The Privacy Act 2020 (New Zealand)
Purpose
The Privacy Act 2020 protects individuals’ rights to privacy in the digital age. It ensures that organizations handle personal information responsibly—across collection, storage, and sharing.
Key Principles
Transparency Individuals must be informed about what data is collected and why.
Consent Personal data cannot be shared without clear permission.
Access & Correction People have the right to view and correct their personal information.
Security Organizations must safeguard data against unauthorized access or misuse.
Relevance to IT Practices
Modern IT systems must align with the Privacy Act’s requirements:
Customer Databases & Cloud Storage All personal data must be stored securely and accessed only by authorized parties.
Third-Party Integrations External services must comply with privacy standards and user consent protocols.
Privacy-by-Design Systems should be built with privacy features from the ground up—such as encrypted forms, secure login, and minimal data retention.
Breach Notification If a data breach is likely to cause harm, affected individuals must be notified promptly.
Māori Data Sovereignty (Te Mana Raraunga)
In Aotearoa New Zealand, Māori data is considered taonga (treasure). The principles of Te Mana Raraunga emphasize:
-
Self-Determination Iwi, hapū, and whānau have the right to control how their data is collected, stored, and used.
-
Kaitiakitanga (Guardianship) IT professionals must act as respectful stewards of Māori data, ensuring cultural integrity and protection.
-
Cultural Respect in Design Systems should reflect Māori values, language, and protocols—especially when handling identity, whakapapa, or community data.