page looks at privacy legislation, reports and developments
in New Zealand.
It covers -
Information about the New Zealand Privacy Act 1993,
one of the most comprehensive outside Europe, is available
at the NZ Privacy Commissioner's site.
The Privacy Act (here)
applies to the handling of all personal information collected
or held by government agencies and most businesses. Coverage
of the private sector includes sole traders, major New
Zealand-owned businesses and the local arms of overseas-owned
The legislation identifies 'personal information' as information
about an identifiable living person, irrespective of whether
it is on a computer or a paper file.
The legislation is based on twelve Information Privacy
similar to the National Information Principles in the
Australian Privacy Act and ultimately derived from the
1988 OECD Guidelines.
They cover -
purpose of collection of personal information
source of personal information
collection of information from subject
manner of collection of personal information
storage and security of personal information
to personal information
correction of personal information
accuracy, etc of personal information to be checked
agency not to keep personal information for longer than
limits on use of personal information
limits on disclosure of personal information
principles are technology neutral, with the expectation
that they will operate in a number of contexts and not
be superseded by new technologies. Although not prescriptive
the IPP set a number of standards.
The legislation establishes a national Privacy Commissioner.
The Act allows the Privacy Commissioner to establish
Codes of Practice that apply the Information Privacy Principles
to specific activities and industries or allowing exemptions.
The Commissioner has issued seven Codes since inception
of the Privacy Act.
Information Privacy Code 1994
Health Information Privacy Code 1993 (temporary, now
GCS Information Privacy Code 1994 (expired)
Superannuation Schemes Unique Identifier Code 1995
EDS Information Privacy Code 1997 and amendment
Justice Sector Unique Identifier Code 1998
Post-Compulsory Education Unique Identifier Code 2001.
NZ Privacy Commissioner has sought public comment on a
proposed Telecommunications Information Privacy Code (TIPC).
That code is discussed in a separate Information
Submissions are due by mid March 2002.
The New Zealand Consumer Ministry has published a New
Code for Consumer Protection in Electronic Commerce
with a privacy component.
The legislation reflects the New Zealand Bill
of Rights Act 1990 (BRA)
and Human Rights Act 1993 (HRA),
in Australia, other enactments contain provisions relating
to the protection of personal information. These include
Tax Act 1986
Official Information Act 1982 (here)
The Privacy Act has been amended since 1993. Highlights
of privacy legislation in Australia and New Zealand are
Specific amendments are -
Amendment Act 1993 (here)
Amendment Act 1994 (here)
Amendment Act 1996 (here)
Amendment Act 1997 (here)
Amendment Act 1998 (here)
Amendment Act 2000 (here)
Statutes Amendment Bill 2000 amends the
Privacy Act to secure a finding from the European Commission
that New Zealand provides an "adequate level of protection"
for the purposes of the EU Data Protection Directive (discussed
here). Existing NZ legislation
does not restrict transborder movement of personal data,
a key feature of the EU privacy regime and the basis of
Safe Harbour agreements
with Canada and the US.
The new legislation will also remove existing restrictions
on data access or correction. At the moment data access
and correction is restricted to New Zealand citizens,
permanent residents or applicants at the time of the request.
Studies of the NZ regime include Paul Roth's Privacy
Law & Practice (Wellington: Butterworths 1998)
and The Privacy Act (Wellington: GP Publications
1994) by Elizabeth Longworth & Tim McBride.
next page (Asia)