Caslon Analytics elephant logo title for Privacy guide
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa




Aust law

EU law

New Zealand

Asia law

N America





other writing


















related pages icon



section heading icon     New Zealand

This page looks at privacy legislation, reports and developments in New Zealand.

It covers -

subsection heading icon    introduction

Information about the New Zealand Privacy Act 1993, one of the most comprehensive outside Europe, is available at the NZ Privacy Commissioner's site.

subsection heading icon    the 1993 Act

The Privacy Act (here) applies to the handling of all personal information collected or held by government agencies and most businesses. Coverage of the private sector includes sole traders, major New Zealand-owned businesses and the local arms of overseas-owned businesses.

The legislation identifies 'personal information' as information about an identifiable living person, irrespective of whether it is on a computer or a paper file.

The legislation is based on twelve Information Privacy Principles (IPP), similar to the National Information Principles in the Australian Privacy Act and ultimately derived from the 1988 OECD Guidelines.

They cover -

1 purpose of collection of personal information

2 source of personal information

3 collection of information from subject

4 manner of collection of personal information

5 storage and security of personal information

6 access to personal information

7 correction of personal information

8 accuracy, etc of personal information to be checked before use

9 agency not to keep personal information for longer than necessary

10 limits on use of personal information

11 limits on disclosure of personal information

12 unique identifiers

The principles are technology neutral, with the expectation that they will operate in a number of contexts and not be superseded by new technologies. Although not prescriptive the IPP set a number of standards.

The legislation establishes a national Privacy Commissioner.

subsection heading icon    codes

The Act allows the Privacy Commissioner to establish Codes of Practice that apply the Information Privacy Principles to specific activities and industries or allowing exemptions.

The Commissioner has issued seven Codes since inception of the Privacy Act.

Health Information Privacy Code 1994

Health Information Privacy Code 1993 (temporary, now expired)

GCS Information Privacy Code 1994 (expired)

Superannuation Schemes Unique Identifier Code 1995

EDS Information Privacy Code 1997 and amendment

Justice Sector Unique Identifier Code 1998

Post-Compulsory Education Unique Identifier Code 2001.

The NZ Privacy Commissioner has sought public comment on a proposed Telecommunications Information Privacy Code (TIPC). That code is discussed in a separate Information paper. Submissions are due by mid March 2002.

The New Zealand Consumer Ministry has published a New Zealand Model Code for Consumer Protection in Electronic Commerce with a privacy component.

subsection heading icon    other legislation

The legislation reflects the New Zealand
Bill of Rights Act 1990 (BRA) and Human Rights Act 1993 (HRA), discussed here.

As in Australia, other enactments contain provisions relating to the protection of personal information. These include -

Income Tax Act 1986

Official Information Act 1982

subsection heading icon    developments

The Privacy Act has been amended since 1993. Highlights of privacy legislation in Australia and New Zealand are here.

Specific amendments are -

Privacy Amendment Act 1993 (here)

Privacy Amendment Act 1994 (here)

Privacy Amendment Act 1996 (here)

Privacy Amendment Act 1997 (here)

Privacy Amendment Act 1998 (here)

Privacy Amendment Act 2000 (here)

The Statutes Amendment Bill 2000 amends the Privacy Act to secure a finding from the European Commission that New Zealand provides an "adequate level of protection" for the purposes of the EU Data Protection Directive (discussed here). Existing NZ legislation does not restrict transborder movement of personal data, a key feature of the EU privacy regime and the basis of Safe Harbour agreements with Canada and the US.

The new legislation will also remove existing restrictions on data access or correction. At the moment data access and correction is restricted to New Zealand citizens, permanent residents or applicants at the time of the request.

subsection heading icon    studies

Studies of the NZ regime include Paul Roth's Privacy Law & Practice (Wellington: Butterworths 1998) and The Privacy Act (Wellington: GP Publications 1994) by Elizabeth Longworth & Tim McBride.

icon for link to next page    next page  (Asia)

this site
the web



version of January 2003
© Caslon Analytics