Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Access to and correction of personal information - Access to personal information

57: Responsibilities of agency before giving access to personal information

You could also call this:

"Agencies must check who you are and make sure you're safe before sharing your personal info"

Illustration for Privacy Act 2020

When you ask an agency for your personal information, they must check you are who you say you are before giving it to you. They cannot give you the information if they think someone is forcing you to ask for it. The agency must make sure only you, or someone you have chosen to represent you, gets the information.

The agency must also check if the person asking for your information has your permission to do so. If someone is asking for your information on your behalf, the agency needs to see a written note from you saying it is okay. You can find more information about this in the Privacy Act. The agency has to follow these rules to keep your information safe.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23404.

Topics:
Rights and equality > Privacy
Previous

56: Ways personal information in document may be made available, or

"How you can get access to your personal information in a document"

Next

58: Interpretation, or

"Understanding key terms for fixing or updating your personal information"

Part 4Access to and correction of personal information
Access to personal information

57Responsibilities of agency before giving access to personal information

  1. If an agency receives a request to access personal information, the agency—

  2. may give access to the information only if the agency is satisfied of the identity of the requestor; and
    1. must not give access to the information if the agency has reasonable grounds to believe that the request is made under the threat of physical or mental harm; and
      1. must ensure, by the adoption of appropriate procedures, that any information intended for a requestor is received—
        1. only by that requestor; or
          1. if the request is made by a requestor as the representative of an individual, only by the requestor or the individual; and
          2. must ensure that, if the request is made by a requestor as agent for an individual, the requestor has the written authority of the individual to obtain the information, or is otherwise properly authorised by the individual to obtain the information.

            Compare