The Privacy Act 2020 promotes and protects individual privacy, providing a framework for responsible collection, storage, and use of personal information in New Zealand.
Purpose
The Act ensures individuals can access their personal information and that organizations comply with internationally recognized privacy standards. It protects people’s privacy rights while guiding IT practices for secure and responsible handling of data.
Key Principles
- Principle 1 – Purpose for collection
- Principle 2 – Source of information – collection from the individual
- Principle 3 – What to tell the individual about collection
- Principle 4 – Manner of collection
- Principle 5 – Storage and security of information
- Principle 6 – Providing people access to their information
- Principle 7 – Correction of personal information
- Principle 8 – Ensure accuracy before using information
- Principle 9 – Limits on retention of personal information
- Principle 10 – Use of personal information
- Principle 11 – Disclosing personal information
- Principle 12 – Disclosure outside New Zealand
- Principle 13 – Unique identifiers
Two-page PDF of the privacy principles https://www.privacy.org.nz/assets/Privacy-Act-2020-content/20250326-A-quick-tour-of-the-privacy-principles.pdf
Relevance to IT
Organizations must protect personal information from loss, unauthorized access, or misuse. They should ensure secure storage and take steps to prevent unauthorized disclosure when sharing data. These practices are essential for compliance, data security, and ethical IT management.
Māori Data Sovereignty
The Privacy Act aligns with Māori data sovereignty principles, emphasizing governance and control over Māori data, appropriate use and protection of cultural information, and engagement with iwi and hapū when handling taonga or Māori datasets.
