Privacy organisations

The role of the GCPO is to assist agencies meet their privacy obligations and raise their privacy maturity and capability.

The GCPO works with and supports agencies’ privacy officers to improve their agency’s privacy practices. Guidance and resources from the GCPO help privacy officers develop and implement robust privacy management programmes.

More information:

• Government system leads

The OPC is the regulator of the privacy system. The OPC provides guidance to help agencies understand and apply the Privacy Act’s Information Privacy Principles.

The OPC is also responsible for investigating complaints about privacy breaches, monitoring information matching programme between agencies, and developing codes of practice for specific industries and sectors.

The OPC website has training modules and their AskUs, a searchable knowledge base, provides useful guidance about privacy issues.

More information:

• OPC — Privacy Act and codes of practices
• OPC — Privacy breaches
• OPC — free online training modules
• OPC — AskUs knowledge base

The Ministry of Justice administers the Privacy Act and is responsible for the operation of the legislation and for making recommendations to the government of the day about improving it.

In this role, the Ministry of Justice drafted the new Privacy Act to implement recommendations made by the Law Commission in 2011. The Law Commission found that the Privacy Act 1993’s principles needed updating to better address the challenges of the digital age. The Privacy Act 2020 repeals and replaces the Privacy Act 1993.

More information:

• Ministry of Justice — Privacy

As digital technology continues to become further integrated into New Zealanders’ everyday lives at an ever-increasing rate, it presents a number of human rights challenges. The Human Rights Commission works on the human rights implications of digital technology, the right to privacy and how data is used.

The Human Rights Commission is New Zealand’s national human rights institution. Its role is to advocate and promote respect for human rights in New Zealand.

It works with national and international organisations and networks, including other government organisations such as the Privacy Commissioner, Health and Disability Commissioner and voluntary organisations such as the Citizens Advice Bureau, Diversity Works and the New Zealand Human Rights Network.

More information:

• The Human Rights Commission

The Privacy Foundation advocates for the protection of the privacy rights of New Zealanders by providing independent, informed and fair public comment on privacy. They conduct research and education to highlight privacy risks in all forms of law, technology and practice, and campaign for practical and fair solutions.

More information:

• Privacy Foundation NZ

The Privacy Officer Round Table is a voluntary, self-managing group of privacy officers and personnel in both public and private sector organisations that hold forums in Auckland, Wellington and Christchurch.

Privacy Officer Round Table forums provide members with an opportunity to network and informally discuss issues or trends in the privacy and information management areas.

People from any public and private agency, in the role of privacy officer or associated position, are welcome to be part of the Privacy Officer Round Table. 

More information:

• Register for the Privacy Officers Round Table

The IAPP is the largest and most comprehensive global information privacy community and resource. The IAPP is a US-based not-for-profit organisation that helps define, support and improve the privacy profession globally. It offers privacy news, training and certification, tools, research and conferences.

More information:

• International Association of Privacy Professionals

Privacy and information security are two-sides of the same coin. Many privacy breaches start as security breaches that lead to personal information being inadvertently or maliciously released to unauthorised persons or organisations.

The role of the Government Chief Information and Security Officer (GCISO) is to co-ordinate the government’s approach to information security, identify systemic risks and vulnerabilities, and establish minimum Information security standards and expectations.

The New Zealand Information Security Manual details the processes and controls essential for the protection of all New Zealand Government information and systems.

More information:

• Government Chief Information Officer
• New Zealand Information Security Manual

NCSC, which is part of the Government Communications Security Bureau (GCSB), helps New Zealand’s public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Their focus is on detecting and disrupting cyber threats that are typically beyond the capability of commercially available products and services, working only with the consent of the organisations concerned.

The NCSC:

• provides protective cyber services, information and guidance to organisations of national significance.
• takes the lead in responding to cyber incidents at national level (for example, incidents that could affect national security and/or our nationally significant systems and information).

More information:

• National Cyber Security Centre

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provides trusted and authoritative information and advice. It’s an important component of New Zealand’s Cyber Security Strategy, contributing to the delivery of the Cyber Security Strategy’s vision of a confident and secure digital New Zealand.

To achieve this vision, CERT NZ works with other organisations in the cyber security environment across the private, public and not-for-profit sectors in New Zealand, including the Department of Internal Affairs, Netsafe, the National Cyber Security Centre (NCSC), and New Zealand Police.

CERT NZ:

• helps business, organisations and individuals wanting prevention and mitigation advice on online security issues that do not require the NCSC’s specialist skills and knowledge to respond to
• has primary responsibility for cyber threat reporting and a coordination role in threat response.

More information:

• CERT NZ
• Cyber Security Strategy