Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Regulated data services - Additional obligations - Requirements for requests, providing services, and making information available

31: Data holders must comply with requirements for requests, providing services, and making information available

You could also call this:

“Companies with data must follow rules when sharing or using it”

This law says that if you hold data, you have to follow certain rules. These rules are set out in regulations and standards. You need to follow these rules when someone asks you for data services, when you provide those services, and when you give information to certain people.

You must follow these rules exactly as they are written in the regulations and standards. This means you have to do things in a specific way.

The law also says that you might need to give information to different people. These could be customers, secondary users (people who use the data but aren’t the main customer), other data holders, accredited requestors (people who are allowed to ask for data), the chief executive, or even members of the public.

Remember, if you hold data, it’s your job to follow these rules carefully to make sure you’re doing the right thing with people’s information.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS789750.

Topics:
Money and consumer rights > Consumer protection Business > Industry rules Business > Fair trading Rights and equality > Privacy
Previous

30: Offence for failing to comply with notice to test electronic system, or

"You can get in trouble if you don't follow a notice to test an electronic system"

Next

32: Requirements for data holders in regulations or standards, or

"Rules for keeping and sharing customer and product information"

Part 2 Regulated data services
Additional obligations: Requirements for requests, providing services, and making information available

31Data holders must comply with requirements for requests, providing services, and making information available

  1. A data holder must comply with the requirements specified in the regulations and the standards in connection with the following:

  2. receiving requests for regulated data services (including in relation to performing an action):
    1. providing those services or otherwise responding to those requests:
      1. notifying or otherwise making available information to any of the persons referred to in subsection (3).

        1. The requirements must be complied with in the manner prescribed in the regulations or standards.

        2. For the purposes of subsection (1)(c), a data holder may be required to notify or otherwise make available information to any of the following:

        3. a customer:
          1. a secondary user:
            1. another person that is a data holder:
              1. an accredited requestor:
                1. the chief executive:
                  1. any member of the public or any class of the public.