NZ Privacy Act Adherence Template for Adminstrators and Managers
[PROJECT NAME] Privacy Declaration for Staff & Volunteers
Context
In accordance with the NZ Privacy Act it is important [PROJECT NAME] as an organisation and its staff and volunteers are adhering to the principles outlined in that act. Our [PROJECT NAME] Privacy Statement outlines how our organisation collects and manages personal information of our stakeholders. This is a public record which can be found on our website.
The table below outlines a checklist of ‘best practice’ privacy behaviours that should be implemented. Doing so is vital to maintaining the high-trust relationship we’ve created with stakeholders whose private information we collect, use and store in order to carry out this project.
|
‘Best practice’ behaviour |
Details |
Relevant principle(s) in the NZ Privacy Act |
|
Familiarise yourself with the NZ Privacy Act principles and why they are important. |
Read a summary of the principles below Or visit privacy.org.nz for more information. |
All |
|
When collecting personal information (1) collect from the person directly (2) state intentions for its use |
Collect data from the individual directly and state intentions for the use of collected data and any secondary purposes (e.g. your email address will be added to our community mailing list so that you can stay up to date with trapping progress and might also be shared with the other community lead, Joe Bloggs, who will log your catches). |
Principle 2 Principle 3 Principle 10 |
|
When storing personal information (1) do so in a secure system (2) dispose of once redundant |
Secure systems (e.g. google drive) are recommended because you can control file access and accounts are protected by passwords. Files that hold private information of an individual that are no longer in use, should be disposed of (e.g. when individual leaves group or area) |
Principle 5 Principle 9 |
|
Multi-recipient emails should be sent in ‘Blind Carbon Copy’ (‘bcc’) |
When sending communications or newsletters to several addresses at a time, always use the ‘bcc’ function to ensure recipients can’t view other addresses on the mailing list. |
Principle 5 Principle 11 |
|
Use third party sites conscientiously (e.g. Trap.NZ) |
a. Create an account and do not share these account details with others. b. Set up a strong password (and two factor authentication if required). c. Read and understand the third party site's privacy policy - you are relying on their privacy measures to protect our data (see here for the Trap.NZ privacy policy). |
Principle 5 |
|
Consider adding a privacy statement to your email signature and/or website |
Generate your own at www.privacy.org.nz/tools/privacy statement-generator/ |
N/A |
DECLARATION
The staff member or volunteer agrees to keep confidential information private. Except as part of the proper performance of their job, the volunteer will not directly or indirectly use, copy, share, or permit the use or copying of any confidential information owned by, or in the possession of, the [PROJECT NAME] unless they get written permission.
Confidential information means all information owned by, or in the possession of, [PROJECT NAME] that is not in the public domain, and which [PROJECT NAME] reasonably regards as private.
The requirement for confidentiality applies at all times during and after active service for [PROJECT NAME].
|
Volunteer name |
|
Volunteer signature |
|
Date (dd/mm/yyyy) |
APPENDIX: NZ Privacy Act - Summary
This is a summary of the 12 principles that make up the NZ Privacy Act. Visit privacy.org.nz for more information.
● Principle 1 - Purpose of the collection of personal information
○ Only collect personal information if you really need it
● Principle 2 – Source of personal information
○ Get it directly from the people concerned wherever possible
● Principle 3 – Collection of information from subject
○ Tell them what information you are collecting, what you’re going to do with it, whether it’s voluntary, and the consequences if they don’t provide it.
● Principle 4 – Manner of collection of personal information
○ Be fair and not overly intrusive in how you collect the information
● Principle 5 – Storage and security of personal information
○ Take care of it once you’ve got it and protect it against loss, unauthorised access, use, modification or disclosure and other misuse.
● Principle 6 – Access to personal information
○ People can see their personal information if they want to
● Principle 7 – Correction of personal information
○ They can correct it if it’s wrong, or have a statement of correction attached
● Principle 8 – Accuracy etc. of personal information to be checked before use ○ Make sure personal information is correct, relevant and up to date before you use it
● Principle 9 – Not to keep personal information for longer than necessary ○ Get rid of it once you’re done with it
● Principle 10 – Limits on use of personal information
○ Use it for the purpose you collected it for, unless one of the exceptions applies
● Principle 11 – Limits on disclosure of personal information
○ Only disclose it if you’ve got a good reason, unless one of the exceptions applies
● Principle 12 – Unique identifiers
○ Only assign unique identifiers where permitted
For questions related to this guide and/or [PROJECT NAME] privacy commitments please email: contact@[PROJECT NAME].nz