This policy sets out UCOL’s approach to ensure compliance with the Privacy Act 1993 and rules governing access to personal information held by the organisation.
This policy applies to all staff and contractors. The Act applies to almost every person, business or organisation in New Zealand and it sets out 12 information privacy principles, which guide how personal information can be collected, used, stored and disclosed.
The Privacy Officer is responsible for:
a) Encouraging staff compliance with the information privacy principles and the Act; and
b) Providing advice to staff dealing with privacy requests, complaints or general inquiries regarding the Act; and
c) Working with the Privacy Commissioner during investigations into complaints received in respect to the Act; and
d) Ensuring compliance by UCOL with the provisions of the Act; and
e) Providing staff training about the Act, which is relevant to UCOL.
1. UCOL applies the Information Privacy Principles in the Privacy Act 1993 (the Act) in its day to day activities. A summary of these principals is included in this Policy.
2. UCOL has established procedures and guidelines with respect to requests for access to personal information.
3. UCOL retains staff personal files for seven years following the end of the employment relationship.
4. UCOL has a designated Privacy Officer.
A brief guide to the 12 Privacy Act Principals
Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.
Principle 5 governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure.
Principle 6 gives individuals the right to access information about themselves.
Principle 7 gives individuals the right to correct information about themselves.
Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed.
Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.
Further information can be obtained on the Privacy Commission website:
Privacy Act 1993
Official Information Act 1982