Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Protections - Restriction on who may request regulated data service

44: Verification of identity of person who makes request

You could also call this:

“Checking who's asking for customer information”

Under the proposed Customer and Product Data Bill, when a data holder gets a request for regulated data service about a customer, they will need to check who is asking for it. The data holder must make sure they know the identity of the person making the request. They can’t give out the data service until they’ve done this check.

The bill says that the data holder has to verify the person’s identity in a specific way. This way of checking will be set out in regulations and standards that go with the law. The data holder must follow these rules when they’re figuring out if the person is who they say they are.

Remember, this is part of a proposed law, not something that’s in place right now. It’s a way to make sure that people’s information is protected and only given to the right people.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS700323.

Previous

43: Offence for contravention of request restriction, or

“You could get in trouble for asking for customer information when you're not allowed to”

Next

45: Data holder must keep records about regulated data service, or

“Keep records about your data services and customer requests”

Part 3 Protections
Restriction on who may request regulated data service

44Verification of identity of person who makes request

  1. This section applies if a data holder receives a request to provide a regulated data service relating to a customer.

  2. The data holder—

  3. must verify the identity of the person who made the request; and
    1. must not provide the regulated data service until it has complied with paragraph (a).

      1. The data holder must verify the identity of a person in the manner (if any) prescribed by the regulations and the standards.