Privacy Principles Flashcards
What section are the IPPs in
Section 22
What is the definition of “personal information”?
Information about an identifiable individual, including information relating to death
What is the “Purpose of collection of personal information” principle?
IPP 1 - data minimisation.
Agencies must only collect PI for a lawful purpose connected with their functions and activities.
What’s the “Source of personal information” principle
IPP2 - if an agency collects PI it must collect it from the individual concerned
Are there exceptions to IPP2?
Yes - examples are where an agency reasonably believes:
- doing so would not prejudice the individual’s interests
- doing otherwise would prejudice the purpose of collection
- that the individual had authorised third party collection
- legal and public sector reasons
- impracticality
What is IPP3?
Collection of information from subject - agency must take steps to ensure the individual knows the:
- why?
- what?
- where?
- consequences of not providing information
rights
What does s23 provide?
Agency does not breach IPPs for personal information overseas if it discloses under or required by the law of a jurisdiction other than NZ
What’s the section related to personal information stored overseas?
Section 23
What’s the rule and section of PA2020 relating to PI stored overseas?
Section 23 - agency does not breach IPPs for personal information overseas if it discloses under or required by the law of a jurisdiction other than NZ
What does IPP 12 relate to?
Disclosure of PI outside NZ. An agency can only rely on the disclosure principles in IPP11 if IPP 12(1) applies