Skip to main content

Sharing Administrative Duties

When considering your role as an Administrator of Trap.nz projects and the requests to add more Administrators, it's crucial to address several key aspects regarding accountability, data privacy, and legal implications in New Zealand.

Accountability for Data Breaches

  1. Responsibility Under Privacy Policy:

    • As the Administrator, you are accountable for the data collected and shared within the project. If a data breach occurs due to actions taken by an additional Administrator, you could be implicated if it is determined that adequate safeguards were not in place.

  2. Vicarious Liability:

    • In New Zealand, under the Privacy Act, an organisation can be held vicariously liable for the actions of its employees and agents. If the users you add as Administrators misuse the data or cause a breach, your organization may bear some responsibility unless it can be shown that proper protocols were followed.

  1. Privacy Act 2020:

    • This act emphasises the need for organizations to ensure that personal data is handled securely and only accessed by authorised individuals. Organizations must also have a clear plan for managing privacy risks.

    • Assess the sensitivity of the data within each project. Sensitive information requires stricter controls and limited access.

  2. Data Breach Notification:

    • If a breach does occur, you are required to notify the Privacy Commissioner and affected individuals if there is a risk of harm.

Best Practices for Adding Administrators

  1. Clear Documentation:

    • Establish clear guidelines and protocols for adding new Administrators. Ensure that these individuals understand their responsibilities regarding data privacy.

  2. Training and Onboarding:

    • Provide training for any new Administrators regarding the privacy policy and data handling practices, emphasising their accountability.

  3. Limit Access Based on Necessity:

    • Only grant Administrator privileges to those who need full access to manage the entire project effectively. Consider varying levels of access depending on roles.

    • Consider if the request is to support and administer one or more properties within the project, or to administer the project as a whole. Contact Trap.nz for advice on other solutions.

  4. Privacy Policy Review:

    • If your project(s) lack privacy policies, consider developing standard operating procedures outlining the expectations and obligations relating to data handling and privacy.


A template documents exists here.

Back to top