Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Protections - Restriction on who may request regulated data service

45: Verification of identity of person who makes request

You could also call this:

“Checking who you are when you ask for information”

When someone asks a data holder for a regulated data service about a customer, the data holder must check who the person is before they do anything else. They have to make sure the person asking is who they say they are. The data holder can’t give out any information until they’ve done this check. They need to check the person’s identity in the way that the rules say they should. These rules are written down in regulations and standards.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS700323.

Topics:
Money and consumer rights > Consumer protection Rights and equality > Privacy
Previous

44: Offence for contravention of request restriction, or

"You can get in trouble for asking for private information when you're not supposed to"

Next

46: Data holder must keep records about regulated data service, or

"Companies must keep track of how they share people's information"

Part 3 Protections
Restriction on who may request regulated data service

45Verification of identity of person who makes request

  1. This section applies if a data holder receives a request to provide a regulated data service relating to a customer.

  2. The data holder—

  3. must verify the identity of the person who made the request; and
    1. must not provide the regulated data service until it has complied with paragraph (a).

      1. The data holder must verify the identity of a person in the manner (if any) prescribed by the regulations and the standards.