Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Miscellaneous provisions - General

201: Privacy officers

You could also call this:

“Organisations must appoint privacy officers to ensure compliance with personal information rules”

You need to know about privacy officers in organisations. An organisation must choose one or more people to be privacy officers. These officers can be from inside or outside the organisation. Their job is to help the organisation follow the rules about personal information.

Privacy officers have several important tasks. They encourage the organisation to follow the Information Privacy Principles. They handle requests made to the organisation under the Privacy Act. They work with the Privacy Commissioner when there are investigations about the organisation. They also make sure the organisation follows all the rules in the Privacy Act.

There are some exceptions to this rule. If you’re just a person collecting and keeping personal information for your own personal or family matters, you don’t need to appoint a privacy officer.

For government departments that are part of a larger organisation, the smaller department is responsible for having privacy officers for its own work.

Part 5 of the Privacy Act has more information about investigations by the Privacy Commissioner.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23683.

Topics:
Rights and equality > Privacy
Previous

200: Power to amend Schedule 8 by Order in Council, or

“Governor-General can update or replace rules in Schedule 8”

Next

201A: Responsibility under Parts 4 to 6 for interdepartmental executive board, or

“Servicing department handles privacy matters for joint government boards”

Part 9 Miscellaneous provisions
General

201Privacy officers

  1. An agency must appoint as privacy officers for the agency 1 or more individuals (within or outside the agency) whose responsibilities include—

  2. encouraging the agency to comply with the IPPs:
    1. dealing with requests made to the agency under this Act:
      1. working with the Commissioner in relation to investigations conducted under Part 5 in relation to the agency:
        1. ensuring that the agency complies with the provisions of this Act.

          1. Subsection (1) does not apply to an agency that is an individual who is collecting and holding personal information solely for the purposes of, or in connection with, the individual’s personal or domestic affairs.

          2. In relation to the functions of a departmental agency, the responsibility under this section lies with the departmental agency.

          Compare
          Notes
          • Section 201(3): inserted, on , by section 128 of the Public Service Act 2020 (2020 No 40).