New Zealand
| OVERVIEW | New Zealand has well-developed privacy and data protection legislation. The Privacy Act was passed in April 1993. The Act applies to almost every person, business or organization in New Zealand. It sets out 12 information privacy principles, which guide how personal information can be collected, used, stored and disclosed. |
| ENACTED | 1993 |
| GENERAL PRIVACY LAWS | The New Zealand Court of Appeals has interpreted Article 21 of the New Zealand Bill of Rights Act of 1990 as protecting the right to privacy. Article 21 provides: “Everyone has the right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence or otherwise.” |
| PERSONAL DATA PROTECTION LAWS AND REGULATIONS |
New Zealand’s Privacy Act of 1993 Regulates the collection, use and dissemination of personal information in both public and private sectors. Grants individuals the right to have access to their personally identifiable information held by any agency. Creates 12 “Information Privacy Principles” based on the 1980 Organization of Economic and Cooperation Development (OECD) and the information privacy principles in Australia’s Privacy Act of 1988. Authority concerning data protection rights is granted to the Office of the Privacy Commissioner, an independent oversight authority that was created in 1991 as part of the Privacy Commissioner Act. |
| TYPE OF DATA PROTECTED | Personal Data. |
| WORKPLACE PRIVACY LAWS |
Employers must obtain the consent of the employees and have the appropriate policies in place for such monitoring. Otherwise, any workplace monitoring must be done in accordance with the Privacy Act of 1993. It has been widely reported by commentators in New Zealand that it is widely accepted for employers to monitor employees’ email sent from work computers. The New Zealand Privacy Commissioner has provided a “how-to-guide” for employers and gives the following steps for conducting workplace monitoring: Determine legitimate justification for monitoring.
The Employment Court was unsympathetic to the claims by three employees who were fired for exchanging offensive emails. In Clarke v. Attorney General [1997] ERNZ 600. Under the Privacy Act, employers may undertake monitoring in the workplace under certain conditions: there must be a lawful purpose and the information collected must be necessary to achieve that purpose. Employers must ensure that unfair or reasonably intrusive means are not used during monitoring. Covert monitoring in the workplace is permitted if open monitoring would prejudice the purpose for which emails are to be monitored. In such cases, employee consent is not required |
| TRANSBORDER TRANSFERS |
There are no provisions in the Privacy Act related to data registration. Part 11A regulates the transfer of personal information outside of New Zealand. The law authorizes the Commissioner to prohibit the transfer of personal information outside of New Zealand to a country where the data will not be protected or where its processing would violate the privacy principles under the Act. |
| FINES AND SANCTIONS | There are numerous enforcement mechanisms under the Act, including proceedings before the Human Rights Commission, the Privacy Commissioner and the courts. Successful plaintiffs can recover damages, costs and attorneys’ fees. |
| OTHER PRIVACY LAWS AND REGULATIONS |
There are numerous privacy codes that have been recognized by the Privacy Commissioner. These codes of practice include the following:
There are also numerous sector-specific laws regulating privacy and data protection. |
