Governance Manual

Email this page
Print this page

12.3 Privacy Act

The Privacy Act 1993 controls how agencies collect, use, disclose, store and give access to information which may lead to an individual’s identification, such as names, birth dates, addresses, financial data and employment details. It does not include company or organisational information.

  1. Purpose

    The Privacy Act’s aim is to promote and protect individual privacy. The focus is on purpose, not consent. When the council collects information, it must make it very clear why it is collecting their information and what it intends to do with it. Because the council only has to make individuals aware of what it will do with their information, it does not require their consent.

  2. Privacy principles

At the heart of the Privacy Act are 12 principles: 



Principle 1 – purpose for collection

Collect information only when needed for a lawful purpose

Principle 2 – source of information

Obtain the information directly from the person concerned if possible

Principle 3 – what to tell an individual

Tell the person what you are doing (what is being collected, why, the recipients and the agency that holds it

Principle 4 – manner of collection

Do not use unfair or unreasonably intrusive means of collecting the information

Principle 5 – storage and security

Ensure the information is stored securely against loss, unauthorised access and misuse

Principle 6 – access

The person can ask to see the information

Principle 7 – correction

The person can ask to correct his/her information

Principle 8 – accuracy

Make sure the information is accurate before you use (process) it

Principle 9 – retention

Dispose of the information once you have finished with it

Principle 10 – use

Use the information only for the purpose for which it was obtained

Principle 11 – disclosure

Disclose the information only if this was the reason for obtaining it

Principle 12 – unique identifiers

Use unique identifiers in place of a person’s name only where necessary

These principles reflect internationally-accepted standards for handling personal information

  1. Access requests

    Under Principle 6, individuals are entitled to know if the council holds information on them and access it if it is readily retrievable.  Information is not limited to written documentation but can extend to information that is known by staff.

    However, the right to access personal information is not absolute and the council is permitted to withhold it in certain circumstances. Grounds for withholding information are set out in sections 27-29 of the Privacy Act.

    Requests for access to personal information are managed by the Privacy and LGOIMA team in the Democracy Services department. The council cannot charge for requests to access personal information.  

  2. Privacy Programme

    A privacy programme was initiated in 2016 to improve Auckland Council’s compliance under the Privacy Act 1993. The programme aims to raise awareness and educate staff about the council’s privacy obligations, improve processes around handling personal information, implement a breach management process and measure progress through key performance indicators.The programme is led by the Privacy Programme Manager in the Democracy Services department. A key component of the programme is the Privacy Officers’ Network. The Privacy Act requires councils to have a Privacy Officer to promote compliance with the Act. Auckland Council has a Privacy Officers’ Network of council and CCO staff, who advocate and advise on privacy best practice. The network provides education and advice on issues and trends in the privacy and information areas, and can assist with requests for personal information and investigations of the Privacy Commissioner. Information for council staff on how to contact the Privacy Officers’ network can be found here.

  3. What is an interference with privacy
    An ‘interference with privacy’ is a legal term covering a breach of the privacy principles (e.g. where personal information has been disclosed by mistake or without legal authority) and any resulting harm.



Previous | Next