Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Additional obligations - Secondary users

25: Regulations may require requests to be made or authorisations to be given only by secondary users

You could also call this:

“Rules may limit who can ask for or allow access to customer information”

The proposed law says that rules might be made about who can ask for or allow access to certain customer information. These rules would apply to specific types of customers.

If these rules are put in place, they would say that only certain people, called ‘secondary users’, can make requests or give permission for requests on behalf of these customers.

If someone tries to make a request or give permission in a way that doesn’t follow these rules, it won’t count. The request or permission won’t work.

This is part of a bigger set of rules about how customer information can be shared and who can ask for it.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS920920.

Previous

24: How data holders and accredited requestors must deal with secondary users, or

“Rules for dealing with people who act on behalf of customers”

Next

26: When request is valid, or

“Rules for making a valid request for information or action”

Part 2 Regulated data services
Additional obligations: Secondary users

25Regulations may require requests to be made or authorisations to be given only by secondary users

  1. This section applies if the regulations provide that a particular kind of customer may make a request or authorise an accredited requestor to make a request under subpart 1 only if that is done on their behalf by 1 or more secondary users.

  2. A request or an authorisation in respect of the customer is of no effect under subpart 1 if it is made or given otherwise than in accordance with those regulations.