Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Main obligations - Designated actions

18: Data holder must perform certain actions on customer’s request

You could also call this:

“Data holders must follow customers' requests for certain actions”

This proposed law says that if you, as a customer, ask a data holder to do something for you, they must do it if certain conditions are met. A data holder is someone who holds your data, like a bank or a phone company.

The conditions that need to be met are:

  1. The action you’re asking for must be on a special list called ‘designated actions’.
  2. The data holder usually does this kind of thing as part of their normal business.
  3. Your request must be valid and made using a special system described in section 27 of this law.

If all these conditions are met, the data holder has to do what you’ve asked.

The law also says that when deciding if a data holder usually does something as part of their business, people need to look at any rules set out in regulations and standards.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS853365.

Previous

17: Sections 14 and 15 do not prevent request to access personal information being made in some other manner, or

“You can still ask for your personal information in other ways”

Next

19: Data holder must perform certain actions on accredited requestor’s request if customer’s authorisation is confirmed, or

“Data holder must act on approved requests when customer gives permission”

Part 2 Regulated data services
Main obligations: Designated actions

18Data holder must perform certain actions on customer’s request

  1. This section applies if—

  2. a customer requests that a data holder perform an action relating to the customer; and
    1. the requested action is a designated action; and
      1. the data holder would ordinarily perform the action to which the request relates in the course of the data holder’s business (see subsection (3)); and
        1. the request—
          1. is a valid request; and
            1. is made using the system described in section 27.

            2. The data holder must perform the action.

            3. When considering whether a data holder would ordinarily perform an action in the course of its business, regard must be had to the matters (if any) prescribed in the regulations and the standards.