View all Insights

The Privacy Act 2020 - Privacy Principle One

The Privacy Act 2020 - Privacy Principle One

Monday, December 6, 2021
Written by:
Andrew Knight

The Privacy Act 2020 ("new Act") came into force in 2020, replacing the Privacy Act 1993. The purpose of the new Act was to overhaul New Zealand's existing privacy of personal information regulatory framework and bring it into line with internationally recognised privacy obligations and standards. Section 22 of the new Act sets out 13 information privacy principles ("Privacy Principles"). In this article, we focus on new developments in relation to Privacy Principle 1 ("PP1"), which addresses the purpose of collection of personal information.

Privacy Principle One

PP1 sets out the following restrictions in respect of the purpose for an agency collecting personal information:

        "(1) Personal information must not be collected by an agency unless —

               (a) the information is collected for a lawful purpose connected with a function or an activity of the agency; and

               (b) the collection of the information is necessary for that purpose.

         (2) If the lawful purpose for which personal information about an individual is collected does not require the
                collection of an individual's identifying information, the agency may not require the individual's identifying information."

In short, if your business collects personal information, it is required by law that you only collect information where it is necessary for a lawful purpose connected with the function or activity of your business. If your business purpose does not necessarily require a person's identifying information, it may not be acceptable under PP1 to collect it. Where the action of the company collecting the information breaches one or more of the information Privacy Principles in the new Act, a complaint can be made to the Privacy Commissioner, who has various options.

Possible consequences of a breach include warning letters, access directions, compliance notices, referral to the Human Rights Review Tribunal, public interest inquiry, public naming of agency. The penalty for failure to comply with a compliance notice is a fine of up to $10,000.00. Among other consequences, the Human Rights Review Tribunal has the ability to award damages, including damages for humiliation, loss of dignity and injury to the feelings of the aggrieved individual (refer Section 103 of the new Act).

Compliance Monitoring Programme for Rental Accommodation

The New Zealand Privacy Commissioner has given a recent clear example on how to view the purpose for which personal information is collected, with a specific application to the rental accommodation sector.

In November 2021, the Privacy Commissioner announced the introduction of a new privacy compliance monitoring programme for the rental sector. The objective is to ensure that landlords, property managers and third party service providers are compliant with the provisions of PP1 of the new Act.

These measures came into effect in response to concerns that landlords have been collecting more information than is necessary from prospective tenants such as (for example) asking about relationship or family status, whether the applicant is unemployed, sexual orientation or gender identity or ethnicity.  

A two-stage approach to collecting the minimal amount of personal information is advocated, with stage one for deciding whether applicants are likely to be suitable tenants and to narrow down who may be a preferred applicant and stage two for confirming the preferred applicants are likely to be suitable (such as obtaining credit checks, criminal record checks, evidence of ability to pay rent).

However, the scope of minimal information to be collected can be seen in the example given where the Privacy Commissioner considered requesting bank statements showing the applicant's transaction history is considered excess personal information, whereas requesting a credit report is not. It is also not acceptable to request information on personal characteristics protected under the Human Rights Act 1993 (such as sex, relationship or family status, religious or ethical belief, colour, race or ethnic or national origins, physical or mental disability or illness, age, political opinion, employment status, sexual orientation or gender identity).

Measures adopted by the Privacy Commissioner include introducing an anonymous tip line for tenants to report non-compliance.

Our View

On releasing its official guidance, the Privacy Commissioner's comment is quoted in the Privacy Commission 10 November 2021 media release; "As we move into this compliance phase, rental sector agencies must be aware of their obligations and responsibilities. There are now no excuses for over-collection and unauthorised use of personal information and there will be consequences for non-compliance".  

In our view, this comment should be a warning to all industries. The new Act and Privacy Principles will continue to evolve and mature in a fast-moving data-driven economy. The message is clear – the Privacy Commissioner is seeking to flex its enforcement powers under the new Act. This means it is important for businesses to constantly review their policy on collecting personal information from individuals, revising whether existing information being collected is necessary for its lawful purpose and considering whether it is actually necessary to collect it.

Summary

PP1 is one of the 13 information Privacy Principles in the Privacy Act 2020, all of which require specific attention by businesses collecting personal information. At McVeagh Fleming, we are well-versed in the provisions of the Privacy Act 2020 and Information Privacy Principles, and are ready to assist your business with on both advisory and compliance. If you have any questions relating to Privacy Principle One (or any other of the Privacy Principles) or the Privacy Act 2020, and how they relate to your business, please direct any enquiries to:  

Andrew Knight on (09) 306 6730 (aknight@mcveaghfleming.co.nz); or

Linda Packer on (09) 915 2575 (lpacker@mcveaghfleming.co.nz)

See our Expertise pages

Business and Corporate

Commercial and Consumer Law

Contract Law

Privacy and Data Protection

© McVeagh Fleming 2021

This article is published for general information purposes only.  Legal content in this article is necessarily of a general nature and should not be relied upon as legal advice.  If you require specific legal advice in respect of any legal issue, you should always engage a lawyer to provide that advice.

Recent Posts

Beyond Paper: the Power of Implied Agreements
Holding Overseas Manufacturers Accountable
Accredited Employer Work Visa – New business issues, and the application of compliance for all
Construction contract disputes
Can bad behaviour cost you during divorce or separation?
Legislative gap leaves New Zealand exposed to deepfakes
Maintenance after the end of a relationship
Earthquake-prone buildings: Are you on shaky ground?
Selling a business (pet treats) and the consequences of misrepresentation
A large compensation payment for bullying
Subscribe to Updates

Related Topics

Business & Corporate
Commercial & Consumer Law
Contract Law
Privacy & Data Protection

All Topics

Anti-Money Laundering
Banking & Finance
Bankruptcy & Personal Insolvency
Business & Corporate
Care of Children
Commercial & Consumer Law
Commercial Contracts
Commercial Land & Property Disputes
Commercial Property & Bodies Corporate
Company
Company & Corporate Structuring
Company & Shareholders
Construction & Building Matters
Construction & Property Disputes
Consumer & Fair Trading Claims
Contract Law
Countering Financing of Terrorism
Covid-19 updates
Criminal & Traffic Offences
Developments
Disruptive Innovation
Domestic Violence
Employment - Employees
Employment - Employers
Enforcement of Guarantees
Estate Administration
Family Law & Relationship Property
Family Protection Act
Family Violence
Financial Adviser & Financial Service Provider Compliance & Advice
Guarantees
Immigration
Incorporated Societies
Insolvency & Debt Recovery
Intellectual Property
Land & Property Disputes
Litigation & Disputes
Maritime Law
Mergers, Sales & Acquisitions
Money Claims
Notary Public
Offers of Financial Products & Financial Markets Advice
Personal
Privacy & Data Protection
Property
Relationship Property
Residential Property – Buying & Selling
Resource Management & Environmental Issues
Resource Management, Subdivisions & Environmental Issues
Securities Law
Separation & Dissolution (Divorce)
Telecommunications Law
Trusts
Trusts & Estate Litigation
Wills & Enduring Powers of Attorney

Subscribe to receive updates

I would like to receive updates for:
Thank you for subscribing. Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again.
AUCKLAND : +64 9 377 9966
NORTH HARBOUR : +64 9 415 4477
MANUKAU : +64 9 262 0330
Translation:
Terms of usePrivacy Policy
©2024 McVeagh Fleming
All rights reserved