Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Additional obligations - Secondary users

24: How data holders and accredited requestors must deal with secondary users

You could also call this:

“Rules for dealing with people who act on behalf of customers”

This proposed law explains how data holders and accredited requestors should work with secondary users. Secondary users are people who can act on behalf of customers in certain situations.

The law says that rules will be made about when and how secondary users can make requests or give permissions for customers. These rules will also say how data holders and accredited requestors should handle these requests and permissions.

The law might include rules about how someone can be approved as a secondary user, and how this approval can be changed or cancelled.

The law defines a secondary user as someone who fits into a specific group described in the rules, and who has been approved (if needed) to act for a certain type of customer.

Remember, this is just a proposed law, not something that’s in effect right now. It’s suggesting ways to manage situations where someone needs to act on behalf of a customer when dealing with their data.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS836362.

Previous

23: Data holder may refuse request for data in certain circumstances, or

“Sometimes companies can say no to sharing data”

Next

25: Regulations may require requests to be made or authorisations to be given only by secondary users, or

“Rules may limit who can ask for or allow access to customer information”

Part 2 Regulated data services
Additional obligations: Secondary users

24How data holders and accredited requestors must deal with secondary users

  1. A data holder and an accredited requestor must deal with a secondary user in the manner prescribed by the regulations, including in connection with the following:

  2. when or how a secondary user may or must make a request or give an authorisation under subpart 1 on behalf of a customer; and
    1. how the data holder or an accredited requestor may or must deal with a request or an authorisation from a secondary user; and
      1. when a request made or an authorisation given by a secondary user must be treated as effective (or ineffective) for the purposes of this Act.

        1. Regulations made for the purposes of subsection (1) may (without limitation) provide for any of the following:

        2. whether, when, or how a person may or must be approved, or treated as being approved, to do either or both of the following:
          1. make a request under subpart 1 on behalf of a customer:
            1. give an authorisation under subpart 1 on behalf of a customer:
            2. when or how the approval referred to in paragraph (a) may be viewed, changed, or revoked.

              1. Sections 14 to 20 are subject to this section.

              2. A person (A) is a secondary user in relation to a customer (B) if—

              3. A is specified, or belongs to a class specified, in designation regulations as a secondary user in relation to a class of customers; and
                1. B belongs to that class of customers; and
                  1. where required by the regulations, A has been approved, or is treated as being approved, as a secondary user in the manner required by the regulations (and that approval has not been revoked or otherwise ceased to be in effect).

                    1. If regulations provide for approval of a person as a secondary user, the regulations may also provide for the manner in which the approval may or must be given, viewed, changed, or revoked.