Category: Central North Island

Source:

Reviewed May 2025

Can passengers take photos and videos on a plane? That’s a good question when most of us have easy access to our phones and inflight Wi-Fi being increasingly offered to passengers. Another public setting where this question might arise is recording of patients and staff in hospitals. Read our AskUs answer to the question, ‘Can I record someone without telling them?‘

An important consideration is whether the recording is taking place in a public or private space. Generally, the Privacy Act says taking photos or recordings in public places is allowed. It also depends on who is taking the photo or making the recording, and whether the photos could be categorised as highly offensive.

Businesses

If you’re an agency (business or organisation) or if you’re taking the photo or making the recording on behalf of a business or agency, you need to consider the general obligations around collection of personal information (see principles 1-4 of the Privacy Act).

Individuals

If you are an individual and you’re taking the photo or making the recording in a personal capacity, it won’t usually be an issue under the Privacy Act. Most passengers on planes and visitors to hospitals will fall into this category, and if they were to make a recording on a flight, it will be in their personal capacity. But there are two things that a passenger should keep in mind.

1. It is always good practice to seek permission when an individual is the subject of your photo or recording. This is courteous and respectful of the privacy of others
2. The use of some public facilities, for instance, parks or swimming pools, will be subject to conditions that may impose limits on what you can film or record. For example, many swimming pools have clearly stated policies that photos and recordings are not permitted. Similar restrictions could apply to a passenger planeor a hospital.

While a commercial space like a passenger plane is essentially a public space, the airline may impose rules around whether a passenger can film or record. It can set this out in its passenger terms and conditions and in its passenger education.

However, the personal capacity exemption does not apply where the collection, use or disclosure could be “highly offensive”. This means there are circumstances where it generally isn’t appropriate for individuals to take photos or make recordings, even when they’re in a public space.

Emergencies

Is it acceptable for other passengers to film a mid-air medical emergency involving another passenger and post it online? We don’t think so. A medical situation would likely involve sensitive information about an individual who is vulnerable, and so this could be considered highly offensive.

In our view, an incident that may be embarrassing to an airline does not mean it is highly offensive. The case involving United Airlines and David Dao on a US domestic flight is a famous example. In this case, video taken by other passengers of Mr Dao being forcibly removed from the flight after he refused to give up his seat was used as key evidence.

What happens when people disagree? 

Individual passengers and air crew may disagree about whether photos or recordings are acceptable. Ultimately, all parties should exercise restraint, consideration and common sense on a flight, as they should in other walks of life. If you wouldn’t want someone to do it to you, don’t do it to others.

Harmful Digital Communications, plane photos, public video, recording people, public photo

Back

Source:

Reviewed May 2025 (previously titled ‘Can I tell the cops? A guide for health professionals.’

Health professionals have the significant responsibility of knowing and caring for some of the most intimate details of their patients’ lives. Patients trust and expect doctors, nurses, and others to not tell just anyone. This obligation is recognised in the Health Information Privacy Code.

Rule 11 of the Code says health professionals cannot disclose health information they hold about an individual, unless there is a valid reason to do so.

What is a valid reason for releasing information? 

Section 22C of the Health Act 1956 allows, but doesn’t require, health professionals to disclose information to a police officer (and some other officials), if they need the information to do their job. Where the treatment relates specifically to drug dependency, then the information is privileged against disclosure in criminal court proceedings under section 59 of the Evidence Act 2006.

If you believe that any child or young person has been or is likely to be harmed, whether physically, emotionally, or sexually, you can report the matter to a social worker or Police. This is vital, as there is little that is more serious than the need to protect a child.

Search warrants and production orders

If Police have a search warrant or a production order for information about a patient, then health professionals must hand it over to them under the Search and Surveillance Act. A search warrant or production order is approved and issued by the Court if Police have met the grounds required under the Act. If Police have a search warrant, they can search a health provider’s premises. If they have a production order, health professionals must release the information requested. It is an offence to refuse.

Sometimes Police do not have enough information to obtain a compulsory order. The Privacy Act is flexible enough to allow health professionals to disclose information under an exception to rule 11, when necessary, “to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution and punishment of offences”.

You may have information that could help Police in their investigations. There will be no breach of rule 11 of the Code if you can demonstrate you have considered this exception, and that you acted in good faith.

Things to consider

To be clear, this is your discretion. Consider these things before exercising it: 

• Unless Police have a search warrant or production order then health professionals don’t have to give them anything.
• You need to turn your mind to whether this disclosure is reasonably necessary in these circumstances. It’s Police’s job to convince you. If you are convinced, then you can release the information.
• If Police’s request is vague or informal, or you question why they really need all that information, then follow up. They should provide you with a form or an explanation of why the information is needed. If you’re unsure whether to disclose information, you may wish to seek legal advice or contact the Medical Protection Society https://www.medicalprotection.org/newzealand for further guidance. If you’re still in doubt, you don’t have to tell them, and you can ask them to go back and get a production order.
• If you decide to disclose to a police officer, it’s up to you to ensure the information you do disclose is proportionate and necessary in the circumstances.
• Police don’t have to request information from you for this exception to apply. If you are concerned about a potential crime, or the health and wellbeing of someone, then you can disclose information to the appropriate authorities.
• But again, before you do so, consider what information needs to be disclosed, why this information should be disclosed, and why it is necessary for the purpose you are disclosing it. Also, consider who you are disclosing to. Make sure you send it to the people who can do something about it. 

Questions?

If you have any concerns or questions, please use AskUs, which has more than 600 privacy questions and answers, or call our enquiries line on 0800 803 909.

Health Information Privacy Code, health, IPP11 – disclosure, law enforcement

Back

Source:

Reviewed and updated May 2025

A member of the public contacted us because they’d noticed some rubbish strewn along a street. It included prescription labels with a person’s name and address. The nature of the prescription clearly indicated the condition of the patient who was being treated with the medication.

The person who discovered the prescription labels informed our Office and we contacted the agency most likely responsible and discussed the situation with them.
The health agency’s rubbish was supposed to have been double-bagged, which would usually prevent spillages. However, the agency also had access to a secure shredding service and is now looking at using that service to dispose of prescription labels on cardboard packaging. 

Each agency is responsible for working out a practical solution that works for their circumstances.
 
An individual agency needs to work out for themselves how it’s best to dispose of this kind of waste. A useful check is to ask what steps you would expect to be taken if the personal information belonged to you.

At home, you might want to rip labels off cardboard packaging and recycle the cardboard while disposing of the prescription label in some other way.

More information on handling health information:

health, data, breach, health rubbish,

Back

Source:

15 May 2025, 09:00

The annual privacy survey of New Zealanders was released today during Privacy Week 2025. 

Privacy Commissioner Michael Webster says public concern about privacy remains high, with particular unease around children’s privacy, social media use, and AI decision-making.  

“More people are worried about the impact of technology on their privacy and are questioning what their personal information is being used for and why.”

The impact of technology is reflected in people’s privacy concerns: 

• 67% of respondents are concerned about the privacy of children, including when using social media
• 63% are concerned about the management of personal information by social media companies
• 62% are concerned about government agencies or businesses using AI in decision-making.

“New Zealanders are great adopters of technology, but this survey suggests that we’re increasing becoming aware there’s also a price to pay through the loss of control over our personal information and we’re increasing worried about the implications of that.”

Nearly half of respondents say they’ve become more concerned about issues of individual privacy and personal information over the past few years.  Two thirds of respondents now say protecting their personal information is a major concern in their lives.  And over 80% said they wanted more control and choice over the collection and use of their personal information.

The level of concern also means many New Zealanders are willing to consider taking action if they think their right to privacy is not being protected and respected.  Two-thirds of respondents said they would consider changing service providers – such as businesses – due to poor privacy practices.

Source:

15 May 2025, 09:00

Read the 2025 survey, ‘Research on Privacy Concerns and use of personal information’ (opens to PDF, 2.1MB).

Privacy Commissioner Michael Webster says public concern about privacy remains high, with particular unease around children’s privacy, social media use, and AI decision-making.  

“More people are worried about the impact of technology on their privacy and are questioning what their personal information is being used for and why.”

The impact of technology is reflected in people’s privacy concerns:

• 67% of respondents are concerned about the privacy of children, including when using social media
• 63% are concerned about the management of personal information by social media companies
• 62% are concerned about government agencies or businesses using AI in decision-making.

“New Zealanders are great adopters of technology, but this survey suggests that we’re increasing becoming aware there’s also a price to pay through the loss of control over our personal information and we’re increasing worried about the implications of that.”

Nearly half of respondents say they’ve become more concerned about issues of individual privacy and personal information over the past few years.  Two thirds of respondents now say protecting their personal information is a major concern in their lives.  And over 80% said they wanted more control and choice over the collection and use of their personal information.

The level of concern also means many New Zealanders are willing to consider taking action if they think their right to privacy is not being protected and respected.  Two-thirds of respondents said they would consider changing service providers – such as businesses – due to poor privacy practices.

Source:

7 May 2025, 09:00

Privacy Week 2025 lands on the second week of May (12-16 May), with a full week of free webinars to promote privacy education. 

Privacy Commissioner Michael Webster says, “New Zealanders’ concerns over the collection and use of their personal information remains high, and they want to see organisations and businesses responding positively to this challenge.”  

“Now’s the time to brush up on your privacy skills, and take up the opportunity to learn more about subjects like AI and privacy, Māori data privacy, privacy and business, or media rules around privacy.

“We’re lucky to have attracted some of Aotearoa’s top privacy experts to speak on AI governance, biometrics and children’s toys, privacy in property management, and more,” he says.

OPC staff will share their expertise on the new IPP3a amendment, how to be a good privacy officer, and local government specific privacy issues.

“The programme is full to bursting with topics that are relevant and interesting,” says Mr Webster.

You don’t need to be a privacy expert to engage with Privacy Week or to be proactive about your privacy rights.

Webinars this year have been rated from beginner to advanced, showing which is suitable for your level of knowledge. All webinars are free.

“I encourage you to have a look at the programme and attend a talk. 

Privacy is a basic human right, and the more we can educate ourselves and ensure businesses and organisations understand the breadth of their privacy obligations, the better,” the Commissioner says.

Find more information and register for webinars.

Source:

Print | Email this page

Office of the Privacy Commissioner | Privacy News – April 2025

30 Apr 2025, 17:00

Read about our Privacy Week 2025 lineup and resources, IPP3A guidance and how to have your say, and new tips for using AI to contact OPC.

Read the April 2025 issue.

Source:

Did you know that not everyone has to have their details published on the electoral roll? This makes sense if you and your family members could face a personal risk if your information was accessible to people who may want to cause you harm.

With just a few months to go until the general election, everyone is being reminded to register on the electoral roll. But it is also a timely reminder to people who may face a threat to their safety that not everyone has to have their details published.

The Electoral Act, under section 115, says the Electoral Commission may include you on the unpublished roll if it would be prejudicial to your personal safety, or your family, to have your details on the printed roll.

It particularly applies to those of you who have a protection or restraining order against someone who knows you. It also includes members of the Police and their families.

This unpublished roll can only be viewed by the Registrar of Electors. According to the Ministry of Justice, there were nearly 16,000 registered to vote on the unpublished electoral roll in 2014.

If you think this applies to you, you could request that your information be included only on the confidential unpublished roll. To do so, you will need to download the unpublished roll application form from here. Or you can phone the Electoral Commission free on 0800 36 76 56, and they will post an application form to you.

You will need to give your full name, address, date of birth, contact telephone number and evidence of your situation, such as a copy of a protection order that is in force under the Domestic Violence Act, or a copy of a restraining order that is in force under the Harassment Act.

Other evidence of your personal circumstances can include a statutory declaration from a member of the Police about the threat to your personal safety or that of your family’s, or a letter from a barrister or solicitor, employer or a Justice of the Peace that supports your application on the grounds of personal safety.

You remain on the unpublished roll until such time as your circumstances change. Your area Registrar of Electors will write to you from time to time to confirm that your circumstances are the same. You will also need to check your enrolment details and update them during enrolment update campaigns.

As your name will not appear on the printed electoral roll used on polling day, you will need to cast a special vote. These are available from the Returning Officer in your electorate ahead of Election Day or from any voting place on the actual day.

Back

Source:

We’ve been grappling with a difficult question recently, and one that’s featured in New Zealand’s courts too. What is and isn’t news media and when should the Privacy Act apply?

This is a difficult question because its answer can have a real impact on privacy. If we decide that a person is exempt from the Privacy Act, people have no recourse to our office. While there are self regulatory industry bodies like the Online Media Standards Authority, the Press Council and the Broadcast Standards Authority, there are gaps in the regulation of online media content.

A major rationale for exempting various bodies from the Privacy Act is the availability of more appropriate forms of regulation. The Law Commission noted the problem and recommended that new forms of media regulation could be developed to address this uncertainty in the law (particularly to address issues posed by digital communications).

Traditional news media is easy to recognise – newspapers, television broadcasters, magazines – we know it when we see it, right? What about journalists who publish news in other ways – in blogs or books? Let’s take books in this discussion because this has been our recent focus.

To be considered news media in the Privacy Act, a person or agency must have news activities as their core business. News activities are defined as the gathering and disseminating of news, observations on news, and current affairs. The grey area comes with the method a journalist uses to disseminate this news. The Privacy Act requires that news is disseminated in an “article or programme”. This seems rather limited. Does it really reflect the way the news media works today?

Where a journalist is seeking to disseminate news that they believe is in the public interest, and they can establish that this is a major part of what they do, then we think a broad interpretation of the exemption is warranted. There is some support for this in the Bill of Rights Act. Section 14 of the Act enshrines the right to freedom of expression. Section 6 of the Act states that, where an enactment (such as the Privacy Act) can be given a meaning that is consistent with the freedoms contained in the Bill of Rights Act, that meaning shall be preferred to any other meaning. We must bear this in mind.

Taking that as our starting point, we’re fairly comfortable that, in the case of a book, an “article” should be broadly interpreted in a way that is consistent with an established journalist’s right to freedom of expression, provided that what they’re writing in the book is news.

After all, it seems untenable to conclude that if a journalist published each chapter of a book as a separate article in, say, a magazine or newspaper, it would be news but if those articles were compiled in a book, it would not.

Rather than look to the length of a piece of journalistic writing, we need to look to the general business of the journalist, the content of what is written and the general means that journalist uses to disseminate their work. Such an interpretation recognises that news media today use more varied means to disseminate news than they did in 1993, when the Privacy Act was passed.

We haven’t come to this view lightly. Recent High Court cases have approached the issue in completely different ways: the Chief Justice in the Kim Dotcom litigation suggested that book publication could not fall within the exemption while the High Court in Slater vs Blomfield has recently found that blogging could be a journalistic activity that attracted some elements of legal protection. This strongly suggests there is room for disagreement.

We’ll tread carefully in this area but we see a need to ensure that the Privacy Act is not interpreted in a way that unjustifiably restricts the freedom of New Zealand’s media to disseminate news, express opinion and act in the public’s interest.

media

Back

Source:

We get it. As a lawyer, one of the least fun things about your job is chasing the money. Sometimes people just don’t cough up for the service you provide.

But this does not mean you can refuse to cough up personal information if it is requested by a client (or ex-client) under principle 6 of the Privacy Act (even if they owe you money for their legal bill). By way of case law on point, see CBN v McKenzie Associates.

The old idea of the “solicitor’s lien” – the right of a lawyer to retain a client’s property deposited with them, including crucial and original documents until the bill was paid – does not override principle 6 of the Privacy Act. Under principle 6, an individual is entitled to request a copy of their personal information held by an agency.   

If you hold personal information about an individual, and that individual requests it, you have obligations under the Privacy Act to respond to that request. Check out this handy flow chart.

You can charge them for the provision of information … BUT … that charge has to be reasonable (it can’t just be the amount of their outstanding bill – sorry – the Privacy Act says so).

Section 35(2) says what a private sector agency can’t charge for:

•           providing assistance to a requester;

•           the making of the request for information; or

•           processing the request, including deciding if the request is to be granted and, if so, in what manner.

Section 35(3) says what a private sector agency can charge for:

•           making the information available (copying/collating/sending) in compliance with the request.

We think this is a really helpful guideline on charging.

One of the best ways to ensure you are making a reasonable charge is to get a quote from a copy shop for a job. It’s likely that a quote from a copy shop will be a reasonable charge for making information available, as it will be a fair reflection of the amount of paper and time involved in the job.

And don’t worry. You don’t have to provide the information until you have, at least, received payment for the job of copying and sending the file.

IPP6 – access

Back