FAQ

Frequently Asked Questions (FAQ) about the Policy are answered below. 

Data Protection and Use Policy

View all at once

Information collection and use play an important role in ensuring the most effective services are provided to the people who need them. At the same time, people who use services need confidence that the right processes are in place to ensure their personal information is being collected and used appropriately.

The Policy will make it easier for agencies and organisations to:

  • be clear about the vital importance of purpose to collecting and using people's personal information
  • enable people to understand what’s happening with their information and what choices they have
  • make it easy for people to see and request correction of their information
  • work together for better insights and outcomes.

It is essential that the Policy is delivered in a way that builds trust.

The overlap is intentional. The Principles are about articulating values and behaviours, and we anticipate these will become part of the culture of 'how your agency works', if they aren't already. The Guidelines bring the Principles to life by explaining key practices (those identified as the most important ones during engagement) that reflect the intent of the Principles. In time, more clarity will be provided as a Toolkit is developed to support the Policy. The Toolkit will provide specific examples to help agencies apply each Guideline.

The Principles have been developed to respect and acknowledge cultural considerations and have been tested with a range of Māori stakeholders. There is a significant focus in this area led by Stats NZ in partnership with Māori, to understand this topic in greater detail and develop approaches that support good collaboration over Māori interests in data.

The Policy reinforces existing obligations to ensure that people understand what their information is being used for at appropriate times, and to help them understand and act on their rights to access their information, request its correction (which may include deletion), or to change it themselves when appropriate. The Access to Information Guideline goes into this topic in greater detail.

Each Guideline makes it clear what the minimum legislative requirement is in the context of each Guideline topic, and the Policy provides links to further detail where relevant. Commonly applied codes of practice are also referenced. Where the Guidelines recommend good practices that are more than what the law requires, this is made clear.

We think this is likely. For example in the the Policy identifies contracting and funding processes as one place where the guidance will very likely change and evolve practices to be more inclusive. Other areas of the Policy, for example the Purpose Matters Guideline, also have implications for ensuring that contracting processes, by ensuring that information collection makes sense in the context of the services being considered.

Adopting the Policy

View all at once

Agencies and organisations are encouraged to adopt the Policy in a way that makes sense in their context and work towards maturing understanding and capability. For the most part, the Principles and Guidelines clarify what agencies and organisations should already be looking to achieve, including aspects of the Privacy Act. They also include ethical and human-centred considerations that the wider sector has described in terms of respectful and transparent use of people’s information. Some of these considerations are not required by law and it’s made very clear when this is the case.

Yes. While the Policy has been designed by the social sector for the social sector, the Principles are generally applicable to other contexts. The Guidelines were developed for the social sector environment but we would invite you to adapt these in a way that makes sense to your context.

The Kaitiakitanga Principle describes the value and behaviours needed to care for people's data but it was decided that specific guidance on safe data storage belongs with established areas of advice, such as the government’s Protective Security Requirements, and generally available advice on technology security. The engagement feedback on the Policy didn’t focus significantly on technology considerations, but was more about what’s reasonable, and what’s not, when we’re thinking about using people’s information, how to improve transparency, and the importance of an inclusive and respectful approach. However, we hope to add advice to the Toolkit at some point, to cover practical advice on technology security.

The initial implementation phase will include development of a foundational Toolkit. Early adopter agencies and social sector participants will work collaboratively to identify, develop and share examples and experiences on how best to implement the Policy in a range of different contexts.

Further guidance and resources on how to practically implement the Policy are available in the Adoption Toolkit — these will be added to over time.

We are interested in understanding how agencies and organisations are adopting the Policy, and the Social Wellbeing Agency has a role in supporting the foundational implementation group. Please email us using the Contact Us page to see if we can provide the assistance you need or connect you to others who are adopting the Policy. You can also signup to our newsletter to stay up-to-date with the Policy's adoption progress.

Working with government

View all at once

The Purpose Matters Guideline and to a lesser degree the Transparency and Choice Guideline address this topic. Social Wellbeing Agency has taken time to explore this subject with social sector agencies so that the intent and implications are understood. The outcomes of those discussions have been included within both the Principles and the Guidelines.

This topic is addressed directly in the Purpose Matters and the Transparency and Choice Guidelines.

The expectation is the same for all organisations across the social sector, whether an NGO or government agency — the focuses on this topic. This Guideline sets out new expectations to share the value (and insights) of information with those who initially provide it, or to others who may have a legitimate interest in it. Funders and contractors may need to find new ways to work together collaboratively. It will take some time for capability and capacity to be built across the sector.

The Policy Guidelines have been carefully developed with insights from the engagement findings to strike the right balance between both parties. This starts with the Mahitahitanga Principle and is also woven through the Guidelines in various ways.