Data Protection and Use

To provide clear guidance for how personal information can and can't be used in the social sector.

New Zealanders need confidence that their privacy is not breached, and their safety and wellbeing is not compromised when dealing with government and organisations within the social sector. 

Currently, there are a wide range of laws, guidelines and codes of practice that inform how and when personal information is collected, used and shared in the social sector. They can be hard to navigate which can cause confusion about what is and isn’t appropriate with respect to using peoples’ personal information.

We are developing a policy that we see as being a combination of principles, protocols, guidance, and potentially digital tools to enable everyone to easily understand what's appropriate, what's not, and how to do things safely when personal information has a role to play. We are calling this the Data Protection and Use Policy. It’s important to know that this policy will not change the law. 

Overview of the Data Protection and Use Policy

The Policy must provide practical and easy to understand guidance on how the social sector can:

  • Collect, use and share personal information safely, legally, ethically, within privacy requirements, and respecting cultural differences.
  • More easily identify limitations on the collection and use of personal information, and when alternative approaches are more appropriate.
  • Help service users understand how their information may be used.
  • Improve transparency and communication between providers and service users about the collection and use of personal information.
  • Share information or insights with service providers and communities for better outcomes.

Our engagement on the Data Protection and Use Policy

We have recently engaged with a range of service users (for example, users of youth, housing and mental health services among others), and non-governmental organisations (NGOs) and government agencies that provide social services to get their input on the development of the Data Protection and Use Policy.

Our engagement ran from late May until early September. Through this engagement, we heard people’s views on what they think needs to be included in this policy, including suggestions for ‘rules, tools and guides’.

What we heard through this engagement is informing a Data Protection and Use Policy. You can read the findings report from our engagement here.

Since the engagement period finished, we have been working with non-government organisations and government agencies to develop a ‘toolkit’ to enable improved protection and use of data across the sector. We propose that this toolkit will form part of the Policy.

Public consultation in 2019

We plan to take the Data Protection and Use Policy to Cabinet in early 2019. We will follow this with a public consultation process in the second quarter of 2019.

The purpose of this consultation will be to gather feedback on the Policy and to discuss the proposed implementation approach to ensure that those who are impacted by the Policy have the opportunity to provide their views prior to it being finalised through Cabinet.

Further details can be found in the programme timeline.


If you have any questions, check out the FAQs page or email us.


Export PDF