Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Preliminary provisions - Overview

4: Overview

You could also call this:

“This new law explains how some companies might share your information and product details”

This new law might control how some people and companies share information. It’s about two types of data: customer data and product data.

For customer data, if a company is chosen by the new rules and they have your information, you can ask them to share it or do something with it. You can ask yourself, or you can let someone else ask for you if they’re allowed to. The company usually has to do what you ask, but there are some rules to keep things safe. They need to make sure it’s really you asking and have a way for you to complain if something goes wrong.

For product data, if a company is chosen by the new rules and they have information about their products, anyone can ask for that information. The company usually has to share it, but sometimes they can say no.

There will be more detailed rules about which companies have to follow this law and exactly what they need to do. There will also be technical rules about how the information should be shared.

Some companies might not have to follow all the rules if they’re given special permission.

Remember, this is just a simple explanation of what the new law might do. It’s not the actual law yet.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS702296.

Previous

3: Purpose, or

“This law helps you see and share your information to make things better for everyone”

Next

5: Interpretation, or

“Words and ideas explained: Understanding important terms in the Customer and Product Data Bill”

Part 1 Preliminary provisions
Overview

4Overview

  1. This Act regulates data services provided by persons that are designated as data holders under subpart 2 of Part 5.

  2. Services relating to customer data are regulated as follows:

    The following table is small in size and has 2 columns.
    If ... A person (a data holder) is specified, or belongs to a class specified, in designation regulations; and
    it holds customer data of the kind specified in the regulations; and

    either—

    • a customer requests the data or requests that the data holder perform an action; or

    • an accredited requestor authorised by the customer requests the data or requests that the data holder perform an action.

    Then ... The data holder must comply with the request (sections 14, 15, 18, and 19).
    However ...

    Certain protections apply, including duties to—

    • confirm that the customer has authorised the request (section 38); and

    • check the identity of the person who makes the request (section 44); and

    • have a complaints process (section 49).

    In addition,—

    • the data holder may or must refuse the request in certain circumstances (sections 16 and 20); and

    • only a person granted accreditation under subpart 3 of Part 5 may act as an accredited requestor; and

    • an accredited requestor may only act within the class of its accreditation.

  3. Services relating to product data are regulated as follows:

    The following table is small in size and has 2 columns.
    If ... A person (a data holder) is specified, or belongs to a class specified, in designation regulations; and
    it holds product data of the kind specified in the regulations; and
    a person requests the data.
    Then ... The data holder must comply with the request (section 22).
    However ... The data holder may refuse the request in certain circumstances (section 23).

  4. Additional details are set out in secondary legislation, including as follows:

    The following table is small in size and has 2 columns.
    Designation regulations which designate the data holders and classes of data that are regulated under this Act (subpart 2 of Part 5).
    Other regulations which specify general requirements relating to regulated data services (section 126).
    Standards which specify technical requirements relating to regulated data services (section 132).

  5. Data holders and accredited requestors may be granted exemptions under section 135.

  6. This section is only a guide to the general scheme and effect of this Act.