Guidance is now available to help government agencies to implement the ‘Standard for providing non-government third parties with access to, or collection of, government-held personal information’.
A risk-informed approach
Before sharing personal information, government agencies need to assess the risks and determine if a legally binding agreement is required.
This guidance helps agencies to, for example:
- implement the standard when sharing personal information to deliver public services
- work with non-government third parties if a legally binding agreement is required
- record protections in sharing agreements and get assurance they are working properly
- choose model clauses for a legally binding agreement from a template.
Subject matter experts from a range of government agencies that share personal information helped to create this guidance.
Who this guidance is for
This guidance will help all:
- public service departments and departmental agencies that are required to implement this standard
- state services agencies who want to implement the standard.
Guidance topics and links
- Purpose and scope — of the standard and guidance.
- Definitions — for words that have a specific meaning in the context of the information sharing standard.
- Agency responsibilities — when sharing personal information with third parties.
- Sharing Māori data — agency responsibilities when sharing Māori data with third parties.
- Due diligence — factors to inform an agency’s due diligence process.
- Risk assessment guidance — how to do a proportional agency risk assessment and the areas to cover.
- Assurance — the assurance measures and requirements.
- Legally binding agreements — when they are needed and what they must include.
- Template of model clauses — examples of legally binding clauses to use in an agreement.
Read the information sharing standard
Contact us
For further information, to ask questions or give feedback, email the Government Chief Digital Office (GCDO).
Email: gcdo@dia.govt.nz
Published
31 October 2025
