Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Additional obligations - Requirements for requests, providing services, making information available, and dealing with data

32: Requirements for data holders in regulations or standards

You could also call this:

“Rules for companies on handling and sharing your information”

The new law wants to make rules about how companies handle your information and provide services related to that information. These rules might cover several areas:

You might have to pay for some services that use your information. The law could say when companies can or can’t charge you, and how much they’re allowed to ask for.

Companies might need to tell you and others certain things about how they use your information. The law could say what they need to tell you, when they need to tell you, and how they should explain it.

The law might also set rules about how your information should be organised and described. It could say how companies should receive and answer requests for services that use your information. For example, they might need to use a special computer system to do this.

There might be rules about how good the information needs to be, and how companies should check that it’s okay to share your information.

When the law talks about ‘data’, it means information about you as a customer or about products you use.

Remember, this is just a proposal for a new law. It’s not in effect yet, but it’s being considered to help protect your information and make sure services that use it are fair and clear.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on 11 December 2024

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS721598.

31: Data holders must comply with requirements for requests, providing services, and making information available, or

“Data keepers must follow new rules for handling information and requests”

33: Accredited requestors must comply with requirements for dealing with data and making information available, or

“Approved information handlers must follow special rules for using and sharing data”

Part 2 Regulated data services
Additional obligations: Requirements for requests, providing services, making information available, and dealing with data

32Requirements for data holders in regulations or standards

Regulations or standards made for the purposes of section 31 may (without limitation) relate to any of the following:
Charges in connection with regulated data services
requirements about charging amounts payable in connection with regulated data services, including—
1. when an amount may, must, or must not be charged; and
2. prohibitions or restrictions relating to charging those amounts (for example, a cap on how much may be charged):

Notifying or otherwise making available information

the information that must be notified or otherwise made available to any person referred to in section 31(3), the times at which, or the events on the occurrence of which, information must be notified or made available, and the manner of notifying or making available the information (including prescribing the manner in which the information is to be presented, calculated, or prepared):

Data

the format and description of data:
the manner in which requests for regulated data services are received and responded to (for example, a requirement to use an application programming interface (API)):
data quality:

Confirmation

the manner in which authorisations are confirmed under section 38(2).

In this section, data means designated customer data or designated product data (or both), as the case may be.