Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Your rights

A man in his 20s is wearing black jeans and a grey top. He is sitting down outsite and has a toddler on each side of him. He looks happy. Everyone in New Zealand has privacy rights, regardless of their age or circumstances. If those rights are breached, then you can tell us about it

It’s free to complain to the Privacy Commissioner but before you do, you need to complain directly to the business or organisation that you feel has breached your privacy. Read more about how complaining to us works.

What is personal information?

Personal information is any information that tells us something about a specific identifiable person. The information doesn’t need to name them if they are identifiable in other ways, like through their home address.

The Privacy Act is concerned with personal information. All sorts of things can contain personal information, including notes, emails, recordings, photos and scans, whether they are in hard copy or digital.

Your rights under the Privacy Act

Knowing when and why your information is being collected

  • Businesses and organisations (called agencies in the Privacy Act) need to tell you when they’re collecting your personal information and how they’ll use it.
  • The information collected must be for a specific, legitimate purpose and you should be told what purpose that is.

Your information is used and shared appropriately 

  • Businesses and organisations can generally only use your information for the reason they collected it.
  • Your information won’t be shared except in certain circumstances, which are outlined in the Act.
  • Businesses and organisations must have safeguards in place to keep your information secure and protect it from loss, misuse, or unauthorised access.

You can have access to your own information

  • You can ask any business or organisation to provide the information they have about you. Use our AboutMe tool to request your information. This right extends to small and large businesses, government departments, schools, sports clubs, charities, and community groups.
  • You can ask for your information by email, letter, phone, or in person – whatever works for you.
  • Businesses and organisations need to respond to your request in 20 working days. Use the response calendar on this page to work out when you can expect your information. 

You can’t ask for another person’s information under the Privacy Act unless you’re acting on their behalf and have written permission.

You can correct your own information

  • You can ask any business or organisation to correct any information it holds about you that you think is wrong, incomplete, or misleading.
  • Businesses or organisations need to either make the change, or (if they disagree with you) make a note of the change you requested and attach it to that information. 

Which agencies need to follow the Privacy Act? 

Almost all organisations and businesses must follow the Privacy Act. That includes hospitals, government departments, clubs, schools, churches, shops and more. 

In most cases, the Privacy Act does not apply to the domestic affairs of individuals, unless the collection, use, or disclosure of the personal information involved is highly offensive.

Read the detail of the Privacy Act’s 13 principles and what they mean

Read the Privacy Act 2020 legislation