Protecting privacy as a supplier or provider

Your obligations under the Privacy Act 2020

All businesses have obligations under the Privacy Act 2020. You need to follow the 13 Information Privacy Principles and the Health Information Privacy Code. These cover the collection, handling and use of personal information.

You’re also required to have a Privacy Officer overseeing privacy in your business.

Office of the Privacy Commissioner Privacy Act 2020 and the Privacy Principles

Office of the Privacy Commissioner Health Information Privacy Code 2020

What we expect of you as our supplier

For suppliers who have access to personal or health information we expect you to:

• meet the requirements of related legislation
• work with us in a transparent way
• notify us of potential privacy risk
• notify us of a privacy breach or near miss
• contact us to help you make things right
• resolve issues as they arise
• keep a privacy register that includes breaches, near misses and remedial action plans.

What a privacy breach or near miss is

A breach is any breach of the Information Privacy Principles set out in the Privacy Act 2020.

A near miss is an action that would have led to a privacy breach but didn’t because the information wasn’t disclosed.

Tips for protecting privacy

The Office of the Privacy Commissioner has a full guide for agencies and organisations that hold personal information:

How to comply with the Privacy Act

Where you can go for more help

Your engagement and performance manager

If you're a health provider, contact your engagement and performance manager first. They'll help explain your responsibilities and give you helpful resources.

Our Privacy Officer

If you have a question or concern about our privacy, contact:

The Privacy Officer
Accident Compensation Corporation
PO Box 242
Wellington 6011

Email privacy.officer@acc.co.nz
Phone 04 816 7400

The Office of the Privacy Commissioner

The Privacy Commissioner oversees the Privacy Act 2020.

Contact the Office of the Privacy Commissioner