New Zealand Privacy Act 1993 The Privacy Act 1993 received its Royal assent on 17 May 1993 and came into force on 1 July 1993. About the Privacy Act The Privacy Act 1993 aims to promote and protect individual privacy. The Act establishes information privacy principles for: the collection, use, disclosure and storage of personal information by agencies, and access by each individual to their personal information. The Act also regulates public registers. Examples of public registers are rates databases, dog registers, land registers, transport registers and the electoral rolls. The Act provides for the appointment of a Privacy Commissioner. The Privacy Commissioner has the power, among other things, to issue codes of practice and investigate complaints about interferences with privacy. What are the information privacy principles? The Act contains information privacy principles to guide agencies about the: purpose for which personal information may be collected (principle 1) permitted sources from which personal information may be collected (principle 2) obligations of agencies when they collect personal information directly from the individual concerned (principle 3) manner of collection of personal information (principle 4) storage and security of personal information (principle 5) access to personal information (principle 6) correction of personal information (principle 7) checks on the accuracy of personal information (principle 8) retention of personal information (principle 9) limits on the use of personal information (principle 10) limits on the disclosure of personal information (principle 11), and use of unique identifiers (principle 12). Several principles contain specific exceptions. It is important to read the principles alongside their exceptions to know how they apply in particular circumstances. Application of the information privacy principles The principles apply to personal information collected, used, disclosed and stored by agencies. Personal information is any information about an identifiable individual (a living natural person). Almost any individual, organisation or business – whether in the public or private sector – can be an agency in terms of the Act. There are exceptions (see section 2(1) of the Act), for example: Members of Parliament (MPs), when they are acting as MPs courts and tribunals in relation to their judicial functions, and the news media, when they are conducting their news activities. Exemptions to the information privacy principles Apart from the exceptions relating to specific privacy principles and modifications made by codes of practice (see below), there are some general exceptions to the information privacy principles. Examples are: the collection, use, or disclosure of personal information authorised by the Privacy Commissioner (under section 54) personal information collected or held by an individual for their own personal, family, or household affairs (section 56), and information collected, obtained, held, used, or disclosed by, or disclosed to, an intelligence organisation (section 57). Section 7 of the Act has the effect that if another statute is contrary to the privacy principles, that other statute prevails. Codes of Practice Under the Act, the Privacy Commissioner has the power to issue codes of practice that modify the application of any one or more of the information privacy principles. Codes of practice may apply to specified (classes of) information; agencies; activities; or industry, profession, or calling. Examples of codes of practice are the Justice Sector Unique Identifier Code, the Health Information Privacy Code and the Telecommunications Privacy Code. Codes of practice have the status of regulations and, therefore, must be presented to the House of Representatives. They have the force of law and must be complied with. The Privacy Commissioner can at any time amend or revoke a code of practice. The Privacy Commissioner The key responsibilities of the Privacy Commissioner include: investigating complaints monitoring proposed legislation considering and commenting on government policy making statements on privacy issues issuing codes of practice reviewing authorised data matching programmes, and promoting understanding of the information privacy principles. The Privacy Commissioner offers a free dispute resolution service (conciliation and mediation) for the settlement of privacy complaints. Anyone can complain to the Privacy Commissioner about an action by an agency that interferes with their privacy (in breach of the privacy principles, code of practice or privacy provisions relating to data matching between government agencies), and has led to some form of harm to the complainant. If the complaint is not settled by means of conciliation or mediation, or during the formal investigation of the complaint, the Privacy Commissioner will form an opinion on the complaint. An opinion of the Privacy Commissioner is not legally binding. Contact the Privacy Commissioner Human Rights Review Tribunal If the Privacy Commissioner concludes that there has been a breach of the Privacy Act, the Commissioner may refer the case to the Director of Human Rights Proceedings. The Director will decide – after hearing the defendant – whether to take the complaint to the Human Rights Review Tribunal. The complainant can, however, still take the matter to the Tribunal if the Privacy Commissioner concludes that there has not been a breach, the Director decides not to bring proceedings, or the Director agrees to the complainant bringing proceedings before the Tribunal himself or herself. Remedies The Tribunal is not bound by the Privacy Commissioner’s opinion and its decision about the complaint is legally binding. If the Tribunal finds that any action of the defendant is an interference with the privacy of an individual, it may – among other things - award the following remedies (see section 85): a declaration that the agency has breached the privacy of the complainant an order preventing the agency from continuing or repeating the breach damages (section 88) an order that the agency does something to rectify the breach, or redress any loss or damage suffered, or such other relief as the Tribunal thinks fit. It can also make an award of costs against the unsuccessful party in a case. Links Text of the Privacy Act 1993 Information about the complaints procedure under the Privacy Act Information about the Office of the Privacy Commissioner Information about the Human Rights Review Tribunal Website of the Office of the Privacy Commissioner Privacy (Information Sharing) Bill Law Commissions Review of the Law of Privacy
Posted on: Fri, 21 Mar 2014 10:29:57 +0000
Trending Topics
Recently Viewed Topics
© 2015