agency that is not a public sector agency makes information available in compliance, in whole or in part, with an information privacy request, the agency may require the payment of a charge in respect of the provision of assistance, by that agency, in accordance with section 38, in respect of that request.
(5) Any charge fixed by an agency pursuant to subsection (3) or subsection (4) or pursuant to an authority granted pursuant to section 36 in respect of an information privacy request shall be reasonable, and (in the case of a charge fixed in respect of the making available of information) regard may be had to the cost of the labour and materials involved in making information available in accordance with the request and to any costs incurred pursuant to a request of the applicant for the request to be treated as urgent.
(6) The provisions of subsections (3) to (5), in so far as they relate to the fixing, by any agency that is not a public sector agency, of any charge in respect of any information privacy request, shall apply subject to any provisions to the contrary in any code of practice issued under section 46 and for the time being in force.
36.- Commissioner may authorise public sector agency to charge
(1) Where a public sector agency satisfies the Commissioner that the agency is commercially disadvantaged, in comparison with any competitor in the private sector, by reason that the agency is prevented, by subsection (1) of section 35, from imposing a charge in respect of any of the matters referred to in paragraph (e) or paragraph (f) of that subsection, the Commissioner may authorise that agency to impose a charge in respect of either or both of those matters.
(1A) The Commissioner may authorise a public sector agency to impose a charge in respect of the matter referred to in section 35(1)(e) if the information privacy request is received from, or on behalf of, an individual who:
(a) is residing outside New Zealand; and
(b) is not a New Zealand citizen or a permanent resident of New Zealand.
(2) The Commissioner may impose in respect of any authority granted pursuant to subsection (1) or (1A) such conditions as the Commissioner thinks fit.
(3) The Commissioner may, at any time, revoke any authority granted to an agency pursuant to subsection (1) or (1A), but shall not revoke any such authority without giving the agency an opportunity to be heard.
37.- Urgency
If an individual making an information privacy request asks that his or her request be treated as urgent, that individual shall give his or her reasons why the request should be treated as urgent.
38.- Assistance
It is the duty of every agency to give reasonable assistance to an individual, who:
(a) wishes to make an information privacy request; or
(b) in making such a request, has not made the request in accordance with the requirements of this Act; or
(c) has not made his or her request to the appropriate agency,:
to make a request in a manner that is in accordance with the requirements of this Act or to direct his or her request to the appropriate agency.
39.- Transfer of requests
Where:
(a) an information privacy request is made to an agency or is transferred to an agency in accordance with this section; and
(b) the information to which the request relates:
(i) is not held by the agency but is believed by the person dealing with the request to be held by another agency; or
(ii) is believed by the person dealing with the request to be more closely connected with the functions or activities of another agency,:
the agency to which the request is made shall promptly, and in any case not later than 10 working days after the day on which the request is received, transfer the request to the other agency and inform the individual making the request accordingly.
40.- Decisions on requests
(1) Subject to this Act, the agency to which an information privacy request is made or transferred in accordance with this Act shall, as soon as reasonably practicable, and in any case not later than 20 working days after the day on which the request is received by that agency,:
(a) decide whether the request is to be granted and, if it is to be granted, in what manner and, subject to sections 35 and 36, for what charge (if any); and
(b) give or post to the individual who made the request notice of the decision on the request.
(2) Where any charge is imposed, the agency may require the whole or part of the charge to be paid in advance.
(3) Where an information privacy request is made or transferred to a department, the decision on that request shall be made by the chief executive of that department or an officer or employee of that department authorised by that chief executive, unless that request is transferred in accordance with section 39 to another agency.
(4) Nothing in subsection (3) prevents the chief executive of a department or any officer or employee of a department from consulting a Minister or any other person in relation to the decision that the chief executive or officer or employee proposes to make on any information privacy request made or transferred to the department in accordance with this Act.
41.- Extension of time limits
(1) Where an information privacy request is made or transferred to an agency, the agency may extend the time limit set out in section 39 or section 40(1) in respect of the request if:
(a) the request is for a large quantity of information or necessitates a search through a large quantity of information, and meeting the original time limit would unreasonably interfere with the operations of the agency; or
(b) consultations necessary to make a decision on the request are such that a proper response to the request cannot reasonably be made within the original time limit.
(2) Any extension under subsection (1) shall be for a reasonable period of time having regard to the circumstances.
(3) The extension shall be effected by giving or posting notice of the extension to the individual who made the request within 20 working days after the day on which the request is received.
(4) The notice effecting the extension shall:
(a) specify the period of the extension; and
(b) give the reasons for the extension; and
(c) state that the individual who made the request for the information has the right, under section 67, to make a complaint to the Commissioner about the extension; and
(d) contain such other information as is necessary.
42.- Documents
(1) Where the information in respect of which an information privacy request is made by any individual is comprised in a document, that information may be made available in 1 or more of the following ways:
(a) by giving the individual a reasonable opportunity to inspect the document; or
(b) by providing the individual with a copy of the document; or
(c) in the case of a document that is an article or thing from which sounds or visual images are capable of being reproduced, by making arrangements for the individual to hear or view those sounds or visual images; or
(d) in the case of a document by which words are recorded in a manner in which they are capable of being reproduced in the form of sound or in which words are contained in the form of shorthand writing or in codified form, by providing the individual with a written transcript of the words recorded or contained in the document; or
(e) by giving an excerpt or summary of the contents; or
(f) by furnishing oral information about its contents.
(2) Subject to section 43, the agency shall make the information available in the way preferred by the individual requesting it unless to do so would:
(a) impair efficient administration; or
(b) be contrary to any legal duty of the agency in respect of the document; or
(c) prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest.
(3) Where the information is not provided in the way preferred by the individual requesting it, the agency shall, subject to section 32, give to that individual:
(a) the reason for not providing the information in that way; and
(b) if that individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest.
43.- Deletion of information from documents
(1) Where the information in respect of which an information privacy request is made is comprised in a document and there is good reason for withholding some of the information contained in that document, the other information in that document may be made available by making a copy of that document available with such deletions or alterations as are necessary.
(2) Where a copy of a document is made available under subsection (1), the agency shall, subject to section 32, give to the individual:
(a) the reason for withholding the information; and
(b) if the individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest.
44.- Reason for refusal to be given
Where an information privacy request made by an individual is refused, the agency shall,:
(a) subject to section 32, give to the individual:
(i) the reason for its refusal; and
(ii) if the individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest; and
(b) give to the individual information concerning the individual´s right, by way of complaint under section 67 to the Commissioner, to seek an investigation and review of the refusal.
45.- Precautions
Where an information privacy request is made pursuant to subclause (1)(b) of principle 6, the agency:
(a) shall not give access to that information unless it is satisfied concerning the identity of the individual making the request; and
(b) shall ensure, by the adoption of appropriate procedures, that any information intended for an individual is received:
(i) only by that individual; or
(ii) where the request is made by an agent of the individual, only by that individual or his or her agent; and
(c) shall ensure that, where the request is made by an agent of the individual, the agent has the written authority of that individual to obtain the information or is otherwise properly authorised by that individual to obtain the information.
Part 6.- Codes of practice and exemptions from information privacy principles
Codes of practice
46.- Codes of practice
(1) The Commissioner may from time to time issue a code of practice.
(2) A code of practice may:
(a) modify the application of any 1 or more of the information privacy principles by:
(i) prescribing standards that are more stringent or less stringent than the standards that are prescribed by any such principle;
(ii) exempting any action from any such principle, either unconditionally or subject to such conditions as are prescribed in the code;
(aa) apply any 1 or more of the information privacy principles (but not all of those principles) without modification;
(b) prescribe how any 1 or more of the information privacy principles are to be applied, or are to be complied with.
(3) A code of practice may apply in relation to any 1 or more of the following:
(a) any specified information or class or classes of information;
(b) any specified agency or class or classes of agencies;
(c) any specified activity or class or classes of activities;
(d) any specified industry, profession, or calling or class or classes of industries, professions, or callings.
(4) A code of practice may also:
(a) impose, in relation to any agency that is not a public sector agency, controls in relation to the comparison (whether manually or by means of any electronic or other device) of personal information with other personal information for the purpose of producing or verifying information about an identifiable individual;
(b) in relation to charging under section 35;
(i) set guidelines to be followed by agencies in determining charges;
(ii) prescribe circumstances in which no charge may be imposed;
(c) prescribe procedures for dealing with complaints alleging a breach of the code, but no such provisions may limit or restrict any provision of Part 8 or Part 9;
(d) provide for the review of the code by the Commissioner;
(e) provide for the expiry of the code.
(5) A code of practice may not limit or restrict the circumstances in which an individual is entitled:
(a) under subclause (1)(a) of principle 6, to obtain confirmation of whether or not a public sector agency holds personal information; or
(b) under subclause (1)(b) of principle 6, to have access to personal information held by a public sector agency; or
(c) under principle 7,:
(i) to request the correction of personal information held by a public sector agency; or
(ii) to request that there be attached to any such information a statement of any correction sought but not made.
(6) Notwithstanding the definition of the term individual in section 2(1),:
(a) for the purposes of the issuing under this section of any code of practice relating to health information (whether or not any such code also relates to any other information), principle 11 shall be read as if it applies in respect of health information about any individual, whether living or deceased; and
(b) any code of practice so issued shall have effect under section 53 as if principle 11 so applied, and the provisions of this Act shall apply accordingly.
(7) For the purposes of subsection (6), the term health information has the same meaning as it has in section 22B of the Health Act 1956.
47.- Proposal for issuing of code of practice
(1) Subject to section 48, the Commissioner may issue a code of practice under section 46 on the Commissioner´s own initiative or on the application of any person.
(2) Without limiting subsection (1), but subject to subsection (3), any person may apply to the Commissioner for the issue of a code of practice in the form submitted by the applicant.
(3) An application may be made pursuant to subsection (2) only:
(a) by a body the purpose of which, or one of the purposes of which, is to represent the interests of any class or classes of agency, or of any industry, profession, or calling; and
(b) where the code of practice sought by the applicant is intended to apply in respect of the class or classes of agency, or the industry, profession, or calling, that the applicant represents, or any activity of any such class or classes of agency or of any such industry, profession, or calling.
(4) Where an application is made to the Commissioner pursuant to subsection (2), the Commissioner shall give public notice that the application has been received by the Commissioner, which notice shall contain a statement that:
(a) the details of the code of practice sought by the applicant, including a draft of the proposed code, may be obtained from the Commissioner; and
(b) submissions on the proposed code may be made in writing to the Commissioner within such period as is specified in the notice.
(5) For the purposes of section 48, the publication of a notice under subsection (4) in relation to any proposed code of practice shall be sufficient compliance with the requirements of subsection (1)(a) of that section in relation to the issuing of that code.
48.- Notification of intention to issue code
(1) Subject to section 52, the Commissioner shall not issue a code of practice under section 46 unless:
(a) the Commissioner has given public notice of the Commissioner´s intention to issue the code, which notice shall contain a statement that:
(i) the details of the proposed code, including a draft of the proposed code, may be obtained from the Commissioner; and
(ii) submissions on the proposed code may be made in writing to the Commissioner within such period as is specified in the notice; and
(b) the Commissioner has done everything reasonably possible on his or her part to advise all persons who will be affected by the proposed code, or representatives of those persons, of the proposed terms of the code, and of the reasons for it, has given such persons or their representatives a reasonable opportunity to consider the proposed code and to make submissions on it to the Commissioner, and has considered any such submissions.
(2) The fact that the Commissioner has published in the Gazette a notice under section 49(1) shall be conclusive proof that the requirements of this section have been complied with in respect of the code of practice to which the notice relates.
(3) Nothing in subsection (1) prevents the Commissioner from adopting any additional means of publicising the proposal to issue a code or of consulting with interested parties in relation to such a proposal.
49.- Notification, availability, and commencement of code
(1) Where a code of practice is issued under section 46,:
(a) the Commissioner shall ensure that there is published in the Gazette, as soon as practicable after the code is issued, a notice:
(i) indicating that the code has been issued; and
(ii) showing a place at which copies of the code are available for inspection free of charge and for purchase; and
(b) the Commissioner shall ensure that so long as the code remains in force, copies of the code are available:
(i) for inspection by members of the public free of charge; and
(ii) for purchase by members of the public at a reasonable price.
(2) Every code of practice issued under section 46 shall come into force on the 28th day after the date of its notification in the Gazette or on such later day as may be specified in the code.
50.- Codes deemed to be regulations for purposes of disallowance
All codes of practice issued under section 46 shall be deemed to be regulations for the purposes of the Regulations (Disallowance) Act 1989, but shall not be regulations for the purposes of the Acts and Regulations Publication Act 1989.
51.- Amendment and revocation of codes
(1) The Commissioner may from time to time issue an amendment or revocation of a code of practice issued under section 46.
(2) The provisions of sections 47 to 50 shall apply in respect of any amendment or revocation of a code of practice.
52.- Urgent issue of code
(1) If the Commissioner considers that it is necessary to issue a code of practice under section 46, or to amend or revoke any such code of practice, and that following the procedure set out in section 48 would be impracticable because it is necessary to issue the code or, as the case may be, the amendment or revocation urgently, the Commissioner may issue the code of practice or, as the case may be, the amendment or revocation without complying with those procedures.
(2) Every code of practice, and every amendment or revocation of a code of practice, issued in accordance with this section shall be identified as a temporary code or amendment or revocation, and shall remain in force for such period (not exceeding 1 year after the date of its issue) as is specified for that purpose in the code or, as the case may be, the amendment or the revocation.
(3) Nothing in section 49(2) shall apply in respect of a code of practice, or any amendment or revocation of a code of practice, issued in accordance with this section.
53.- Effect of code
Where a code of practice issued under section 46 is in force,:
(a) the doing of any action that would otherwise be a breach of an information privacy principle shall, for the purposes of Part 8, be deemed not to be a breach of that principle if the action is done in compliance with the code:
(b) failure to comply with the code, even though that failure is not otherwise a breach of any information privacy principle, shall, for the purposes of Part 8, be deemed to be a breach of an information privacy principle.
Specific exemptions
54 Commissioner may authorise collection, use, or disclosure of personal information
(1) The Commissioner may authorise an agency to collect, use, or disclose personal information, even though that collection, use, or disclosure would otherwise be in breach of principle 2 or principle 10 or principle 11, if the Commissioner is satisfied that, in the special circumstances of the case,:
(a) the public interest in that collection or, as the case requires, that use or that disclosure outweighs, to a substantial degree, any interference with the privacy of the individual that could result from that collection or, as the case requires, that use or that disclosure; or
(b) that collection or, as the case requires, that use or that disclosure involves a clear benefit to the individual concerned that outweighs any interference with the privacy of the individual that could result from that collection or, as the case requires, that use or that disclosure.
(2) The Commissioner may impose in respect of any authority granted under subsection (1) such conditions as the Commissioner thinks fit.
(3) The Commissioner shall not grant an authority under subsection (1) in respect of the collection, use, or disclosure of any personal information for any purpose if the individual concerned has refused to authorise the collection or, as the case requires, the use or disclosure of the information for that purpose.
55.- Certain personal information excluded
Nothing in principle 6 or principle 7 applies in respect of:
(a) personal information in the course of transmission by post, telegram, cable, telex, facsimile transmission, electronic mail, or other similar means of communication; or
(b) evidence given or submissions made to:
(i) a Royal Commission; or
(ii) a commission of inquiry appointed by an Order in Council made under the Commissions of Inquiry Act 1908;
at any time before the report of the Royal Commission or commission of inquiry has been published or, in the case of evidence or submissions given or made in the course of a sitting open to the public, at any time before the Royal Commission or commission of inquiry has reported to the Governor-General; or
(c) evidence given or submissions made to a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or
(d) information contained in any correspondence or communication that has taken place between the office of the Ombudsmen and any agency and that relates to any investigation conducted by an Ombudsman under the Ombudsmen Act 1975 or the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, other than information that came into existence before the commencement of that investigation; or
(e) information contained in any correspondence or communication that has taken place between the office of the Commissioner and any agency and that relates to any investigation conducted by the Commissioner under this Act, other than information that came into existence before the commencement of that investigation.
56.- Personal information relating to domestic affairs
Nothing in the information privacy principles applies in respect of:
(a) the collection of personal information by an agency that is an individual; or
(b) personal information that is held by an agency that is an individual;
where that personal information is collected or held by that individual solely or principally for the purposes of, or in connection with, that individual´s personal, family, or household affairs.
57.- Intelligence organisations
Nothing in principles 1 to 5 or principles 8 to 11 applies in relation to information collected, obtained, held, used, or disclosed by, or disclosed to, an intelligence organisation.
Part 7.- Public register personal information
58.- Interpretation
In this Part, unless the context otherwise requires,:
public register means:
(a) any register, roll, list, or other document maintained pursuant to a public register provision:
(b) a document specified in Part 2 of Schedule 2 public register privacy principle means any of the principles set out in section 59 public register provision means a provision specified in the second column of Part 1 of Schedule 2 as a public register provision of an enactment specified in the first column of that Part.
59.- Public register privacy principles
The public register privacy principles are as follows:
Public register privacy principles
Principle 1.- Search references
Personal information shall be made available from a public register only by search references that are consistent with the manner in which the register is indexed or organised.
Principle 2.- Use of information from public registers
Personal information obtained from a public register shall not be re-sorted, or combined with personal information obtained from any other public register, for the purpose of making available for valuable consideration personal information assembled in a form in which that personal information could not be obtained directly from the register.
Principle 3.- Electronic transmission of personal information from register
Personal information in a public register shall not be made available by means of electronic transmission, unless the purpose of the transmission is to make the information available to a member of the public who wishes to search the register.
Principle 4.- Charging for access to public register
Personal information shall be made available from a public register for no charge or for no more than a reasonable charge.
60.- Application of information privacy principles and public register privacy principles to public registers
(1) Subject to subsection (3), the agency responsible for administering any public register shall, in administering that register, comply, so far as is reasonably practicable, with the information privacy principles and the public register privacy principles.
(2) Every person shall, so far as is reasonably practicable, comply with principle 2 of the public register privacy principles.
(3) Where any information privacy principle or any public register privacy principle is inconsistent with any provision of any enactment, then, for the purposes of this Part, that enactment shall, to the extent of the inconsistency, prevail.
61.- Complaints relating to compliance with principles
(1) The Commissioner may, on complaint made to the Commissioner by any person or on the Commissioner´s own initiative, inquire into any public register provision if it appears to the Commissioner that the provision is inconsistent with any of the information privacy principles or any of the public register privacy principles.
(2) On completing any inquiry conducted pursuant to subsection (1), the Commissioner shall report the Commissioner´s findings to the Minister responsible for the administration of the enactment that was the subject of the inquiry, and any such report may include recommendations on the need for, or desirability of, taking any legislative, administrative, or other action to ensure adherence or greater adherence to the information privacy principles or the public register privacy principles, or both.
(3) The Commissioner may, on complaint made to the Commissioner by any person or on the Commissioner´s own initiative, investigate:
(a) the actions of any agency that is responsible for administering any public register if it appears that the agency is not, in the administration of that register, complying with the information privacy principles, or the public register privacy principles, or both;
(b) the actions of any person if it appears that the person is not complying with principle 2 of the public register privacy principles.
(4) On completing any inquiry conducted pursuant to subsection (3), the Commissioner shall report the Commissioner´s findings to the chief administrative officer of the agency whose actions were the subject of the inquiry (or the person whose actions were the subject of the inquiry, in the case of an inquiry to which paragraph (b) of that subsection applies), and any such report may include recommendations on the need for, or desirability of, taking any administrative or other action to ensure adherence or greater adherence to the information privacy principles or the public register privacy principles, or both.
(5) Sections 68, 70, 71, 73, 75, 80, and Part 9 shall apply, so far as applicable and with all necessary modifications, in relation to the making of a complaint pursuant to this section and to any inquiry conducted by the Commissioner pursuant to this section.
62.- Enforceability of principles
The public register privacy principles do not confer on any person any legal right that is enforceable in a court of law.
63.- Codes of practice in relation to public registers
(1) The Commissioner may from time to time issue, in relation to any public register, a code of practice.
(2) A code of practice issued under this section may:
(a) modify the application, in relation to a public register, of any 1 or more of the public register privacy principles, or any 1 or more of the information privacy principles, or both, by:
(i) prescribing standards that are more stringent or less stringent than the standards that are prescribed by any such principle;
(ii) exempting any action from any such principle, either unconditionally or subject to such conditions as are prescribed in the code.
(b) prescribe how any 1 or more of the public register privacy principles, or any 1 or more of the information privacy principles, or both, are to be applied, or are to be complied with:
(c) impose requirements that are not prescribed by any public register privacy principle.
(3) A code of practice issued under this section may also contain provisions:
(a) providing for the review of the code by the Commissioner;
(b) providing for the expiry of the code.
(4) To the extent that any code of practice issued under this section is inconsistent with any provision of any enactment, the code shall, to the extent of the inconsistency, be of no effect. (5) Sections 47 to 52, so far as they are applicable and with all necessary modifications, shall apply with respect to the issue of any code of practice under this section and with respect to any code so issued.
64.- Effect of code
Where a code of practice issued under section 63 is in force:
(a) the doing of any action that would otherwise be a breach of a public register privacy principle or an information privacy principle shall, for the purposes of this Part, be deemed not to be a breach of that principle if the action is done in compliance with the code;
(b) failure to comply with the code, even though that failure is not otherwise a breach of any public register privacy principle, shall, for the purposes of this Part, be deemed to be a breach of a public register privacy principle.
65.- Power to amend Schedule 2 by Order in Council
(1) The Governor-General may from time to time, by Order in Council made on the advice of the responsible Minister given after consultation with the Commissioner, amend Schedule 2 by adding any item.
(2) An Order in Council made under this section may add an item to Part 2 of Schedule 2 only if the item relates to a document that contains personal information and that is held by a public sector agency.
Part 8.- Complaints
Interpretation
66.- Interference with privacy
(1) For the purposes of this Part, an action is an interference with the privacy of an individual if, and only if,:
(a) in relation to that individual,:
(i) the action breaches an information privacy principle; or
(ii) the action breaches a code of practice issued under section 63 (which relates to public registers); or
(iia) the action breaches an information privacy principle or a code of practice as modified by an Order in Council made under section 96J; or
(iib) the provisions of an information sharing agreement approved by an Order in Council made under section 96J have not been complied with; or
(iii) the provisions of Part 10 (which relates to information matching) have not been complied with; and
(b) in the opinion of the Commissioner or, as the case may be, the Tribunal, the action:
(i) has caused, or may cause, loss, detriment, damage, or injury to that individual; or
(ii) has adversely affected, or may adversely affect, the rights, benefits, privileges, obligations, or interests of that individual; or
(iii) has resulted in, or may result in, significant humiliation, significant loss of dignity, or significant injury to the feelings of that individual.
(2) Without limiting subsection (1), an action is an interference with the privacy of an individual if, in relation to an information privacy request made by the individual:
(a) the action consists of a decision made under Part 4 or Part 5 in relation to the request, including:
(i) a refusal to make information available in response to the request; or
(ii) a decision by which an agency decides, in accordance with section 42 or section 43, in what manner or, in accordance with section 40, for what charge the request is to be granted; or
(iii) a decision by which an agency imposes conditions on the use, communication, or publication of information made available pursuant to the request; or
(iv) a decision by which an agency gives a notice under section 32; or
(v) a decision by which an agency extends any time limit under section 41; or
(vi) a refusal to correct personal information; and
(b) the Commissioner or, as the case may be, the Tribunal is of the opinion that there is no proper basis for that decision.
(3) If, in relation to any information privacy request, any agency fails within the time limit fixed by section 40(1) (or, where that time limit has been extended under this Act, within that time limit as so extended) to comply with paragraph (a) or paragraph (b) of section 40(1), that failure shall be deemed, for the purposes of subsection (2)(a)(i) of this section, to be a refusal to make available the information to which the request relates.
(4) Undue delay in making information available in response to an information privacy request for that information shall be deemed, for the purposes of subsection (2)(a)(i), to be a refusal to make that information available.
Complaints
67.- Complaints
(1) Any person may make a complaint to the Commissioner alleging that any action is or appears to be an interference with the privacy of an individual.
(2) A complaint under this Part may be lodged with the Commissioner or an Ombudsman.
(3) On receiving a complaint under this Part, an Ombudsman shall forward the complaint to the Commissioner as soon as practicable.
68.- Mode of complaint
(1) A complaint to the Commissioner may be made either orally or in writing.
(2) A complaint made orally shall be put in writing as soon as practicable.
(3) The Commissioner shall give such reasonable assistance as is necessary in the circumstances to enable an individual, who wishes to make a complaint to the Commissioner, to put the complaint in writing.
Investigations by Commissioner
69.- Investigation of interference with privacy of individual
(1) The functions of the Commissioner under this Part shall be:
(a) to investigate any action that is or appears to be an interference with the privacy of an individual;
(b) to act as conciliator in relation to any such action;
(c) to take such further action as is contemplated by this Part.
(2) The Commissioner may commence an investigation under subsection (1)(a) either on complaint made to the Commissioner or on the Commissioner´s own initiative.
70.- Action on receipt of complaint
(1) On receiving a complaint under this Part, the Commissioner may:
(a) investigate the complaint; or
(b) decide, in accordance with section 71, to take no action on the complaint.
(2) The Commissioner shall, as soon as practicable, advise the complainant and the person to whom the complaint relates of the procedure that the Commissioner proposes to adopt under subsection (1).
71.- Commissioner may decide to take no action on complaint
(1) The Commissioner may in his or her discretion decide to take no action or, as the case may require, no further action, on any complaint if, in the Commissioner´s opinion:
(a) the length of time that has elapsed between the date when the subject matter of the complaint arose and the date when the complaint was made is such that an investigation of the complaint is no longer practicable or desirable; or
(b) the subject matter of the complaint is trivial; or
(c) the complaint is frivolous or vexatious or is not made in good faith; or
(d) the individual alleged to be aggrieved does not desire that action be taken or, as the case may be, continued; or
(e) the complainant does not have a sufficient personal interest in the subject matter of the complaint; or
(f) where:
(i) the complaint relates to a matter in respect of which a code of practice issued under section 46 is in force; and
(ii) the code of practice makes provision for a complaints procedure;
the complainant has failed to pursue, or to pursue fully, an avenue of redress available under that complaints procedure that it would be reasonable for the complainant to pursue; or
(g) there is in all the circumstances an adequate remedy or right of appeal, other than the right to petition the House of Representatives or to make a complaint to an Ombudsman, that it would be reasonable for the individual alleged to be aggrieved to exercise.
(2) Notwithstanding anything in subsection (1), the Commissioner may in his or her discretion decide not to take any further action on a complaint if, in the course of the investigation of the complaint, it appears to the Commissioner that, having regard to all the circumstances of the case, any further action is unnecessary or inappropriate.
(3) In any case where the Commissioner decides to take no action, or no further action, on a complaint, the Commissioner shall inform the complainant of that decision and the reasons for it.
72.- Referral of complaint to Ombudsman
(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of an Ombudsman under the Ombudsmen Act 1975 or the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, the Commissioner shall forthwith consult with the Chief Ombudsman in order to determine the appropriate means of dealing with the complaint.
(2) As soon as practicable after consulting with the Chief Ombudsman under subsection (1), the Commissioner shall determine whether the complaint should be dealt with, in whole or in part, under this Act.
(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Ombudsmen Act 1975 or the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Chief Ombudsman to be dealt with accordingly, and shall notify the complainant of the action that has been taken.
72A.- Referral of complaint to Health and Disability Commissioner
(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of the Health and Disability Commissioner under the Health and Disability Commissioner Act 1994, the Commissioner shall forthwith consult with the Health and Disability Commissioner in order to determine the appropriate means of dealing with the complaint.
(2) As soon as practicable after consulting with the Health and Disability Commissioner under subsection (1), the Commissioner shall determine whether or not the complaint should be dealt with, in whole or in part, under this Act.
(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Health and Disability Commissioner Act 1994, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Health and Disability Commissioner to be dealt with accordingly, and shall notify the complainant of the action that has been taken.
72B.- Referral of complaint to Inspector General of Intelligence and Security
(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of the Inspector General of Intelligence and Security under the Inspector General of Intelligence and Security Act 1996, the Commissioner shall forthwith consult with the Inspector General of Intelligence and Security in order to determine the appropriate means of dealing with the complaint.
(2) As soon as practicable after consulting with the Inspector General of Intelligence and Security under subsection (1), the Commissioner shall determine whether or not the complaint should be dealt with, in whole or in part, under this Act.
(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Inspector General of Intelligence and Security Act 1996, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Inspector General of Intelligence and Security to be dealt with accordingly, and shall notify the complainant of the action that has been taken.
72C.- Referral of complaint to overseas privacy enforcement authority
(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of an overseas privacy enforcement authority, the Commissioner may consult with that authority in order to determine the appropriate means of dealing with the complaint.
(2) As soon as practicable after consulting with the overseas privacy enforcement authority under subsection (1), the Commissioner must determine whether the complaint should be dealt with, in whole or in part, under this Act.
(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, by the overseas privacy enforcement authority, and both the authority and the complainant agree, the Commissioner may refer the complaint or, as the case requires, the appropriate part of the complaint, to the authority to be dealt with.
(4) In this section, overseas privacy enforcement authority or authority means any overseas public body that is responsible for enforcing legislation that protects personal information, and that has the power to conduct investigations and pursue enforcement proceedings.
Proceedings of Commissioner
73.- Proceedings of Commissioner
Before proceeding to investigate any matter under this Part, the Commissioner:
(a) shall inform the complainant (if any), the person to whom the investigation relates, and any individual alleged to be aggrieved (if not the complainant), of the Commissioner´s intention to make the investigation; and
(b) shall inform the person to whom the investigation relates of:
(i) the details of the complaint (if any) or, as the case may be, the subject matter of the investigation; and
(ii) the right of that person to submit to the Commissioner, within a reasonable time, a written response in relation to the complaint or, as the case may be, the subject matter of the investigation.
74.- Settlement of complaints
Where it appears from a complaint, or any written response made in relation to a complaint under section 73(b)(ii), that it may be possible to secure a settlement between any of the parties concerned and, if appropriate, a satisfactory assurance against the repetition of any action that is the subject matter of the complaint or the doing of further actions of a similar kind by the person concerned, the Commissioner may, without investigating the complaint or, as the case may be, investigating the complaint further, use his or her best endeavours to secure such a settlement and assurance.
75.- Parties to be informed of result of investigation
Where any investigation is made following a complaint, the Commissioner shall conduct the investigation with due expedition and shall inform the parties concerned, as soon as reasonably practicable after the conclusion of the investigation and in such manner as the Commissioner thinks proper, of the result of the investigation and of what further action (if any) the Commissioner proposes to take in respect of that complaint.
76.- Compulsory conferences
(1) The Commissioner may call a conference of the parties to a complaint by:
(a) posting to each of them a notice requesting their attendance at a time and place specified; or
(b) such other means as is agreed to by the parties concerned.
(2) The objectives of the conference shall be:
(a) to identify the matters in issue between the parties; and
(b) to try to obtain agreement between the parties on the resolution of those matters.
(3) Where a person fails to comply with a request under subsection (1) to attend a conference, the Commissioner may issue a summons requiring the person to attend a conference at a time and place to be specified in the summons.
(4) Subsections (1), (2), (3), and (5) of section 20 of the Summary Proceedings Act 1957 shall apply to a summons under this section as if it were a witness summons issued under that section.
77.- Procedure after investigation
(1) Where the Commissioner, after making any investigation under this Part, is of the opinion,:
(a) in the case of a complaint, that the complaint has substance, the Commissioner shall use his or her best endeavours to secure a settlement between any parties concerned and, if the Commissioner considers it appropriate, a satisfactory assurance against the repetition of any action that was the subject matter of the investigation or the doing of further actions of a similar kind by the person concerned; or
(b) in any other case, that the matter ought to be proceeded with, the Commissioner shall use his or her best endeavours to secure such an assurance as is referred to in paragraph (a).
(2) If,:
(a) in the circumstances referred to in section 74, the Commissioner is unable to secure such a settlement and assurance as is referred to in that section; or
(b) in the circumstances referred to in paragraph (a) or paragraph (b) of subsection (1), the Commissioner is unable to secure such a settlement and assurance or, as the case may be, such an assurance as is referred to in either of those paragraphs; or
(c) in any case to which section 74 or subsection (1) applies, it appears that the action that was the subject matter of the complaint or, as the case may be, the investigation was done in contravention of such an assurance as is referred to in that section or that subsection, given on a previous occasion, or that any term of such a settlement as is referred to in that section or that subsection, reached on a previous occasion, has not been complied with:
the Commissioner may refer the matter to the Director of Human Rights Proceedings for the purpose of deciding whether proceedings under section 82 should be instituted against the person against whom the complaint was made or in respect of whom the investigation was conducted.
(3) Where a matter is referred to the Director of Human Rights Proceedings under subsection (2), it shall, subject to section 82(3), be for the Director of Human Rights Proceedings to determine, in his or her discretion, both whether a matter justifies the institution of proceedings under section 82 and whether proceedings should be instituted under section 82 in respect of that matter.
78.- Procedure in relation to charging
(1) Notwithstanding anything in section 77, where the Commissioner, after making any investigation under this Part, is of the opinion that a charge fixed in respect of an information privacy request is unreasonable, the Commissioner shall determine the amount of the charge (if any) that may reasonably be imposed in respect of that request.
(2) A determination of the Commissioner under subsection (1) shall be final and binding on the person who made the request and on the agency concerned, and, notwithstanding anything in section 82 or section 83, no proceedings may be brought before the Tribunal under either of those sections in respect of any action of any agency in so far as that action is the subject of a determination made by the Commissioner under subsection (1).
79.- Breaches of certain principles occurring before 1 July 1996
(1) This section applies to any interference with the privacy of an individual involving a breach of any of principles 1, 2, 3, 4, 8, 9, 10, and 11, in any case where the action that constitutes the breach occurs before 1 July 1996.
(2) Notwithstanding anything in this Part, but subject to subsection (3), where:
(a) any complaint is made under this Part; or
(b) any investigation is commenced under this Part; then, in so far as the complaint or investigation relates to an interference with the privacy of an individual (being an interference to which this section applies), the following provisions shall apply;
(c) nothing in section 77(2) or section 77(3) or sections 82 to 89 shall apply in relation to the complaint or the investigation;
(d) the Commissioner may make such recommendations as the Commissioner thinks fit to the agency against which the complaint was made or, as the case requires, in respect of which the investigation was conducted, including (without limitation) a recommendation that the agency develop a code of practice in relation to all or any of its activities:
(e) where the Commissioner makes a recommendation to an agency pursuant to paragraph (d), the Commissioner may request the agency to notify the Commissioner, within a specified time, of the steps (if any) that the agency proposes to take to give effect to the Commissioner´s recommendation.
(3) Nothing in this section applies in relation to any interference with the privacy of an individual involving a breach of any information privacy principle, where the action that breaches the principle constitutes a failure to comply with a code of practice issued under section 46.
80.- Commissioner to report breach of duty or misconduct
If, during or after any investigation, the Commissioner is of the opinion that there is evidence of any significant breach of duty or misconduct on the part of any agency or any officer or employee or member of an agency, the Commissioner shall refer the matter to the appropriate authority.
Special procedure relating to intelligence organisations
81.- Special procedure relating to intelligence organisations
(1) The provisions of this section shall apply in every case where, after making any investigation under this Part in respect of any action of an intelligence organisation, the Commissioner is of the opinion that the action that was the subject matter of the investigation is an interference with the privacy of an individual.
(2) If, in any case to which this section applies, the Commissioner is of the opinion that any steps should be taken by the intelligence organisation in relation to the subject matter of the investigation, the Commissioner shall report his or her opinion, and the reasons for that opinion, to the intelligence organisation, and may make such recommendations as the Commissioner thinks fit.
(3) Where the Commissioner makes a report to an intelligence organisation pursuant to subsection (2), the Commissioner may request the organisation to notify the Commissioner, within a specified time, of the steps (if any) that the organisation proposes to take to give effect to the Commissioner´s recommendations.
(4) If, within a reasonable time after the report is made, no action is taken that seems to the Commissioner to be adequate and appropriate, the Commissioner, in the Commissioner´s discretion, after considering the comments (if any) made by or on behalf of the organisation concerned, may send a copy of the report and recommendations to the Prime Minister.
(5) As soon as practicable after receiving a report under subsection (4), the Prime Minister may lay a copy of all or any part of the report before the House of Representatives.
(6) Nothing in section 76 or section 77 or sections 82 to 89 shall apply in relation to any complaint made under this Part in relation to any action of an intelligence organisation, or in relation to any investigation under this Part into any such action.
Proceedings before Human Rights Review Tribunal
82.- Proceedings before Human Rights Review Tribunal
(1) This section applies to any person:
(a) in respect of whom an investigation has been conducted under this Part in relation to any action alleged to be an interference with the privacy of an individual; or
(b) in respect of whom a complaint has been made in relation to any such action, where conciliation under section 74 has not resulted in a settlement.
(2) Subject to subsection (3), civil proceedings before the Human Rights Review Tribunal shall lie at the suit of the Director of Human Rights Proceedings against any person to whom this section applies in respect of any action of that person that is an interference with the privacy of an individual.
(3) The Director of Human Rights Proceedings shall not take proceedings under subsection (2) against any person to whom this section applies unless the Director of Human Rights Proceedings has given that person an opportunity to be heard.
(4) The Director of Human Rights Proceedings may, under subsection (2), bring proceedings on behalf of a class of individuals, and may seek on behalf of individuals who belong to the class any of the remedies described in section 85, where the Director of Human Rights Proceedings considers that a person to whom this section applies is carrying on a practice which affects that class and which is an interference with the privacy of an individual.
(5) Where proceedings are commenced by the Director of Human Rights Proceedings under subsection (2), the aggrieved individual (if any) shall not be an original party to, or, unless the Tribunal otherwise orders, join or be joined in, any such proceedings.
83.- Aggrieved individual may bring proceedings before Human Rights Review Tribunal
Notwithstanding section 82(2), the aggrieved individual (if any) may himself or herself bring proceedings before the Human Rights Review Tribunal against a person to whom section 82 applies if the aggrieved individual wishes to do so, and:
(a) the Commissioner or the Director of Human Rights Proceedings is of the opinion that the complaint does not have substance or that the matter ought not to be proceeded with; or
(b) in a case where the Director of Human Rights Proceedings would be entitled to bring proceedings, the Director of Human Rights Proceedings:
(i) agrees to the aggrieved individual bringing proceedings; or
(ii) declines to take proceedings.
84.- Remedies that may be sought
In any proceedings before the Human Rights Review Tribunal, the Director of Human Rights Proceedings or the aggrieved individual (as the case may be) may seek such of the remedies described in section 85 as he or she thinks fit.
85.- Powers of Human Rights Review Tribunal
(1) If, in any proceedings under section 82 or section 83, the Tribunal is satisfied on the balance of probabilities that any action of the defendant is an interference with the privacy of an individual, it may grant 1 or more of the following remedies:
(a) a declaration that the action of the defendant is an interference with the privacy of an individual;
(b) an order restraining the defendant from continuing or repeating the interference, or from engaging in, or causing or permitting others to engage in, conduct of the same kind as that constituting the interference, or conduct of any similar kind specified in the order;
(c) damages in accordance with section 88;
(d) an order that the defendant perform any acts specified in the order with a view to remedying the interference, or redressing any loss or damage suffered by the aggrieved individual as a result of the interference, or both;
(e) such other relief as the Tribunal thinks fit.
(2) In any proceedings under section 82 or section 83, the Tribunal may award such costs against the defendant as the Tribunal thinks fit, whether or not the Tribunal makes any other order, or may award costs against the plaintiff, or may decline to award costs against either party.
(3) Where the Director of Human Rights Proceedings is the plaintiff, any costs awarded against him or her shall be paid by the Privacy Commissioner, and the Privacy Commissioner shall not be entitled to be indemnified by the aggrieved individual (if any).
(4) It shall not be a defence to proceedings under section 82 or section 83 that the interference was unintentional or without negligence on the part of the defendant, but the Tribunal shall take the conduct of the defendant into account in deciding what, if any, remedy to grant.
86.- Right of Director of Human Rights Proceedings to appear in proceedings
(1) Whether or not the Director of Human Rights Proceedings is or was a party to the proceedings before the Human Rights Review Tribunal, the Director may appear and be heard, in person or by counsel,:
(a) in any proceedings under this Part before the Human Rights Review Tribunal; and
(b) in relation to any proceedings that are or have been before the Human Rights Review Tribunal under this Part, in any proceedings in a District Court, the High Court, the Court of Appeal, or the Supreme Court.
(2) Where, pursuant to subsection (1), the Director of Human Rights Proceedings appears in any proceedings of a kind described in that subsection, he or she shall, unless those proceedings are by way of appeal, have the right:
(a) to call evidence on any matter (including evidence in rebuttal) that should be taken into account in the proceedings;
(b) to examine, cross-examine, and re-examine witnesses, but shall have no greater rights than parties to the proceedings in respect of the calling of evidence or evidence in rebuttal, or in respect of the examination, cross-examination, and re-examination of witnesses.
(3) Where, pursuant to subsection (1), the Director of Human Rights Proceedings, not being a party to any proceedings before the Tribunal, appears in those proceedings or in any proceedings in any court in relation to those proceedings, the Tribunal or the court, as the case may be, may make such order as it thinks fit:
(a) as to the payment by any party to the proceedings before the Tribunal or the court of the costs incurred by the Director of Human Rights Proceedings in so doing; or
(b) as to the payment by the Director of Human Rights Proceedings of any costs incurred by any of the parties to the proceedings before the Tribunal or the court by reason of the appearance of the Director of Human Rights Proceedings.
(4) Costs ordered to be paid by the Director of Human Rights Proceedings shall be paid by the Privacy Commissioner.
(5) The Privacy Commissioner may appear and be heard in any proceedings in which the Director of Human Rights Proceedings would be entitled to appear and be heard under this section but declines to do so, and, where the Privacy Commissioner so appears, the provisions of this section shall apply accordingly with all necessary modifications.
(6) Nothing in this section limits or affects:
(a) section 85(2); or
(b) any power of a court to award costs in any proceedings to which the Director of Human Rights Proceedings is a party.
87.- Proof of exceptions
Where, by any provision of the information privacy principles or of this Act or of a code of practice issued under section 46 or section 63, conduct is excepted from conduct that is an interference with the privacy of an individual, the onus of proving the exception in any proceedings under this Part lies upon the defendant.
88.- Damages
(1) In any proceedings under section 82 or section 83, the Tribunal may award damages against the defendant for an interference with the privacy of an individual in respect of any 1 or more of the following:
(a) pecuniary loss suffered as a result of, and expenses reasonably incurred by the aggrieved individual for the purpose of, the transaction or activity out of which the interference arose:
(b) loss of any benefit, whether or not of a monetary kind, which the aggrieved individual might reasonably have been expected to obtain but for the interference:
(c) humiliation, loss of dignity, and injury to the feelings of the aggrieved individual.
(1A) Subsection (1) applies subject to subpart 1 of Part 2 of the Prisoners´ and Victims´ Claims Act 2005.
(2) Damages recovered by the Director of Human Rights Proceedings under this section shall be paid to the aggrieved individual on whose behalf the proceedings were brought or, if that individual is a minor who is not married or in a civil union or lacks the capacity to manage his or her own financial affairs, in the discretion of the Director of Human Rights Proceedings to Public Trust.
(3) Where money is paid to Public Trust under subsection (2):
(a) section 12 of the Minors´ Contracts Act 1969 shall apply in the case of a minor who is not married or in a civil union; and
(b) Part 9A of the Protection of Personal and Property Rights Act 1988 shall apply in the case of an individual who lacks the capacity to manage his or her own financial affairs.
89.- Certain provisions of Human Rights Act 1993 to apply
Sections 92Q to 92W and Part 4 of the Human Rights Act 1993 shall apply, with such modifications as are necessary, in respect of proceedings under section 82 or section 83 of this Act as if they were proceedings under section 92B, or section 92E, or section 92H of that Act.
Part 9.- Proceedings of Commissioner
90.- Procedure
(1) Every investigation under Part 8 by the Commissioner shall be conducted in private.
(2) Subject to section 120,:
(a) the Commissioner may hear or obtain information from such persons as the Commissioner thinks fit:
(b) the Commissioner may make such inquiries as the Commissioner thinks fit:
(c) it shall not be necessary for the Commissioner to hold any hearing:
(d) subject to section 73(b), no person shall be entitled as of right to be heard by the Commissioner.
(3) Subject to the provisions of this Act, the Commissioner may regulate his or her procedure in such manner as he or she thinks fit.
91.- Evidence
(1) The Commissioner may summon before him or her and examine on oath any person who in the Commissioner´s opinion is able to give information relevant to an investigation being conducted by the Commissioner under Part 8, or an inquiry being carried out by the Commissioner under section 13(1)(m).
(2) The Commissioner may administer an oath to any person summoned pursuant to subsection (1).
(3) Every examination by the Commissioner under subsection (1) shall be deemed to be a judicial proceeding within the meaning of section 108 of the Crimes Act 1961 (which relates to perjury).
(4) The Commissioner may from time to time, by notice in writing, require any person who in the Commissioner´s opinion is able to give information relevant to an investigation being conducted by the Commissioner under Part 8, or an inquiry being carried out by the Commissioner under section 13(1)(m), to furnish such information, and to produce such documents or things in the possession or under the control of that person, as in the opinion of the Commissioner are relevant to the subject matter of the investigation or inquiry.
(5) Where the attendance of any person is required by the Commissioner under this section, the person shall be entitled to the same fees, allowances, and expenses as if the person were a witness in a court and, for the purpose,:
(a) the provisions of any regulations in that behalf under the Summary Proceedings Act 1957 shall apply accordingly; and
(b) the Commissioner shall have the powers of a court under any such regulations to fix or disallow, in whole or in part, or to increase, any amounts payable under the regulations.
92.- Compliance with requirements of Commissioner
(1) This section applies in every case where, during the course of an investigation under Part 8 of any decision of any agency in relation to an information privacy request, the Commissioner, pursuant to any power conferred on the Commissioner by section 91, requires that agency to furnish or produce to the Commissioner any information or document or thing which relates to that investigation.
(2) In any case to which this section applies, the agency to which the requirement is made shall, subject to section 93, as soon as reasonably practicable, and in no case later than 20 working days after the day on which the requirement is received by the agency, comply with the requirement.
(3) If any agency (being a department or a Minister or an organisation) fails, within the time limit fixed by subsection (2) (or, where that time limit has been extended under section 93, within that time limit as so extended), to comply with any requirement to which subsection (1) applies, the Commissioner may report such failure to the Prime Minister.
93.- Extension of time limit
(1) Where any requirement to which section 92 applies is made to any agency, the agency may extend the time limit set out in subsection (2) of that section in respect of that requirement if:
(a) the requirement relates to, or necessitates a search through, a large quantity of information or a large number of documents or things, and meeting the original time limit would unreasonably interfere with the operations of the agency; or
(b) consultations necessary before the requirement can be complied with are such that the requirement cannot reasonably be complied with within the original time limit; or
(c) the complexity of the issues raised by the requirement are such that the requirement cannot reasonably be complied with within the original time limit.
(2) Any extension under subsection (1) shall be for a reasonable period of time having regard to the circumstances.
(3) The extension shall be effected by giving or posting notice of the extension to the Commissioner within 20 working days after the day on which the requirement is received.
(4) The notice effecting the extension shall:
(a) specify the period of the extension; and
(b) give the reasons for the extension; and
(c) contain such other information as is necessary.
94.- Protection and privileges of witnesses, etc
(1) Except as provided in section 119, every person shall have the same privileges in relation to the giving of information to, the answering of questions put by, and the production of documents and things to, the Commissioner or any employee of the Commissioner as witnesses have in any court.
(1A) Nothing in subsection (1) prevents the Commissioner or any employee of the Commissioner from:
(a) requiring, under section 91, the furnishing of any information or the production of any document or thing which is the subject of a complaint under Part 8 and in respect of which privilege is claimed by any person; and
(b) considering the information or inspecting any such document or thing;
for the purpose of determining whether the information, document, or thing would be properly withheld, but not so as to give the Commissioner or employee any information, or enable the Commissioner or employee to make any use of the information, document, or thing, that he or she would not, apart from this subsection, be entitled to.
(1B) On the production of any information, document, or thing pursuant to subsection (1A), the Commissioner or any employee of the Commissioner:
(a) must not, without the consent of the producer of the information, document, or thing, and of any person who is the subject of the information, document, or thing, release the information, document, or thing, or any information derived from the document or thing, to any person other than:
(i) the producer of the information, document, or thing; or
(ii) any barrister or solicitor engaged by the Commissioner for the purpose of providing legal advice as to whether the information, document, or thing would be properly withheld by that producer under subsection (1); or
(iii) where the Commissioner gives his or her opinion on the claim of privilege to the Director of Human Rights Proceedings under paragraph (b), to the Director of Human Rights Proceedings.
(b) may give his or her opinion only to the parties to the complaint or to the Director of Human Rights Proceedings or to the Human Rights Review Tribunal as to whether or not the claim of privilege is valid;
provided that nothing in this paragraph prevents the Commissioner or any employee of the Commissioner from releasing, either generally or to any particular person, the opinion in a form that does not identify either the producer of the information, document, or thing or any person who is the subject of the information, document, or thing:
(c) must not take into account the information or any information in the document or thing in forming any opinion concerning the release of any other information.
(2) No person shall be liable to prosecution for an offence against any enactment, other than section 127, by reason of that person´s compliance with any requirement of the Commissioner or any employee of the Commissioner under section 91.
95.- Disclosures of information, etc
(1) Subject to subsection (2) and to section 94, any person who is bound by the provisions of any enactment to maintain secrecy in relation to, or not to disclose, any matter may be required to supply any information to, or answer any question put by, the Commissioner in relation to that matter, or to produce to the Commissioner any document or thing relating to it, notwithstanding that compliance with that requirement would otherwise be in breach of the obligation of secrecy or non-disclosure.
(2) Compliance with a requirement of the Commissioner (being a requirement made pursuant to subsection (1)) is not a breach of the relevant obligation of secrecy or non-disclosure or of the enactment by which that obligation is imposed.
(3) Where:
(a) the Prime Minister certifies that the giving of any information, or the production of any document or thing, might prejudice:
(i) the security or defence of New Zealand, or the international relations of the Government of New Zealand; or
(ii) any interest protected by section 7 of the Official Information Act 1982 (which relates to the Cook Islands, Niue, Tokelau, and the Ross Dependency); or
(b) the Attorney-General certifies that the giving of any information, or the production of any document or thing,:
(i) might prejudice the prevention, investigation, or detection of offences; or
(ii) might involve the disclosure of proceedings of Cabinet, or any committee of Cabinet, relating to matters of a secret or confidential nature, and such disclosure would be injurious to the public interest;
neither the Commissioner nor any employee of the Commissioner shall require the information to be given or, as the case may be, the document or thing to be produced.
96.- Proceedings privileged
(1) This section applies to:
(a) the Commissioner; and
(b) every person engaged or employed in connection with the work of the Commissioner.
(2) Subject to subsection (3),:
(a) (Repealed)
(b) no person to whom this section applies shall be required to give evidence in any court, or in any proceedings of a judicial nature, in respect of anything coming to his or her knowledge in the exercise of his or her functions.
(3) Nothing in subsection (2) applies in respect of proceedings for:
(a) an offence against section 78 or section 78A(1) or section 105 or section 105A or section 105B of the Crimes Act 1961; or
(b) the offence of conspiring to commit an offence against section 78 or section 78A(1) or section 105 or section 105A or section 105B of the Crimes Act 1961.
(4) Anything said or any information supplied or any document or thing produced by any person in the course of any inquiry by or proceedings before the Commissioner under this Act shall be privileged in the same manner as if the inquiry or proceedings were proceedings in a court.
(5) For the purposes of clause 3 of Part 2 of Schedule 1 of the Defamation Act 1992, any report made under this Act by the Commissioner shall be deemed to be an official report made by a person holding an inquiry under the authority of the Parliament of New Zealand.
Part 9A.- Information sharing
Subpart 1.- Preliminary matters
96A.- Purpose of Part
(1) The purpose of this Part is to enable the sharing of personal information to facilitate the provision of public services.
(2) To achieve that purpose, this Part:
(a) provides a mechanism for the approval of information sharing agreements for the sharing of information between or within agencies; and
(b) authorises exemptions from or modifications to:
(i) any of the information privacy principles (except principles 6 and 7, which relate respectively to the right to have access to, and correct, personal information):
(ii) any code of practice (except any code of practice that modifies principles 6 and 7); and
(c) reduces any uncertainty about whether personal information can be lawfully shared for the provision of the public services, and in the circumstances, described in approved information sharing agreements.
96B.- Relationship between this Part and other law relating to information sharing
(1) To avoid doubt, nothing in this Part:
(a) limits the collection, use, or disclosure of personal information that is authorised or required by or under any enactment; and
(b) compels agencies to enter into an information sharing agreement if those agencies are already allowed to share personal information:
(i) by or under any other enactment:
(ii) in circumstances where an exemption from or a modification to any 1 or more of the information privacy principles or any code of practice is not required to make the sharing of the information lawful.
(2) Without limiting subsection (1)(a),:
(a) this Part does not limit section 7, 54 or 57; and
(b) this Part and Parts 10 and 11 do not limit one another.
(3) An information sharing agreement may:
(a) duplicate an information sharing provision by providing for an agency to share the same personal information as specified in the information sharing provision:
(i) with the same agencies specified in the information sharing provision; and
(ii) for the same purposes specified in the information sharing provision; or
(b) extend an information sharing provision that is not a restricted information sharing provision by providing for an agency to share the same personal information as specified in the information sharing provision:
(i) with the same agencies specified in the information sharing provision for a purpose not specified in the information sharing provision; or
(ii) with an agency not specified in the information sharing provision for a purpose specified in the information sharing provision; or
(iii) with an agency not specified in the information sharing provision and for a purpose not specified in the information sharing provision; or
(c) duplicate a restricted information sharing provision by providing for an agency to share the same personal information as specified in the restricted information sharing provision:
(i) with the same agencies specified in the restricted information sharing provision; and
(ii) for the same purposes specified in the restricted information sharing provision; or
(d) extend in any manner specified in paragraph (b) a restricted information sharing provision only if:
(i) the restricted information sharing provision is an information matching provision (as defined in section 97); or
(ii) there is express statutory authorisation to do so.
(4) In subsection (3),:
information sharing provision means a provision in any enactment other than this Act that authorises or requires the sharing of personal information by an agency with 1 or more other agencies for 1 or more specified purposes
restricted information sharing provision means an information sharing provision that expressly restricts the purposes for which the personal information may be shared to those purposes specified.
96C.- Interpretation
In this Part, unless the context otherwise requires :
adverse action has the meaning given to it by section 97 and includes a decision to impose a penalty or a fine or to recover a penalty or a fine
approved information sharing agreement means an information sharing agreement approved by an Order in Council that is for the time being in force code of practice means a code of practice issued under section 46
department has the meaning given to it by section 2(1) and also includes:
(a) the New Zealand Police:
(b) the New Zealand Transport Agency
information sharing agreement or agreement means an agreement between or within agencies that enables the sharing of personal information (whether or not the sharing also includes information that is not personal information) to facilitate the provision of a public service
lead agency means a department that enters into an information sharing agreement and is designated as the lead agency in:
(a) the agreement; and
(b) the Order in Council approving the agreement
local authority means a local authority or public body named or specified in Schedule 1 of the Local Government Official Information and Meetings Act 1987
Order in Council, except in sections 96V(3) and 96Z, means an Order in Council made under section 96J(1)
organisation means:
(a) an organisation named in Part 2 of Schedule 1 of the Ombudsmen Act 1975; and
(b) an organisation named in Schedule 1 of the Official Information Act 1982
private sector agency means a non-government agency
public sector agency means a department, an organisation, or a local authority
public service means a public function or duty that is conferred or imposed on a public sector agency:
(a) by or under law; or
(b) by a policy of the Government
relevant Minister means the Minister who, under the authority of any warrant or with the authority of the Prime Minister, is for the time being responsible for a lead agency
sharing, in relation to any information, means all or any of the following if authorised by an approved information sharing agreement:
(a) collecting the information:
(b) storing the information:
(c) checking the information:
(d) using the information:
(e) disclosing the information:
(f) exchanging the information:
(g) if necessary, assigning a unique identifier to an individual.
Subpart 2:Information sharing agreements
Authority for information sharing
96D.- Information sharing between agencies
An approved information sharing agreement may authorise an agency to share any personal information with 1 or more other agencies in accordance with the terms of the agreement.
96E.- Information sharing within agencies
An approved information sharing agreement may authorise a part of an agency to share any personal information with 1 or more parts of the same agency in accordance with the terms of the agreement.
Parties
96F.- Parties to information sharing agreement
(1) Any 2 or more of the following may enter into an information sharing agreement:
(a) a public sector agency:
(b) a private sector agency:
(c) a part of a public sector agency:
(d) a part of a private sector agency.
(2) Subsection (1) is subject to subsections (3) and (4).
(3) An overseas agency may not enter into an information sharing agreement.
(4) At least 1 of the agencies that enters into an information sharing agreement must be:
(a) a public sector agency that is a department; or
(b) part of a public sector agency that is a department.
96G.- Representative parties
(1) An agency that represents the interests of a class of agencies may enter into an information sharing agreement with a department if that agency is:
(a) a public sector agency that is not a department; or
(b) a private sector agency.
(2) If an agreement is proposed to be entered into under subsection (1), any agency (except a department) that is a member of the class of agencies referred to in that subsection may become a party to the agreement by being sufficiently identified in a schedule to the agreement (a Schedule of Parties).
(3) At any time after an agreement has been entered into the lead agency may, with or without the consent of any agency,:
(a) amend the Schedule of Parties to add or remove agencies as parties:
(b) substitute a new Schedule of Parties.
(4) An agency that becomes a party to the agreement under subsection (2) or (3) may, but need not, share or participate in the sharing of any personal information with 1 or more other agencies in accordance with the terms of the agreement.
(5) Unless the context otherwise requires, every reference in this Part to a party to an information sharing agreement includes an agency that becomes a party to an agreement under subsection (2) or (3).
Lead agency
96H.- Determining which party is lead agency
(1) If only 1 public sector agency that is a department enters into an information sharing agreement, it must be designated as the lead agency for the agreement.
(2) If more than 1 public sector agency that is a department enters into an information sharing agreement, the parties to the agreement may agree between themselves which of those public sector agencies is to be designated as the lead agency.
Form and content
96I.- Form and content of information sharing agreement
(1) An information sharing agreement must be in writing.
(2) An information sharing agreement must:
(a) specify with due particularity the purpose of the information sharing agreement:
(b) set out the information referred to in section 96K;
(c) contain an overview of the operational details about the sharing of information under the agreement;
(d) specify the safeguards that will apply to protect the privacy of individuals and ensure that any interference with their privacy is minimised;
(e) if a party to the agreement is a private sector agency, state which public sector agency will be responsible for dealing with complaints about an alleged interference with privacy if the private sector agency is unable to be held to account for those complaints:
(f) state that every party to the agreement must give any reasonable assistance that is necessary in the circumstances to allow the Commissioner or an individual who wishes to make a complaint about an interference with privacy to determine the agency against which the complaint should be made:
(g) if entered into under section 96G,:
(i) identify the party that is a public sector agency or private sector agency representing the interests of a class of agencies; and
(ii) describe that class of agencies; and
(iii) include a schedule that sufficiently identifies the public sector agencies or private sector agencies within that class that are parties to the agreement.
(3) An information sharing agreement may specify any other terms or conditions that the parties may agree, including:
(a) the fees and charges that are payable under the agreement; and
(b) any other business processes relating to the sharing of information under the agreement.
Approval of information sharing agreements
96J.- Governor General may approve information sharing agreement by Order in Council
(1) The Governor-General may, by Order in Council made on the recommendation of the relevant Minister, approve an information sharing agreement.
(2) An Order in Council may grant an exemption from or modify the application of:
(a) any 1 or more of the information privacy principles (except principles 6 and 7):
(b) any code of practice (except any code of practice that modifies principles 6 and 7).
(3) An Order in Council that, under subsection (2), grants an exemption from any 1 or more of the information privacy principles (except principles 6 and 7) or any code of practice (except any code of practice that modifies principles 6 and 7) may provide that the exemption is unconditional or is subject to any conditions that are prescribed in the Order in Council.
(4) An Order in Council that, under subsection (2), modifies the application of any 1 or more of the information privacy principles or any code of practice may do so by prescribing standards that are more stringent or less stringent than the standards that are prescribed by the principle or, as the case may be, the code of practice.
96K.- Requirements for Order in Council
An Order in Council must:
(a) state, if applicable :
(i) the nature of the exemption granted under section 96J(2) and the conditions of the exemption (if any):
(ii) how any of the information privacy principles or any code of practice will be modified under section 96J(2).
(b) state the public service or public services the provision of which the information sharing agreement is intended to facilitate:
(c) specify with due particularity the personal information or the type of personal information to be shared under the agreement:
(d) set out the parties, or classes of parties, to the agreement and designate 1 of the parties as the lead agency;
(e) for every party to the agreement:
(i) describe the personal information or type of personal information that the party may share with each of the other parties; and
(ii) state how the party may use the personal information; and
(iii) state the adverse actions that the party can reasonably be expected to take as a result of sharing personal information under the agreement; and
(iv) specify the procedure that the party must follow before taking adverse action against an individual as a result of sharing personal information under the agreement if the requirement in section 96Q(1) does not apply because of section 96R(a)(ii):
(f) state how a copy of the agreement can be accessed.
96L.- Further provisions about Order in Council
(1) An Order in Council must provide that it comes into force on a date specified in the Order in Council (which must not be a date that is before the date on which it is made).
(2) An Order in Council remains in force until it:
(a) expires on a date appointed in the Order in Council (if any); or
(b) is revoked.
(3) An Order in Council must insert into Schedule 2A:
(a) a description of each of the following:
(i) the information sharing agreement that is approved by the Order in Council;
(ii) the public service or the public services the provision of which the agreement is intended to facilitate;
(iii) the personal information or type of personal information that may be shared between or within the agencies that are party to the agreement; and
(b) the name of the agreement; and
(c) the name of the lead agency for the agreement; and
(d) the Internet site address where a copy of the agreement can be accessed.
96M.- Application of Acts and Regulations Publication Act 1989 and Regulations (Disallowance) Act 1989
An Order in Council is a regulation for the purposes of:
(a) the Acts and Regulations Publication Act 1989; and
(b) the Regulations (Disallowance) Act 1989.
Procedure for recommending Order in Council
96N.- Matters to which relevant Minister must have regard before recommending Order in Council
(1) Before recommending the making of an Order in Council, the relevant Minister must:
(a) be satisfied of the matters set out in subsection (2); and
(b) have regard to any submissions made under section 96O(1)(a) in relation to the information sharing agreement that is proposed for approval by the Order in Council.
(2) The matters referred to in subsection (1)(a) are as follows:
(a) that the information sharing agreement will facilitate the provision of any public service or public services;
(b) that the type and quantity of personal information to be shared under the agreement are no more than is necessary to facilitate the provision of that public service or those public services;
(c) that the agreement does not unreasonably impinge on the privacy of individuals and contains adequate safeguards to protect their privacy;
(d) that the benefits of sharing personal information under the agreement are likely to outweigh the financial and other costs of sharing it;
(e) that any potential conflicts or inconsistencies between the sharing of personal information under the agreement and any other enactment have been identified and appropriately addressed.
96O.- Consultation on proposed information sharing agreement
(1) The agencies proposing to enter into an information sharing agreement must, before the proposed agreement is concluded,:
(a) consult with, and invite submissions on the proposed agreement from,:
(i) the Commissioner; and
(ii) any person or organisation that the agencies consider represents the interests of the classes of individuals whose personal information will be shared under the proposed agreement; and
(iii) any other person or organisation that the agencies consider should be consulted; and
(b) have regard to any submissions made under paragraph (a).
(2) The Commissioner:
(a) must consider the privacy implications of the proposed agreement; and
(b) may make any submissions under subsection (1)(a)(i) that he or she thinks fit.
(3) The agencies must give the relevant Minister a copy of the submissions made under subsection (1)(a) (if any).
Commissioner´s report on approved information sharing agreement
96P.- Commissioner may prepare and publish report on approved information sharing agreement
(1) If an information sharing agreement is approved by Order in Council, the Commissioner may prepare a report to the relevant Minister on any matter relating to privacy that arises or is likely to arise in respect of the agreement.
(2) Without limiting subsection (1), the Commissioner may include in a report under that subsection:
(a) any comment that he or she wishes to make about the consultation that the agencies carried out under section 96O(1)(a); and
(b) any submissions that he or she made to the agencies under section 96O(1)(a)(i).
(3) The Commissioner:
(a) may publish a report under subsection (1); but
(b) must consult the relevant Minister before doing so.
Subpart 3.- Matters relating to operation of approved information sharing agreements
96Q.- Requirement to give notice of adverse action
(1) A party to an approved information sharing agreement must give written notice to an individual before it takes any adverse action against the individual on the basis (whether wholly or in part) of personal information about the individual that was shared under the agreement.
(2) The notice must:
(a) give details of the adverse action that the party proposes to take and the personal information about the individual on which the action is based; and
(b) state that the individual has 10 working days from the receipt of the notice in which to dispute the correctness of that personal information.
(3) To avoid doubt, an individual who is given the notice may take any steps that are available under any enactment to dispute any proposed adverse action against him or her, but he or she may show cause under this section as to why the proposed adverse action should not be taken only on the basis that it is based on incorrect personal information.
96R.- When requirement to give notice of adverse action applies
The requirement to give notice under section 96Q applies unless:
(a) an approved information sharing agreement provides that a party to the agreement may:
(i) give a shorter period of notice than the 10-working-day period referred to in section 96Q(2)(b); or
(ii) dispense with the giving of the notice; or
(b) if an approved information sharing agreement does not provide in the manner specified in paragraph (a), the Commissioner, on the application of a party to an approved information sharing agreement, allows the party in the circumstances of a particular case to:
(i) give a shorter period of notice than the 10-working-day period referred to in section 96Q(2)(b); or
(ii) dispense with the giving of the notice.
Responsibilities of lead agency
96S.- Responsibilities of lead agency
(1) A lead agency for an information sharing agreement must, if the agreement is approved by Order in Council under section 96J(1),:
(a) make a copy of the agreement:
(i) available for inspection, free of charge, at the lead agency´s head office on any working day; and
(ii) accessible, free of charge, on an Internet site maintained by or on behalf of the lead agency; and
(b) prepare a report on the operation of the agreement at the intervals required by the Commissioner under section 96U; and
(c) carry out any other responsibilities imposed by this Part.
(2) A lead agency does not need to comply with subsection (1)(a)(ii) if the relevant Minister designates an Internet site maintained by or on behalf of another public sector agency as the Internet site where a copy of the agreement is to be made accessible free of charge.
(3) To avoid doubt, nothing in this section applies to a party to an information sharing agreement that is not the lead agency except as provided in subsection (2).
96T.- Report of lead agency
(1) A report prepared by a lead agency under section 96S(1)(b) must include the matters prescribed in regulations made under this Act that the Commissioner specifies to the lead agency after having regard to:
(a) the costs of reporting:
(b) the degree of public interest in information about the matters prescribed in those regulations:
(c) the significance of the privacy implications of the approved information sharing agreement.
(2) A report must be included:
(a) in the lead agency´s annual report under the Public Finance Act 1989, if it is required annually; or
(b) in the lead agency´s annual report under the Public Finance Act 1989 that immediately follows the end of each interval specified under section 96U(1)(b).
96U.- Commissioner may specify frequency of reporting by lead agency
(1) The Commissioner may require a lead agency to prepare a report under section 96S(1)(b) either:
(a) annually; or
(b) at less frequent intervals that the Commissioner may specify.
(2) In determining the appropriate frequency in subsection (1) of a report under section 96S(1)(b), the Commissioner must have regard to:
(a) the costs of reporting:
(b) the degree of public interest in information about the matters prescribed in regulations made under this Act:
(c) the significance of the privacy implications of the approved information sharing agreement.
Amendment of approved information sharing agreements
96V.- Amendment of approved information sharing agreement
(1) This section applies if the parties to an approved information sharing agreement amend the agreement (whether in accordance with the Commissioner´s recommendation in a report under section 96X(1) or otherwise).
(2) As soon as practicable after the amendment is made, the lead agency must:
(a) give written notice of the amendment to:
(i) the Commissioner; and
(ii) the relevant Minister; and
(b) make a copy of the amendment:
(i) available for inspection, free of charge, at the lead agency´s head office on any working day; and
(ii) accessible, free of charge, on the Internet site where a copy of the agreement is accessible.
(3) The information sharing agreement approved by Order in Council continues to have effect as if the amendment notified under subsection (2) had not been made unless the Governor-General, by a further Order in Council made on the recommendation of the relevant Minister, approves the agreement as amended by the parties.
(4) Sections 96J to 96P apply, subject to any necessary modifications, to the approval of the agreement as so amended.
(5) Nothing in subsection (2)(a), (3), or (4) applies if the amendment to an approved information sharing agreement relates only to:
(a) the fees and charges payable under the agreement; or
(b) the name or description of a party to the agreement; or
(c) any terms or conditions of the agreement that the lead agency considers, after consulting the Commissioner, do not, or are unlikely to, have any effect on the privacy implications of the agreement.
Review of approved information sharing agreement
96W.- Review of operation of approved information sharing agreement
(1) The Commissioner may, on his or her own initiative, conduct a review of the operation of an approved information sharing agreement:
(a) at the end of a period of 12 months after the Order in Council approving the agreement is made; and
(b) at any time that the Commissioner considers appropriate for any subsequent reviews.
(2) In conducting a review, the Commissioner must:
(a) consult the following about the review:
(i) the parties to the agreement:
(ii) any person or organisation that the Commissioner considers represents the interests of the classes of individuals whose personal information is being shared under the agreement; and
(b) consider any submissions made on the review.
(3) The parties to the agreement must take all reasonable steps to co-operate with the review.
96X.- Report on findings of review
(1) After completing a review under section 96W, the Commissioner may report to the relevant Minister if he or she has reasonable grounds to suspect that an approved information sharing agreement is:
(a) operating in an unusual or unexpected way (that is, in a way that was not foreseen by the Commissioner or the parties to the agreement at the time the agreement was entered into);
(b) failing to facilitate the provision of the public service or public services to which it relates;
(c) unreasonably impinging on the privacy of individuals;
(d) operating in such a way that the costs of sharing personal information under the agreement outweigh the benefits of sharing it.
(2) The Commissioner may recommend in the report that:
(a) the parties to the agreement should amend it in 1 or more material respects; or
(b) the Order in Council by which the agreement was approved should be revoked.
96Y.- Relevant Minister must present to House of Representatives copy of report under section 96X(1) and report setting out Government´s response
The relevant Minister must:
(a) present a copy of a report under section 96X(1) to the House of Representatives within 5 working days after receiving it from the Commissioner or, if Parliament is not in session, as soon as possible after the commencement of the next session of Parliament; and
(b) as soon as possible after complying with paragraph (a), present a report to the House of Representatives setting out the Government´s response to the report under section 96X(1).
Subpart 4.- Miscellaneous
96Z.- Power to amend Schedule 2A
(1) Without limiting the matters that an Order in Council made under section 96J must insert into Schedule 2A in accordance with section 96L(3), the Governor-General may, by Order in Council,:
(a) make any amendments to Schedule 2A that are required:
(i) to recognise the abolition or dissolution of any agency that is party to an approved information sharing agreement or any change in the name of such an agency; or
(ii) to reflect any change in the Internet site address where a copy of an approved information sharing agreement can be accessed; or
(iii) to reflect any amendments to an approved information sharing agreement that are approved under section 96V; or
(iv) to correct any error or omission in any description in that schedule;
(b) remove any description or matter in Schedule 2A, including all of the descriptions or matters relating to an approved information sharing agreement if the Order in Council by which it was approved has expired or has been revoked:
(c) otherwise amend or replace Schedule 2A.
(2) To avoid doubt, any of the matters set out in this section may be included in an Order in Council made under section 96J or in a separate Order in Council made under this section.
Part 10.- Information matching
Interpretation
97.- Interpretation
In this Part, unless the context otherwise requires:
adverse action means any action that may adversely affect the rights, benefits, privileges, obligations, or interests of any specific individual; and, without limiting the generality of the foregoing, includes any decision:
(a) to cancel or suspend any monetary payment;
(b) to refuse an application for a monetary payment;
(c) to alter the rate or amount of a monetary payment;
(d) to recover an overpayment of a monetary payment;
(e) to make an assessment of the amount of any tax, levy, or other charge, or of any contribution, that is payable by any individual, or to alter any such assessment;
(f) to investigate the possible commission of an offence;
(g) to make a deportation order in relation to the individual, to serve the individual with a deportation liability notice, or to deport the individual from New Zealand
authorised information matching information in relation to any specified agency, means information that consists of or includes information disclosed pursuant to an information matching provision
authorised information matching programme means the comparison (whether manually or by means of any electronic or other device) of authorised information matching information with other personal information for the purpose of producing or verifying information about an identifiable individual
discrepancy, in relation to an authorised information matching programme, means a result of that programme that warrants the taking of further action by any agency for the purpose of giving effect to the objective of the programme
information matching programme means the comparison (whether manually or by means of any electronic or other device) of any document that contains personal information about 10 or more individuals with 1 or more other documents that contain personal information about 10 or more individuals, for the purpose of producing or verifying information that may be used for the purpose of taking adverse action against an identifiable individual
information matching provision means any provision specified in the second column of Schedule 3 as an information matching provision of an enactment specified in the first column of that schedule
information matching rules means the rules for the time being set out in Schedule 4
monetary payment includes:
(a) a benefit within the meaning of section 3(1) of the Social Security Act 1964:
(b) a lump sum payable under section 61DB or section 61DC or section 61DD of that Act:
(c) any special assistance granted out of a Crown Bank Account from money appropriated by Parliament under section 124(1)(d) or (da) of that Act:
(d) any monetary entitlement payable under Part 4, Part 10, or Part 11 of the Accident Compensation Act 2001
specified agency means any of the following agencies:
(a) the Accident Compensation Corporation;
(aa) the Regulator, as defined by Part 10 of the Accident Compensation Act 2001;
(b) the Electoral Commission established by section 4B of the Electoral Act 1993;
(ba) the company within the meaning of section 2(1) of the Housing Restructuring and Tenancy Matters Act 1992;
(bb) the Board of the Government Superannuation Fund Authority;
(bc) the Board of Trustees of the National Provident Fund;
(bd) the Ministry of Health;
(c) the Ministry of Justice;
(d) the Department of Corrections;
(e) the Department of Labour;
(f) the department for the time being responsible for the administration of the Social Security Act 1964;
(fa) the Housing New Zealand Corporation established (as the Housing Corporation of New Zealand) by section 3(1) of the Housing Corporation Act 1974;
(g) the Inland Revenue Department;
(ga) the Ministry of Transport;
(gb) the New Zealand Transport Agency;
(gc) the Department of Internal Affairs;
(gd) the Registrar-General appointed under section 79(1) of the Births, Deaths, Marriages, and Relationships Registration Act 1995;
(h) the New Zealand Customs Service;
(ha) the Registrar of Motor Vehicle Traders;
(i) the Regulator, as defined in the Accident Insurance Act 1998;
(j) any tertiary institution, secondary school, or private training establishment (as those terms are defined in the Education Act 1989) to which section 226A or section 238B of that Act applies, as from time to time notified to the Commissioner by the department for the time being responsible for the administration of the Social Security Act 1964;
(k) the Ministry of Education;
(l) the New Zealand Teachers Council established under Part 10A of the Education Act 1989.
Information matching guidelines
98.- Information matching guidelines
The following matters are the matters referred to in section 13(1)(f) to which the Commissioner shall have particular regard, in examining any proposed legislation that makes provision for the collection of personal information by any public sector agency, or the disclosure of personal information by one public sector agency to any other public sector agency, in any case where the Commissioner considers that the information might be used for the purposes of an information matching programme:
(a) whether or not the objective of the programme relates to a matter of significant public importance;
(b) whether or not the use of the programme to achieve that objective will result in monetary savings that are both significant and quantifiable, or in other comparable benefits to society;
(c) whether or not the use of an alternative means of achieving that objective would give either of the results referred to in paragraph (b);
(d) whether or not the public interest in allowing the programme to proceed outweighs the public interest in adhering to the information privacy principles that the programme would otherwise contravene;
(e) whether or not the programme involves information matching on a scale that is excessive, having regard to:
(i) the number of agencies that will be involved in the programme; and
(ii) the amount of detail about an individual that will be matched under the programme.
(f) whether or not the programme will comply with the information matching rules.
Authorised information matching programmes
99.- Information matching agreements
(1) No personal information held by any specified agency shall be disclosed, pursuant to an information matching provision, to any other specified agency for the purposes of an authorised information matching programme except pursuant to a written agreement between those agencies.
(2) Every such agreement shall incorporate provisions that reflect the information matching rules, or provisions that are no less onerous than those rules, and the agencies that are parties to the agreement shall comply with those provisions.
(3) Any such agreement may provide that the agencies involved in the information matching programme may charge each other fees for the services provided for the purposes of the programme.
(4) The parties to an agreement entered into pursuant to this section shall ensure that a copy of the agreement, and of any amendments subsequently made to such an agreement, are forwarded to the Commissioner forthwith.
100.- Use of results of information matching programme
(1) Subject to any other enactment or rule of law that limits or restricts the information that may be taken into account in taking adverse action against an individual, any specified agency that is involved in an authorised information matching programme may take adverse action against an individual on the basis of any discrepancy produced by that programme.
(2) Nothing in subsection (1) shall be taken to limit or restrict the use that may lawfully be made, by any specified agency, of any information produced by an authorised information matching programme.
101.- Further provisions relating to results of information matching programme
(1) Notwithstanding anything in section 100, where:
(a) a specified agency derives or receives information produced by an authorised information matching programme; and
(b) as a result of deriving or receiving that information, the agency becomes aware of a discrepancy;
that agency shall destroy that information not later than the expiration of the period of 60 working days after the agency becomes aware of that discrepancy unless, before the expiration of that period, the agency has considered that information and made a decision to take adverse action against any individual on the basis of that discrepancy.
(2) Any adverse action commenced by a specified agency in accordance with subsection (1) shall be commenced not later than 12 months from the date on which the information was derived or received by the agency.
(3) Where a specified agency decides not to take adverse action against any individual on the basis of information produced by an authorised information matching programme, the agency shall as soon as practicable destroy the information.
(4) When information produced by an authorised information matching programme is no longer needed by a specified agency for the purposes of taking any adverse action against any individual, the agency shall as soon as practicable destroy the information.
(5) Nothing in this section applies in relation to the Inland Revenue Department.
102.- Extension of time limit
Where a specified agency derives or receives information produced by an authorised information matching programme, the Commissioner may, either generally or in respect of any case or class of cases, extend the time limit set out in section 101 in respect of that information if the Commissioner is satisfied that,:
(a) because of the large quantity of information so derived or received by the agency; or
(b) because of the complexity of the issues involved; or
(c) for any other reason;
the agency cannot reasonably be required to meet the time limit.
103.- Notice of adverse action proposed
(1) Subject to subsections (1A) to (2A) and to section 180C(1) of the Corrections Act 2004, a specified agency shall not take adverse action against any individual on the basis (whether wholly or in part) of a discrepancy produced by an authorised information matching programme:
(a) unless that agency has given that individual written notice:
(i) specifying particulars of the discrepancy and of the adverse action that it proposes to take; and
(ii) stating that the individual has 5 working days from the receipt of the notice in which to show cause why the action should not be taken; and
(b) until the expiration of those 5 working days.
(1A) Nothing in subsection (1) shall prevent the department for the time being responsible for the administration of the Social Security Act 1964 from immediately suspending a sickness, training, unemployment, independent youth, or emergency benefit, or a job search allowance, paid to an individual where the discrepancy arises in respect of departure information supplied to that department pursuant to section 280 of the Customs and Excise Act 1996, and where, before or immediately after the decision to suspend, the department gives the individual written notice:
(a) specifying particulars of the discrepancy and the suspension of benefit, and any other adverse action the department proposes to take; and
(b) stating that the individual has 5 working days from the receipt of the notice to show cause why the benefit ought not to have been suspended or why the adverse action should not be taken, or both, and the adverse action shall not be taken until the expiration of those 5 working days.
(1B) Nothing in subsection (1) prevents the Commissioner of Inland Revenue from immediately suspending payment to an individual of all or part of an interim instalment of a credit of tax under subparts MA to MF and MZ of the Income Tax Act 2007 when a discrepancy is identified in information supplied to the Commissioner under section 85G of the Tax Administration Act 1994 if, before or immediately after the decision to suspend, the Commissioner gives a written notice to the individual that:
(a) provides details of the discrepancy and the suspension of payment of the credit of tax and any other adverse action which the Commissioner proposes to take; and
(b) states that the individual has 5 working days from the receipt of the notice to show cause why payment of the credit of tax ought not to have been suspended or why the adverse action should not be taken, or both, and the other adverse action must not be taken until expiration of those 5 working days.
(1C) Nothing in subsection (1) prevents the Commissioner of Inland Revenue from immediately taking action to recover amounts relating to:
(a) unpaid amounts owed to the Commissioner by an individual who is in serious default identified in information supplied to the Commissioner under section 280H of the Customs and Excise Act 1996; or
(b) financial support under the Child Support Act 1991 owed to the Commissioner by an individual who is identified in information supplied to the Commissioner under section 280K or 280L of the Customs and Excise Act 1996.
(2) Nothing in subsection (1) or subsection (1A) or subsection (1B) prevents an agency from taking adverse action against an individual if compliance with the requirements of that subsection would prejudice any investigation into the commission of an offence or the possible commission of an offence.
(2A) Nothing in subsection (1) prevents any constable or any bailiff from immediately executing a warrant to arrest an individual in respect of the non-payment of the whole or any part of a fine if the discrepancy arises in respect of arrival and departure information supplied under section 280D of the Customs and Excise Act 1996 and if, before executing the warrant, the individual concerned is:
(a) informed of the intention to execute the warrant; and
(b) given an opportunity to confirm:
(i) whether or not he or she is the individual named in the warrant; and
(ii) that neither of the following circumstances applies.
(A) the fine has been paid;
(B) an arrangement to pay the fine over time has been entered into.
(3) Every notice required to be given to any individual under subsection (1) or subsection (1A) or subsection (1B) may be given by delivering it to that individual, and may be delivered:
(a) personally; or
(b) by leaving it at that individual´s usual or last known place of residence or business or at the address specified by that individual in any application or other document received from that individual; or
(c) by posting it in a letter addressed to that individual at that place of residence or business or at that address.
(4) If any such notice is sent to any individual by post, then in the absence of proof to the contrary, the notice shall be deemed to have been delivered to that individual on the fourth day after the day on which it was posted, and in proving the delivery it shall be sufficient to prove that the letter was properly addressed and posted.
(5) In this section,:
amount of reparation has the same meaning as in section 79 of the Summary Proceedings Act 1957
bailiff means a bailiff of the District Court or of the High Court
fine means:
(a) a fine within the meaning of section 79 of the Summary Proceedings Act 1957;
(b) a fine to which section 19 of the Crimes Act 1961 applies;
(c) a fine to which section 43 or 45 of the Misuse of Drugs Amendment Act 1978 applies;
(d) a fine to which section 28I of the District Courts Act 1947 applies;
(e) any amount payable under section 138A(1) of the Sentencing Act 2002
104.- Reporting requirements
(1) Every specified agency that is involved in an authorised information matching programme shall make such reports to the Commissioner in respect of that programme as the Commissioner may from time to time require.
(2) Without limiting the generality of subsection (1), the matters on which the Commissioner may require any agency to submit a report include the following:
(a) the actual costs and benefits of an authorised information matching programme:
(b) any difficulties experienced in the operation of an authorised information matching programme, and how those difficulties are being, or have been, overcome:
(c) whether or not internal audits or other forms of assessment are undertaken by an agency in relation to an authorised information matching programme, and, if so, the results of those audits or assessments:
(d) where an agency dispenses with the giving of notice under section 103, the reasons why such a dispensation is made, and the grounds in support of those reasons:
(e) the details of the operation of an authorised information matching programme, including:
(i) the number of matches undertaken;
(ii) the proportion of matches that revealed discrepancies in information involved in the matching;
(iii) the number of discrepancies so revealed;
(iv) the proportion of cases in which action was taken as a result of such discrepancies;
(v) the number of cases in which such action was taken;
(vi) the number of cases in which such action was taken even though the accuracy of the discrepancy was challenged;
(vii) the proportion of cases in which such action did not proceed after the individual concerned was notified of the discrepancy;
(viii) the number of cases in which action taken as a result of a discrepancy was successful;
(f) such other matters as the Commissioner considers relevant.
105.- Information matching programmes to be reported on in annual report
(1) The Commissioner shall include in every annual report of the Commissioner under section 150 of the Crown Entities Act 2004, in relation to each authorised information matching programme that is carried out (in whole or in part) during the year to which the report relates,:
(a) an outline of the programme; and
(b) an assessment of the extent of the programme´s compliance, during that year, with:
(i) sections 99 to 103; and
(ii) the information matching rules; and
(c) the details of each extension granted under section 102, the reasons why the extension was granted, and the grounds in support of those reasons; and
(d) the details of each approval given, during that year, under clause 3 of Schedule 4, the reasons why the approval was given, and the grounds in support of those reasons.
(2) Nothing in subsection (1) requires the Commissioner to include in any annual report, in respect of any authorised information matching programme, any information the disclosure of which would be likely to frustrate the objective of the programme.
(3) For the purposes of carrying out any assessment required by subsection (1)(b), Part 9 shall apply, with such modifications as are necessary, as if the assessment were an investigation under Part 8.
106.- Review of statutory authorities for information matching
(1) As soon as practicable after 1 January 1994, and then at intervals of not more than 5 years, the Commissioner shall:
(a) review the operation of every information matching provision since:
(i) 19 December 1991 (in the case of the first review carried out under this paragraph); or
(ii) the date of the last review carried out under this paragraph (in the case of every subsequent review); and
(b) consider whether or not, in the Commissioner´s opinion:
(i) the authority conferred by the information matching provision should be continued; and
(ii) any amendments to the provision are necessary or desirable; and
(c) report the Commissioner´s findings to the responsible Minister.
(2) As soon as practicable after receiving a report from the Commissioner under subsection (1)(c), the responsible Minister shall lay a copy of that report before the House of Representatives.
107.- Amendment of information matching rules
(1) For the purposes of this Part, the Governor-General may from time to time, by Order in Council, make such amendments to Schedule 4 as the Governor-General thinks fit.
(2) The power conferred by subsection (1) includes the power to revoke Schedule 4 and substitute a new schedule.
(3) No order that amends Schedule 4 shall be made otherwise than in accordance with the recommendations of the Commissioner.
Avoidance of controls on information matching
108.- Avoidance of controls on information matching through use of exceptions to information privacy principles
Where the collection or disclosure of information is authorised by an information matching provision, nothing in subclause (2)(d)(i) of principle 2 or paragraph (e)(i) of principle 11 authorises or permits the collection or disclosure of that information for the purposes of:
(a) any authorised information matching programme; or
(b) any information matching programme the objective of which is similar in nature to any authorised information matching programme.
109.- Avoidance of controls on information matching through use of official information statutes
Notwithstanding anything in the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, no public sector agency shall disclose pursuant to either of those enactments, to any other public sector agency, any personal information if the sole or principal purpose for which that information is sought is for use in an information matching programme.
Part 11.- Law enforcement information
110.- Interpretation
In this Part, unless the context otherwise requires,:
accessing agency means any public sector agency for the time being specified in Schedule 5 as an agency to which law enforcement information held by a holder agency is available
holder agency means any public sector agency for the time being specified in Schedule 5 as an agency the records of which are available to an accessing agency or agencies
law enforcement information means any information that:
(a) is about an identifiable individual; and
(b) is specified in Schedule 5
local authority means a local authority or public body named or specified in Schedule 1 or Schedule 2 of the Local Government Official Information and Meetings Act 1987.
111.- Access by accessing agencies to law enforcement information
An accessing agency may have access to law enforcement information held by a holder agency if such access is authorised by the provisions of Schedule 5.
112.- Local authorities may be authorised to have access to law enforcement information
(1) The responsible Minister may from time to time, by notice in the Gazette, authorise any local authority to have access to law enforcement information held by a holder agency, where access to that information by a local authority is permitted by the provisions of Schedule 5.
(2) Any authority may be granted under subsection (1) subject to such terms and conditions as the responsible Minister thinks fit and specifies in the notice.
(3) Any notice under subsection (1) may be in like manner amended or revoked at any time.
(4) Any notice given under section 4E of the Wanganui Computer Centre Act 1976 and in force immediately before the commencement of this section shall be deemed to have been given under this section.
113.- Amendment of Schedule 5
(Expired)
114.- Expiry of power to amend Schedule 5 by Order in Council
Section 113 shall expire on 1 July 1997, but the expiration of that section shall not affect the validity of any Order in Council that has been made under that section and that is in force immediately before that date.
Part 11A.- Transfer of personal information outside New Zealand
114A.- Interpretation
In this Part, unless the context otherwise requires,:
OECD Guidelines means the Organisation for Economic Co-operation and Development Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data
State includes any State, territory, province, or other part of a country
transfer prohibition notice means a notice given under section 114B prohibiting the transfer of personal information from New Zealand to another State.
114B.- Prohibition on transfer of personal information outside New Zealand
(1) The Commissioner may prohibit a transfer of personal information from New Zealand to another State if the Commissioner is satisfied, on reasonable grounds, that:
(a) the information has been, or will be, received in New Zealand from another State and is likely to be transferred to a third State where it will not be subject to a law providing comparable safeguards to this Act; and
(b) the transfer would be likely to lead to a contravention of the basic principles of national application set out in Part Two of the OECD Guidelines and set out in Schedule 5A.
(2) In determining whether to prohibit a transfer of personal information, the Commissioner must also consider, in addition to the matters set out in subsection (1) and section 14, the following:
(a) whether the transfer affects, or would be likely to affect, any individual; and
(b) the general desirability of facilitating the free flow of information between New Zealand and other States; and
(c) any existing or developing international guidelines relevant to transborder data flows, including (but not limited to):
(i) the OECD Guidelines:
(ii) the European Union Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.
(3) Subsection (1) does not apply if the transfer of the information, or the information itself, is:
(a) required or authorised by or under any enactment; or
(b) required by any convention or other instrument imposing international obligations on New Zealand.
114C.- Commissioner´s power to obtain information
(1) To enable the Commissioner to determine whether to prohibit a transfer of personal information, the Commissioner may hear or obtain information from such persons as the Commissioner considers necessary, and for this purpose Part 9 applies as if the Commissioner were carrying out an inquiry under section 13(1)(m).
(2) In exercising his or her powers under subsection (1), the Commissioner may regulate his or her procedure in such manner as the Commissioner thinks fit.
114D.- Transfer prohibition notice
(1) A prohibition under section 114B(1) is to be effected by the service of a transfer prohibition notice on the agency proposing to transfer the personal information concerned.
(2) A transfer prohibition notice must:
(a) state the name of the agency to whom it relates; and
(b) describe the personal information concerned; and
(c) state that the transfer of the personal information concerned from New Zealand to a specified State is prohibited either:
(i) absolutely; or
(ii) until the agency has taken the steps stated in the notice to protect the interests of any individual or individuals affected by the transfer; and
(d) state the time when the notice takes effect; and
(e) state the ground for the prohibition; and
(f) state that the agency on whom the notice is served may lodge an appeal against the notice to the Human Rights Review Tribunal, and the time within which the appeal must be lodged.
(3) The time when the notice takes effect under subsection (2)(d) must not be before the end of the period within which an appeal against the notice can be lodged.
(4) If an appeal is brought, the notice does not take effect pending the determination or withdrawal of the appeal.
(5) If the Commissioner, by reason of special circumstances, considers that the prohibition should take effect as a matter of urgency in relation to all or any part of the notice,:
(a) subsections (3) and (4) do not apply; and
(b) the notice takes effect on the sixth working day after the date on which the notice is served; and
(c) the notice must include:
(i) a statement that the Commissioner considers that the prohibition must take effect as a matter of urgency; and
(ii) a statement of the reasons why the Commissioner has reached that conclusion.
114E.- Commissioner may vary or cancel notice
(1) If, at any time, the Commissioner considers that all or any of the provisions of a transfer prohibition notice served on an agency need not be complied with in order to avoid a contravention of basic principles of privacy or data protection, the Commissioner may vary or cancel the transfer prohibition notice by serving notice to that effect on the agency concerned.
(2) An agency on whom a transfer prohibition notice has been served may, at any time after the end of the period during which an appeal under section 114G(1)(a) can be lodged, apply in writing to the Commissioner for the notice to be varied or cancelled under subsection (1).
(3) The Commissioner must, within 20 working days after the date on which an application under subsection (2) is received, notify the agency of:
(a) his or her decision; and
(b) his or her reasons, if the application is refused.
(4) If the Commissioner exercises his or her discretion under subsection (1), the variation or cancellation of the transfer prohibition notice takes effect on the day after the date on which notice of the Commissioner´s decision to vary or cancel the transfer prohibition notice is served.
114F.- Offence in relation to transfer prohibition notice
Every person who, without reasonable excuse, fails or refuses to comply with a transfer prohibition notice commits an offence and is liable on summary conviction to a fine not exceeding $10,000.
114G.- Appeals against transfer prohibition notice
(1) An agency on whom a transfer prohibition notice is served may appeal to the Human Rights Review Tribunal:
(a) against the whole or any part of the notice; or
(b) if the notice contains a statement by the Commissioner in accordance with section 114D(5)(c), against the decision to include that statement in respect of all or any part of the notice; or
(c) against the decision of the Commissioner to vary the notice in accordance with section 114E(1); or
(d) against the refusal of an application under section 114E(2) to vary or cancel the notice.
(2) An appeal under subsection (1) must be lodged:
(a) in the case of an appeal under subsection (1)(a) or (b), within 15 working days from the date on which the transfer prohibition notice was served on the agency concerned:
(b) in the case of an appeal under subsection (1)(c) or (d), within 15 working days from the date on which notice of the decision or refusal was served on the agency concerned.
(3) The Tribunal must allow an appeal or substitute any other decision or notice that could have been made or served by the Commissioner if it considers that:
(a) the decision or notice against which the appeal is brought is not in accordance with the law; or
(b) to the extent that the decision or notice involved an exercise of discretion by the Commissioner, the Commissioner ought to have exercised his or her discretion differently.
(4) The Tribunal may review any determination of fact on which the decision or notice in question was based.
(5) On any appeal under subsection (1)(b), the Tribunal may:
(a) direct:
(i) that the notice in question must have effect as if it did not contain the statement that is mentioned in the notice; or
(ii) that the inclusion of the statement must not have effect in relation to any part of the notice; and
(b) make any modifications required to give effect to that direction.
114H.- Application of Human Rights Act 1993
Section 87 and Part 4 of the Human Rights Act 1993 apply, with all necessary modifications (if any), in relation to proceedings under section 114G as if they were proceedings under that Act.
Part 12.- Miscellaneous provisions
General
115.- Protection against certain actions
(1) Where any personal information is made available in good faith pursuant to principle 6,:
(a) no proceedings, civil or criminal, shall lie against the Crown or any other person in respect of the making available of that information, or for any consequences that follow from the making available of that information; and
(b) no proceedings, civil or criminal, in respect of any publication involved in, or resulting from, the making available of that information shall lie against the author of the information or any other person by reason of that author or other person having supplied the information to an agency.
(2) The making available of, or the giving of access to, any personal information in consequence of a request made under principle 6 shall not be taken, for the purposes of the law relating to defamation or breach of confidence or infringement of copyright, to constitute an authorisation or approval of the publication of the document or of its contents by the individual to whom the information is made available or the access is given.
116.- Commissioner and staff to maintain secrecy
(1) Every person to whom section 96 applies shall maintain secrecy in respect of all matters that come to that person´s knowledge in the exercise of that person´s functions under this Act.
(2) Notwithstanding anything in subsection (1), the Commissioner may disclose such matters as in the Commissioner´s opinion ought to be disclosed for the purposes of giving effect to this Act.
(3) Except where it is necessary to do so for the purposes of referring a matter to the Director of Human Rights Proceedings pursuant to section 77(2), the power conferred by subsection
(2) of this section shall not extend to:
(a) any matter that might prejudice:
(i) the security, defence, or international relations of New Zealand (including New Zealand´s relations with the government of any other country or with any international organisation); or
(ii) any interest protected by section 7 of the Official Information Act 1982; or
(iii) the prevention, investigation, or detection of offences; or
(b) any matter that might involve the disclosure of the deliberations of Cabinet; or
(c) any information, answer, document, or thing obtained by the Commissioner by reason only of compliance with a requirement made pursuant to section 95(1).
117.- Consultation with Ombudsmen
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with an Ombudsman in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation:
(a) for the purposes of making a determination under section 72:
(b) in relation to any matter arising out of or in the course of an investigation under Part 8:
(c) in relation to any matter relating to privacy, whether or not the matter arises out of a particular complaint made under Part 8;
and, for the purposes of any such consultation, the Commissioner may disclose to an Ombudsman such information as the Commissioner considers necessary for that purpose.
117A.- Consultation with Health and Disability Commissioner
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Health and Disability Commissioner under the Health and Disability Commissioner Act 1994 in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation:
(a) for the purposes of making a determination under section 72A:
(b) in relation to any matter arising out of or in the course of an investigation under Part 8:
(c) in relation to any matter that is within the jurisdiction of the Health and Disability Commissioner, whether or not the matter arises out of a particular complaint made under Part 8;
and, for the purposes of any such consultation, the Commissioner may disclose to the Health and Disability Commissioner such information as the Commissioner considers necessary for that purpose.
117B.- Consultation with Inspector General of Intelligence and Security
Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Inspector General of Intelligence and Security under the Inspector General of the Intelligence and Security Act 1996 in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation:
(a) for the purposes of making a determination under section 72B:
(b) in relation to any matter arising out of or in the course of an investigation under Part 8:
(c) in relation to any matter that is within the jurisdiction of the Inspector General of Intelligence and Security, whether or not the matter arises out of a particular complaint made under Part 8;
and, for the purposes of any such consultation, the Commissioner may disclose to the Inspector General of Intelligence and Security such information as the Commissioner considers necessary for that purpose.
118.- Corrupt use of official information
(Repealed)
119.- Exclusion of public interest immunity
(1) Subject to subsection (2), the rule of law which authorises or requires the withholding of any document, or the refusal to answer any question, on the ground that the disclosure of the document or the answering of the question would be injurious to the public interest shall not apply in respect of:
(a) any investigation by or proceedings before the Commissioner or the Tribunal under this Act; or
(b) any application under section 4(1) of the Judicature Amendment Act 1972 for the review of any decision under this Act;
but not so as to give any party any information that he or she would not, apart from this section, be entitled to.
(2) Nothing in subsection (1) affects section 32.
120.- Adverse comment
The Commissioner shall not, in any report or statement made pursuant to this Act or the Crown Entities Act 2004, make any comment that is adverse to any person unless that person has been given an opportunity to be heard.
Delegations
121.- Delegation of functions or powers of Commissioner
(Repealed)
122.- Delegate to produce evidence of authority
(Repealed)
123.- Revocation of delegations
(Repealed)
124.- Delegation of powers by local authority
(1) A local authority may from time to time, either generally or particularly, delegate to any officer or employee of the local authority all or any of the powers of the local authority under this Act.
(2) Subject to any general or special directions given or conditions attached by the local authority, the officer or employee to whom any powers are delegated under this section may exercise those powers in the same manner and with the same effect as if they had been conferred on that officer or employee directly by this section and not by delegation.
(3) Until a delegation made under this section is revoked, it shall continue in force according to its tenor.
(4) Where a person purports to act pursuant to a delegation made under this section, that person shall be presumed to be acting in accordance with the terms of the delegation in the absence of proof to the contrary.
(5) Any delegation under this section may be made to a specified officer or employee, or may be made to the holder for the time being of a specified office.
(6) Every delegation made under this section shall be revocable at will and no such delegation shall prevent the exercise of any power by the local authority.
125.- Delegation of powers by officers of local authority
(1) Any officer or employee of a local authority may from time to time, by writing under that officer´s or employee´s hand, either generally or particularly, delegate to any other officer or employee of the local authority all or any of the powers exercisable by the first-mentioned officer or employee under this Act, except:
(a) the power to delegate under this section; and
(b) any power delegated to that officer or employee by a local authority pursuant to section 124, unless that delegation authorises that officer or employee to delegate that power to other officers or employees pursuant to this section.
(2) Subject to any general or special directions given or conditions attached by the officer or employee making the delegation, the officer or employee to whom any powers are delegated under this section may exercise those powers in the same manner and with the same effect as if they had been conferred on that officer or employee directly by this section and not by delegation.
(3) Until a delegation made under this section is revoked, it shall continue in force according to its tenor; and, in the event of the officer or employee by whom any such delegation has been made ceasing to hold office, the delegation shall continue to have effect as if made by the person for the time being holding the office of the officer or employee making the delegation.
(4) Any delegation under this section may be made to a specified officer or employee, or may be made to the holder for the time being of any specified office.
(5) Where any officer or employee purports to act pursuant to a delegation made under this section, that officer or employee shall be presumed to be acting in accordance with the terms of the delegation in the absence of proof to the contrary.
(6) Every delegation made under this section shall be revocable at will, and no such delegation shall prevent the exercise of any power by the officer or employee making the delegation.
Liability and offences
126.- Liability of employer and principals
(1) Subject to subsection (4), anything done or omitted by a person as the employee of another person shall, for the purposes of this Act, be treated as done or omitted by that other person as well as by the first-mentioned person, whether or not it was done with that other person´s knowledge or approval.
(2) Anything done or omitted by a person as the agent of another person shall, for the purposes of this Act, be treated as done or omitted by that other person as well as by the first-mentioned person, unless it is done or omitted without that other person´s express or implied authority, precedent or subsequent.
(3) Anything done or omitted by a person as a member of any agency shall, for the purposes of this Act, be treated as done or omitted by that agency as well as by the first-mentioned person, unless it is done or omitted without that agency´s express or implied authority, precedent or subsequent.
(4) In proceedings under this Act against any person in respect of an act alleged to have been done by an employee of that person, it shall be a defence for that person to prove that he or she or it took such steps as were reasonably practicable to prevent the employee from doing that act, or from doing as an employee of that person acts of that description.
127.- Offences
Every person commits an offence against this Act and is liable on summary conviction to a fine not exceeding $2,000 who:
(a) without reasonable excuse, obstructs, hinders, or resists the Commissioner or any other person in the exercise of their powers under this Act:
(b) without reasonable excuse, refuses or fails to comply with any lawful requirement of the Commissioner or any other person under this Act:
(c) makes any statement or gives any information to the Commissioner or any other person exercising powers under this Act, knowing that the statement or information is false or misleading:
(d) represents directly or indirectly that he or she holds any authority under this Act when he or she does not hold that authority.
Regulations
128.- Regulations
The Governor-General may from time to time, by Order in Council, make regulations for all or any of the following purposes:
(a) providing the procedure for the service of notices and documents under this Act:
(aa) prescribing the matters that the Commissioner may specify to a lead agency as matters that are to be included in a report by the lead agency under section 96S(1)(b):
(b) providing for such matters as are contemplated by or necessary for giving full effect to this Act and for its due administration.
128A.- Power to amend Schedule 5A
The Governor-General may, by Order in Council:
(a) amend Schedule 5A by making such amendments to the text of the basic principles of national application set out in that schedule as are required to bring that text up to date:
(b) repeal Schedule 5A, and substitute a new schedule setting out, in an up-to-date form, the text of the basic principles of national application.
Amendments, repeals, and revocations
129.- Amendments, repeals, and revocations
(1) The enactments specified in Schedule 6 are hereby amended in the manner indicated in that schedule.
(2) The enactments specified in Schedule 7 are hereby repealed.
(3) The orders specified in Schedule 8 are hereby revoked.
129A.- Amendment relating to Legislation Act 2012
Section 129B takes effect on the repeal of the Acts and Regulations Publication Act 1989 and the Regulations (Disallowance) Act 1989.
129B.- New section 96M substituted
Section 96M is repealed and the following section substituted:
«96M.- Application of Legislation Act 2012
An Order in Council:
«(a) is a legislative instrument for the purposes of the Legislation Act 2012; and
«(b) is a disallowable instrument for the purposes of the Legislation Act 2012; and
«(c) must be presented to the House of Representatives under section 41 of that Act.»
Transitional provisions and savings
130.- Final report of Wanganui Computer Centre Privacy Commissioner
(1) As soon as reasonably practicable after 1 July 1993, the State Services Commissioner shall arrange for a final report of the Wanganui Computer Centre Privacy Commissioner to be sent to the Minister of State Services showing the Wanganui Computer Centre Privacy Commissioner´s operations for the financial period ending with the close of 30 June 1993, and shall attach to the report a copy of the Wanganui Computer Centre Privacy Commissioner´s accounts for that period certified by the Auditor-General.
(2) A copy of the report and accounts shall be laid before the House of Representatives as soon as practicable after their receipt by the Minister of State Services.
131.- Privacy Commissioner to complete work in progress of Wanganui Computer Centre Privacy Commissioner
Where:
(a) any request made under section 14(1) of the Wanganui Computer Centre Act 1976; or
(b) any complaint made under section 15 of that Act:
is pending at the commencement of this section, then, notwithstanding the repeal of that Act by section 129(2) of this Act;
(c) the Commissioner may deal with that request or, as the case requires, that complaint as if the Commissioner were the Wanganui Computer Centre Privacy Commissioner under that Act; and
(d) that Act shall continue and be in force for that purpose.
132.- Savings
For the avoidance of doubt, and without limiting the provisions of the Acts Interpretation Act 1924, it is hereby declared that the repeal, by section 129(2) of this Act, of the Wanganui Computer Centre Act 1976 shall not affect:
(a) the continued existence of the Wanganui Computer Centre continued by section 3(1) of that Act; or
(b) the computer system established in connection with that computer centre; or
(c) any agreements or arrangements entered into by the Minister of State Services pursuant to section 3A of that Act.
133.- Transitional provision
The person who, immediately before the commencement of this section, was holding office as the Privacy Commissioner under the Privacy Commissioner Act 1991 shall, without further appointment, be deemed as from the commencement of this section for all purposes to have been appointed as the Privacy Commissioner under this Act, and that person´s instrument of appointment shall be construed accordingly.
Schedule 1.- Provisions applying in respect of Commissioner
1.- Employment of experts
(Repealed)
2.- Staff
(Repealed)
3.- Salaries and allowances
(Repealed)
4.- Superannuation or retiring allowances
(1) For the purpose of providing superannuation or retiring allowances for the Commissioner or Deputy Commissioner, the Commissioner may, out of the funds of the Commissioner, make payments to or subsidise any superannuation scheme that is registered under the Superannuation Schemes Act 1989.
(2) Notwithstanding anything in this Act, any person who, immediately before being appointed as the Commissioner or the Deputy Commissioner or, as the case may be, becoming an employee of the Commissioner, is a contributor to the Government Superannuation Fund under Part 2 or Part 2A of the Government Superannuation Fund Act 1956 shall be deemed to be, for the purposes of the Government Superannuation Fund Act 1956, employed in the Government service so long as that person continues to hold office as the Commissioner or the Deputy Commissioner or, as the case may be, to be an employee of the Commissioner; and that Act shall apply to that person in all respects as if that person´s service as the Commissioner or the Deputy Commissioner or, as the case may be, as such an employee were Government service.
(3) Subject to the Government Superannuation Fund Act 1956, nothing in subclause (2) entitles any such person to become a contributor to the Government Superannuation Fund after that person has once ceased to be a contributor.
(4) For the purpose of applying the Government Superannuation Fund Act 1956, in accordance with subclause (2), to a person who holds office as the Commissioner or the Deputy Commissioner or, as the case may be, is in the service of the Commissioner as an employee and (in any such case) is a contributor to the Government Superannuation Fund, the term controlling authority, in relation to any such person, means the Commissioner.
5.- Application of certain Acts to Commissioner and staff
(Repealed)
6.- Services for Commissioner
(Repealed)
7.- Funds of Commissioner
(Repealed)
8.- Bank accounts
(Repealed)
9.- Investment of money
(Repealed)
10.- Commissioner not to borrow without consent of Minister of Finance
(Repealed)
10A.- Auditor-General to be auditor of Commissioner
(Repealed)
11.- Seal
(Repealed)
12.- Exemption from income tax
The income of the Commissioner shall be exempt from income tax.
Schedule 2.- Public registers
Part 1.- Public register provisions
Enactment Public register provision
Agricultural Compounds and Veterinary Medicines Act 1997 Section 44ZH
Animal Products Act 1999 Sections 18, 52, 73, and 112S
Auditor Regulation Act 2011 Section 38
Births, Deaths, Marriages, and Relationships Registration Act 1995 Sections 5, 7(2), 8, 21B, 24, 25, 34, 36, 48(3), 50, 53, 56, 58, 62A, and 62C
Building Act 2004 Sections 216, 273, and 298
Building Societies Act 1965 Section 121A
Chartered Professional Engineers of New Zealand Act 2002 Sections 16 to 19
Civil Union Act 2004 Section 29
Climate Change Response Act 2002 Sections 18, 20, 26, 27, and 28
Companies Act 1955 Sections 7, 105, 111, 118, 119, 128, and 200
Companies Act 1993 Sections 87, 88, 189, and 360
Deeds Registration Act 1908 Sections 21, 22, and 30
Designs Act 1953 Sections 25 and 27
Dog Control Act 1996 Section 34
Electoral Act 1993 Sections 100, 101, 103, 104, 105, 106, 107, 108, 109, 204V, 205R, 206Q, 206ZH, 209E, and 210F
Electoral Referendum Act 2010 Sections 50 and 65
Electricity Act 1992 Section 124
Financial Service Providers (Registration and Dispute Resolution) Act 2008 Section 24
Fisheries Act 1996 Sections 98 and 124
Friendly Societies and Credit Unions Act 1982 Sections 5, 40, and 130
Gambling Act 2003 Section 204
Health Practitioners Competence Assurance Act 2003 Section 137
Immigration Advisers Licensing Act 2007 Section 77
Incorporated Societies Act 1908 Section 33
Industrial and Provident Societies Act 1908 Section 3D
Insolvency Act 2006 Sections 62, 354, and 368 Insurance (Prudential Supervision) Act 2010 Section 226
Land Transfer Act 1952 Sections 33 and 50
Land Transfer Regulations 2002 Regulation 31
Land Transport Act 1998 Sections 199 and 234
Limited Partnerships Act 2008 Section 54
Local Electoral Act 2001 Sections 38 and 109
Local Government (Rating) Act 2002 Section 27
Marriage Act 1955 Section 7
Motor Vehicle Sales Act 2003 Sections 52 and 73
Patents Act 1953 Sections 83 and 84
Personal Property Securities Act 1999 Sections 139 and 171 to 174
Plumbers, Gasfitters, and Drainlayers Act 2006 Section 70
Private Security Personnel and Private Investigators Act 2010 Section 97
Radiocommunications Act 1989 Sections 5, 6, and 28
Rating Valuations Act 1998 Section 7
Real Estate Agents Act 2008 Sections 63 to 70
Registered Architects Act 2005 Sections 18 to 23
Sale of Liquor Act 1989 Sections 220 and 221
Secondhand Dealers and Pawnbrokers Act 2004 Section 78
Securities Act 1978 Section 43N
Securities Act 1978 Section 51
Social Workers Registration Act 2003 Part 7
Te Ture Whenua Maori Act 1993 Section 263
Trade Marks Act 2002 Section 181
Veterinarians Act 2005 Section 22
Wine Act 2003 Sections 17, 47, and 82S
Part 2.- Documents deemed to be public registers
Documents held by local authorities and containing authorities for the carrying out of any work for or in connection with the construction, alteration, demolition, or removal of a building, where the authority was granted under any bylaw made under the authority of section 684(1)(22) of the Local Government Act 1974 or any equivalent provision of any former enactment.
Schedule 3.- Information matching provisions
Enactment Information matching provision
Accident Compensation Act 2001 Sections 246, 280, and 281
Accident Insurance Act 1998 Sections 370 and 371 (as saved by section 343 of the Accident Compensation Act 2001)
Births, Deaths, Marriages, and Relationships Registration Act 1995 Section 78A and 78B
Citizenship Act 1977 Section 26A
Corrections Act 2004 Sections 180 to 180D, 181, 182, and 204
Customs and Excise Act 1996 Sections 280 to 280D, 280K, 280L and 280H
Education Act 1989 Sections 128A, 226A, 238B, and 307D
Electoral Act 1993 Sections 263A and 263B
Housing Restructuring and Tenancy Matters Act 1992 Section 68
Immigration Act 2009 Sections 294, 295, 298, 299, and 300
Motor Vehicle Sales Act 2003 Sections 120 to 123
Social Security Act 1964 Sections 126A and 126AB
Social Welfare (Transitional Provisions) Act 1990 Section 19D(3)(b)
Student Loan Scheme Act 2011 Section 208
Tax Administration Act 1994 Sections 46A, 82, 83, 84, 85, 85A, 85B, 85E, 85G, and 85H
Schedule 4.- Information matching rules
1.- Notice to individuals affected
(1) Agencies involved in an authorised information matching programme shall take all reasonable steps (which may consist of or include public notification) to ensure that the individuals who will be affected by the programme are notified of the programme.
(2) Nothing in subclause (1) requires an agency to notify any individual about an authorised information matching programme if to do so would be likely to frustrate the objective of the programme.
2 Use of unique identifiers
Except as provided in any other enactment, unique identifiers shall not be used as part of any authorised information matching programme unless their use is essential to the success of the programme.
3.- On-line transfers
(1) Except with the approval of the Commissioner, information transferred between agencies for the purposes of an authorised information matching programme shall not be transferred by means of on-line computer connections.
(2) Any approval given under subclause (1) may be given either unconditionally or subject to such conditions as the Commissioner thinks fit.
(3) Any approval given under subclause (1) may at any time be withdrawn by the Commissioner; and any condition subject to which any such approval is given may from time to time be revoked, varied, or added to by the Commissioner.
4.- Technical standards
(1) The agency primarily responsible for the operation of an authorised information matching programme shall establish and maintain detailed technical standards to govern the operation of the programme.
(2) The technical standards established by an agency in accordance with subclause (1) shall deal with the following matters:
(a) the integrity of the information to be matched, with particular reference to:
(i) key terms and their definition; and
(ii) relevance, timeliness, and completeness.
(b) the matching techniques to be used in the programme, with particular reference to:
(i) the matching algorithm;
(ii) any use of unique identifiers;
(iii) the nature of the matters being sought to be identified by the matching process;
(iv) the relevant information definitions;
(v) the procedure for recognising matches.
(c) the controls being used to ensure the continued integrity of the programme, including the procedures that have been established to confirm the validity of matching results.
(d) the security features included within the programme to minimise and audit access to personal information, including the means by which the information is to be transferred between agencies.
(3) The technical standards established in accordance with subclause (1) shall be incorporated in a written document (in this clause called a Technical Standards Report), and copies of the Technical Standards Report shall be held by all agencies that are involved in the authorised information matching programme.
(4) Variations may be made to a Technical Standards Report by way of a Variation Report appended to the original report.
(5) The agency that prepares a Technical Standards Report shall forward a copy of that report, and of every Variation Report appended to that report, to the Commissioner.
(6) The Commissioner may from time to time direct that a Technical Standards Report be varied, and every such direction shall be complied with by the agency that prepared the report.
(7) Every agency involved in an authorised information matching programme shall comply with the requirements of the associated Technical Standards Report (including any variations made to the report).
5.- Safeguards for individuals affected by results of programmes
(1) The agencies involved in an authorised information matching programme shall establish reasonable procedures for confirming the validity of discrepancies before any agency seeks to rely on them as a basis for action in respect of an individual.
(2) Subclause (1) shall not apply if the agencies concerned consider that there are reasonable grounds to believe that the results are not likely to be in error, and in forming such a view regard shall be had to the consistency in content and context of the information being matched.
(3) Where such confirmation procedures do not take the form of checking the results against the source information, but instead involve direct communication with the individual affected, the agency that seeks to rely on the discrepancy as a basis for action in respect of an individual shall notify the individual affected that no check has been made against the information which formed the basis for the information supplied for the programme.
(4) Every notification in accordance with subclause (3) shall include an explanation of the procedures that are involved in the examination of a discrepancy revealed by the programme.
6.- Destruction of information
(1) Personal information that is disclosed, pursuant to an information matching provision, to an agency for use in an authorised information matching programme and that does not reveal a discrepancy shall be destroyed as soon as practicable by that agency.
(2) Where:
(a) personal information is disclosed, pursuant to an information matching provision, to an agency for use in an authorised information matching programme; and
(b) that information reveals a discrepancy;
that information shall be destroyed by that agency as soon as practicable after that information is no longer needed by that agency for the purposes of taking any adverse action against any individual.
(3) Nothing in this clause applies in relation to the Inland Revenue Department.
7.- No new databank
(1) Subject to subclauses (2) and (3), the agencies involved in an authorised information matching programme shall not permit the information used in the programme to be linked or merged in such a way that a new separate permanent register or databank of information is created about all or any of the individuals whose information has been subject to the programme.
(2) Subclause (1) does not prevent an agency from maintaining a register of individuals in respect of whom further inquiries are warranted following a discrepancy revealed by the programme, but information relating to an individual may be maintained on such a register only for so long as is necessary to enable those inquiries to be carried out, and in no case longer than is necessary to enable any adverse action to be taken against an individual.
(3) Subclause (1) does not prevent an agency from maintaining a register for the purpose of excluding individuals from being selected for investigation, but such register shall contain the minimum amount of information necessary for that purpose.
8.- Time limits
(1) Where an authorised information matching programme is to continue for any period longer than 1 year, or for an indefinite period, the agencies involved in the programme shall establish limits on the number of times that matching is carried out pursuant to the programme in each year of its operation.
(2) The limits established in accordance with subclause (1) shall be stated in writing in an annex to the Technical Standards Report prepared in respect of the programme pursuant to clause 4.
(3) The limits established in accordance with subclause (1) may be varied from time to time by the agencies involved in the programme.
Schedule 5.- Law enforcement information
Ministry of Justice records
Subject Description Access available to
Court document processing Particulars of proceedings in respect of Police
which informations are to be laid; the Serious Fraud Office
acceptance of data for and the preparations Department of Corrections
of associated documents Legal Services Commissioner, limited only to finding
out whether or not an applicant for criminal legal aid
has any charges currently pending determination by the courts
Details of hearings Details of hearings of proceedings in respect Police (access is limited so as to exclude details relating
of which an information has been to young persons, being persons over 14 years but under
laid, including convictions, sentences, 17 years, where the offence did not carry a liability to imprisonment)
and all other matters ancillary and subsequent New Zealand Transport Agency (access is limited to traffic cases only)
to a determination Serious Fraud Office (access is limited so as to exclude
details relating to young persons, being persons over 14
years but under 17 years, where the offence did not carry
a liability to imprisonment) Department of Corrections
Legal Services Commissioner, for the purpose of determining
an application for a grant of legal aid (access is
limited so as to exclude details relating to young persons,
being persons over 14 years but under 17 years,
where the offence did not carry a liability to imprisonment)
Enforcement of fines Particulars of writs, warrants, or orders Police
and other orders in force and issued or made on default Department of Corrections
in the payment of fines or other Legal Services Commissioner, for the purpose of determining
monetary sums ordered in proceedings an application for a grant of legal aid in relation
commenced by indictment or information; to a criminal matter
particulars of the persons to whom
the writs, warrants, or orders relate; and
particulars of fines, sentences, or orders
imposed or made against those persons,
including the amounts remaining
payable thereunder and the arrangements
for payment
Non-performance Records relating to failure to comply Police
of bail conditions with bail conditions entered under section
38(3) or section 63(3) of the Bail Act 2000
Police records
Details of overseas Details of hearings of overseas proceedings Ministry of Justice
hearings before overseas courts, including Department of Corrections
convictions, sentences, and all other Serious Fraud Office
matters ancillary and subsequent to a
determination
Police temporary Details of active or recently closed Police Ministry of Justice (access is limited to:
file index files, including the file numbers and (a) obtaining information about parties to offences
location of the files, and the names of for the purpose of processing cases before a court:
complainants, victims, witnesses, suspects, (b) updating Police records)
and alleged offenders
Offender identity Particulars of the identity of persons Department of Corrections (access is limited to identity
who have been charged with an offence details for the purposes of:
(a) entering information relating to prosecutions initiated
otherwise than by the Police; or
(ab) undertaking criminal history checks of persons
wishing to visit prisons who have consented to
such a check; or entering information relating
to prosecutions initiated otherwise than by the
Police; or
(b) research conducted by the department, and with
the limitation that information so obtained must
not be published in a form which could reasonably
be expected to identify the individual concerned)
Ministry of Justice (access is limited to:
(a) identity details for the purposes of:
(i) entering information relating to prosecutions
initiated otherwise than by the Police; or
(ii) providing assistance to victims in accordance
with the Criminal Justice Act 1985,
the Sentencing Act 2002, the Parole Act
2002, the Victims´ Rights Act 2002, and
the Prisoners´ and Victims´ Claims Act 2005; or
(iii) updating an existing database of court
proceedings; or
(b) obtaining information for the purpose of research
conducted by the Ministry, and with the limitation
that information so obtained must not be
published in a form that could reasonably be expected
to identify the individual concerned)
Victim identity The name, sex, date of birth, address, Ministry of Justice (access is limited to identity details
and telephone number of persons who for the purpose of providing assistance to victims in
are the victims of a criminal offence accordance with the Criminal Justice Act 1985, the
in respect of which another person has Sentencing Act 2002, the Parole Act 2002, the Victims´
been charged Rights Act 2002, and the Prisoners´ and Victims´ Claims Act 2005)
Medical details An indicator to identify persons who New Zealand Transport Agency (access is limited to obtaining
are or have been special patients information for the purposes of:
under the Mental Health (Compulsory (a) subpart 2 of Part 4A of the Land Transport Act 1998; or
Assessment and Treatment) Act 1992 (b) section 19 of the Land Transport Act 1998
or any former Act and the hospitals at Department of Corrections
which those persons are or have been Ministry of Justice
detained as special patients, or as committed
patients, or as patients (within
the meaning of that Act)
Traffic offence Traffic offence and infringement enforcement New Zealand Transport Agency
and infringement processing, including infringement Ministry of Justice (access is limited to obtaining information
enforcement and fees enforcement and preparation for the purpose of processing cases before a court)
document of documents Legal Services Commissioner (access is limited to obtaining
processing information for the purpose of processing cases
before a court, and for determining an application for a
grant of legal aid relating to a criminal matter)
Vehicles of Particulars of motor vehicles stolen, unlawfully Ministry of Transport (access is limited so as to exclude
interest taken, missing, abandoned, or such particulars as the Police may determine in any case)
found, or where location is for other reasons
required to be known by the Police
Vehicles Particulars of an impounded vehicle, Ministry of Justice (access is limited to giving effect to
impounded including make, model, type, registration action taken, under Part 3 of the Summary Proceedings
under Land plate number, vehicle identification Act 1957, to enforce the payment of fines, reparation,
Transport number; the section of the Land and related payments)
Act 1998 Transport Act 1998 under which it is
impounded, the date on which it was
impounded, and the place where it is
impounded; whether any appeals are
yet to be determined; particulars of the
person who was driving the vehicle
immediately before its impoundment,
including the full name, full address,
telephone number, occupation, driver
licence number, and date of birth of
that person and the same particulars
also for every person, other than that
driver, who is registered in respect of
the vehicle
Wanted Particulars concerning persons wanted New Zealand Transport Agency (access is limited to obtaining
persons for arrest information for the purposes of:
(a) subpart 2 of Part 4A of the Land Transport Act 1998:
(b) carrying out the functions conferred on the Authority
by section 69(1) of the Land Transport Management Act 2003:
(c) carrying out the functions conferred on the Authority
by the notice dated 22 August 1993 and
published in the Gazette on 2 September 1993 at page 2626)
Ministry of Justice (access is limited to persons wanted
in connection with fines enforcement)
Missing Particulars concerning persons missing New Zealand Transport Agency (access is limited so as
persons or required to be located to exclude such particulars as the Police may determine
in any case)
Ministry of Justice (access is limited to persons required
to be located in connection with fines enforcement)
Firearms Particulars of persons authorised to Ministry of Justice (access is limited to identity details
licences possess firearms in accordance with the of persons who possess firearms, where that information
Arms Act 1983 is required for the purpose of serving orders made under
the Domestic Violence Act 1995)
Protection Details of protection orders made under Department of Corrections (access is limited to obtaining
orders the Domestic Violence Act 1995 information about any offender who is subject to a
protection order while also subject to:
(a) a full-time custodial sentence (including while
released on parole or subject to conditions imposed
under section 93 of the Sentencing Act 2002); or
(b) a sentence of periodic detention, supervision, intensive
supervision, community service, community
programme, community work, or community detention; or
(c) a non-association order; or
(d) a sentence of home detention (including while
subject to post-detention conditions).
Access is for the purpose of managing the offender´s
sentence and any post-sentence conditions in a manner
consistent with any protection order.)
Restraining Details of restraining orders made under Department of Corrections (access is limited to obtaining
orders the Harassment Act 1997 information about any offender who is subject to a
restraining order while also subject to:
(a) a full-time custodial sentence (including while
released on parole or subject to conditions imposed
under section 93 of the Sentencing Act 2002); or
(b) a sentence of periodic detention, supervision, intensive
supervision, community service, community
programme, community work, or community detention; or
(c) a non-association order; or
(d) a sentence of home detention (including while
subject to post-detention conditions).
Access is for the purpose of managing the offender´s
sentence and any post-sentence conditions in a manner
consistent with any restraining order.)
New Zealand Transport Agency records
Driver licence A national register of all driver licences Department of Corrections
register (except Ministry of Justice
photographic Police
images on Local authorities authorised under section 112
driver licences) Serious Fraud Office
Ministry of Transport (access is limited to obtaining information
for the purpose of verifying the identity of
people who are or apply to be:
(a) (Repealed)
(b) holders of licences issued under the Road User
Charges Act 2012
Registrar of Motor Vehicles (access is limited to obtaining
information for the purposes of:
(a) verifying the identity of people who are or apply
to be registered in respect of motor vehicles on
the register of motor vehicles; or
(b) correcting or updating information held on the
register of motor vehicles about such people)
Transport A national register of all transport service Police
services licences
licensing
register
Demerit The recording of demerit points in relation Police
points to traffic offences
Rail A national register of all licences under Police
licensing the Railways Act 2005
register
Registrar of Motor Vehicles records
Motor A national register of all motor vehicles Ministry of Justice (including for the purpose of enforcing
vehicles civil debts)
register Ministry of Transport
Police
Local authorities authorised under section 112
Serious Fraud Office
Department of Labour (access is limited to name and
address details of persons who are or were previously
registered in respect of a specified vehicle for the purposes
of enforcing immigration or health and safety in
employment legislation)
Ministry of Fisheries (access is limited to name and
address details of persons who are or were previously
registered in respect of a specified vehicle for the purposes
of enforcing fisheries legislation and any other enactment that
confers enforcement powers on fisheries officers)
New Zealand Customs Service (access is limited to obtaining
information for the purposes of enforcing legislation
for which the Service has enforcement powers)
New Zealand Transport Agency (access is limited to obtaining
information for the purposes of carrying out the
functions conferred on the Authority by:
(a) section 69(1) of the Land Transport Management Act 2003:
(b) the notice dated 22 August 1993 and published in
the Gazette on 2 September 1993 at page 2626)
Legal Services Commissioner (access is limited to obtaining
information for the purpose of determining financial
eligibility of an applicant for a grant of legal aid
in relation to a criminal matter)
An enforcement authority under the Land Transport
Management Act 2003.
Ministry of Transport records
Road user Details of licences issued under the Police (access is limited to obtaining information for the
charges Road User Charges Act 1977 and details purpose of enforcing the Road User Charges Act 1977)
of the corresponding licence holders New Zealand Transport Agency (access is limited to obtaining
information for the purposes of carrying out the
functions conferred on the Authority by:
(a) section 69(1) of the Land Transport Management Act 2003:
(b) the notice dated 22 August 1993 and published in
the Gazette on 2 September 1993 at page 2626)
Department of Corrections records
Community-based Particulars of persons: Police (access is limited to:
sentences, (a) released on probation or parole, (a) the person´s area of reporting:
sentences of home or released on conditions under (b) in the case of a person released from a prison,
detention, and Part 6 of the Criminal Justice the conditions of the person´s release (whether
conditions of release Act 1985, or sentenced to community imposed on release or imposed or varied subsequently,
service, periodic detention, and including any direction issued to
supervision, or a community that person by a probation officer)
programme; or Ministry of Justice
(b) released on parole, home detention,
or compassionate release
under subpart 2 of Part 1 of the
Parole Act 2002 or sentenced
to supervision, intensive supervision,
community work, community
detention, or home detention.
Records of Particulars of prisoners in a prison, Police (access is limited to the
prisoners Including the date of release from location and the date of
The prison release of the prisoner)
Ministry of Justice
Schedule 5A.-Basic principles of national application set out in Part Two of the OECD Guidelines
Collection limitation principle
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data quality principle
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose specification principle
The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use limitation principle
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with (thePurpose specification principle above) except:
(a) with the consent of the data subject; or
(b) by the authority of law.
Security safeguards principle
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Openness principle
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual participation principle
An individual should have the right:
(a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
(b) to have communicated to him, data relating to him
* within a reasonable time;
* at a charge, if any, that is not excessive;
* in a reasonable manner; and
* in a form that is readily intelligible to him;
(c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
(d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
Accountability principle
A data controller should be accountable for complying with measures which give effect to the principles stated above.
Schedule 6.- Enactments amended
Films Act 1983 (1983 nº 130)
Amendment(s) incorporated in the Acts(s).
Goods and Services Tax Act 1985 (1985 nº 141) (RS Vol 27, p 425)
Amendment(s) incorporated in the Act(s).
Higher Salaries Commission Act 1977 (1977 nº 110) (RS Vol 19, p 623)
Amendment(s) incorporated in the Acts(s).
New Zealand Security Intelligence Service Act 1969 (1969 nº 24) (RS Vol 21, p 559)
Amendment(s) incorporated in the Act(s).
Public Finance Act 1989 (1989 nº 44)
Amendment(s) incorporated in the Acts(s).
Race Relations Act 1971 (1971 nº 150) (RS Vol 14, p 479)
Amendment(s) incorporated in the Acts(s).
Securities Act 1978 (1978 nº 103) (RS Vol 15, p 533)
Amendment(s) incorporated in the Act(s).
Summary Proceedings Act 1957 (1957 nº 87) (RS Vol 9, p 583)
Amendment(s) incorporated in the Act(s).
Transport Act 1962 (1962 nº 135) (RS Vol 16, p 659)
Amendment(s) incorporated in the Act(s).
Schedule 7.- Enactments repealed
Accident Rehabilitation and Compensation Insurance Act 1992 (1992 nº 13)
Amendment(s) incorporated in the Act(s).
Children, Young Persons, and Their Families Act 1989 (1989 nº 24)
Amendment(s) incorporated in the Act(s).
Criminal Justice Act 1985 (1985 nº 120)
Amendment(s) incorporated in the Act(s).
Defamation Act 1992 (1992 nº 105)
Amendment(s) incorporated in the Act(s).
Higher Salaries Commission Amendment Act 1988 (1988 nº 24)
Amendment(s) incorporated in the Act(s).
Parliamentary Service Act 1985 (1985 nº 128)
Amendment(s) incorporated in the Act(s).
Police Amendment Act 1989 (1989 nº 138)
Amendment(s) incorporated in the Act(s).
Privacy Commissioner Act 1991 (1991 nº 126)
Public Finance Amendment Act 1992 (1992 nº 142)
Amendment(s) incorporated in the Act(s).
Serious Fraud Office Act 1990 (1990 nº 51)
Amendment(s) incorporated in the Act (s).
Transport Amendment Act 1980 (1980 nº 96)
Amendment(s) incorporated in the Act(s).
Transport Amendment Act (nº 2) 1992 (1992 nº 67)
Amendment(s) incorporated in the Act(s).
Wanganui Computer Centre Act 1976 (1976 nº 19)
Wanganui Computer Centre Amendment Act 1977 (1977 nº 83)
Wanganui Computer Centre Amendment Act 1979 (1979 nº 118)
Wanganui Computer Centre Amendment Act 1980 (1980 nº 52)
Wanganui Computer Centre Amendment Act 1983 (1983 nº 122)
Wanganui Computer Centre Amendment Act 1985 (1985 nº 52)
Wanganui Computer Centre Amendment Act 1986 (1986 nº 10)
Wanganui Computer Centre Amendment Act 1989 (1989 nº 5)
Schedule 8.- Orders revoked
Wanganui Computer Centre Act Commencement Order 1977 (SR 1977/8)
Wanganui Computer Centre Order 1981 (SR 1981/13)
Wanganui Computer Centre Order 1987 (SR 1987/403)
Wanganui Computer Centre Order 1992 (SR 1992/104)
