Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Main obligations - Customer data

15: Data holder must provide customer data to accredited requestor if customer’s authorisation is confirmed

You could also call this:

“Companies must share your information when someone you trust asks for it”

The new law would say that when someone you trust asks for your information from a company that has it, the company must give it to them if certain conditions are met. Here’s how it would work:

You would allow a trusted person or company (called an accredited requestor) to ask for your information. They would make this request to the company that has your information (called the data holder). The data holder would need to check that you really did give permission for this.

The information they’re asking for must be special information about you that the law says can be shared. The request needs to be proper and made using the right computer system. The person asking for your information must be allowed to do this kind of thing.

The company with your information would need to make sure that the person asking is who they say they are. If all of these things are true, then the company must give your information to the trusted person or company you chose, using that special computer system.

This new rule would help you share your information with people or companies you trust, while making sure your information is protected.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS709487.

Previous

14: Data holder must provide customer data to customer, or

“Companies must share your info if you ask properly”

Next

16: Data holder may or must refuse request for data in certain circumstances, or

“Companies can sometimes say no to sharing your information to keep you safe”

Part 2 Regulated data services
Main obligations: Customer data

15Data holder must provide customer data to accredited requestor if customer’s authorisation is confirmed

  1. This section applies if—

  2. an accredited requestor (A) requests that a data holder provides data to A in respect of a customer; and
    1. the data holder has carried out confirmation in relation to the request under section 38; and
      1. the data is designated customer data that is about that customer; and
        1. the request—
          1. is a valid request; and
            1. is made using the system described in section 27; and
            2. A is acting within the class of its accreditation; and
              1. the data holder has verified the identity of the person who made the request under section 44(2).

                1. The data holder must provide the data to A using that system.