Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Access to and correction of personal information - Access to personal information

57: Responsibilities of agency before giving access to personal information

You could also call this:

“Agencies must verify identity and consent before releasing personal information”

When you ask an organisation for your personal information, they have to follow some rules before they give it to you. First, they need to make sure you are who you say you are. They can’t give you the information if they think someone is forcing you to ask for it.

The organisation also has to be careful about how they give you the information. They need to make sure that only you get it, or if someone else is asking for you, that only you or that person gets it.

If someone else is asking for your information for you, they need to show that you said it was okay. This could be a letter from you saying it’s alright, or some other way that proves you gave them permission.

These rules are there to protect your personal information and make sure it doesn’t end up in the wrong hands.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23404.

Topics:
Rights and equality > Privacy
Previous

56: Ways personal information in document may be made available, or

“How agencies can provide you with your personal information”

Next

58: Interpretation, or

“Understanding key terms for fixing or updating your personal information”

Part 4 Access to and correction of personal information
Access to personal information

57Responsibilities of agency before giving access to personal information

  1. If an agency receives a request to access personal information, the agency—

  2. may give access to the information only if the agency is satisfied of the identity of the requestor; and
    1. must not give access to the information if the agency has reasonable grounds to believe that the request is made under the threat of physical or mental harm; and
      1. must ensure, by the adoption of appropriate procedures, that any information intended for a requestor is received—
        1. only by that requestor; or
          1. if the request is made by a requestor as the representative of an individual, only by the requestor or the individual; and
          2. must ensure that, if the request is made by a requestor as agent for an individual, the requestor has the written authority of the individual to obtain the information, or is otherwise properly authorised by the individual to obtain the information.

            Compare