16.06.2025

Understanding Indirect Privacy Notification: What you need to know

Home / Insights & Opinion / Corporate & Commercial / Understanding Indirect Privacy Notification: What you need to know

The Privacy Amendment Bill (the Bill), if passed into law, will require agencies to notify individuals when their personal information is collected from a source other than the individual themselves, unless an exemption applies.  

The Bill is currently being considered by Parliament who has indicated that the Bill is expected to become law and come into force on 1 May 2026.  In anticipation of this, the Office of the Privacy Commissioner (OPC) has released their draft guidance (Guidelines) to assist with compliance preparations.  The Guidelines are currently being consulted on.

What are the New Obligations? 

Currently, agencies are only required to notify individuals when they are collecting personal information directly under Information Privacy Principle (IPP) 3.  IPP3A extends this obligation to situations where information is collected indirectly. 

The new requirements would mean that an agency that has collected the information from a source other than the individual concerned will need to take reasonable steps to ensure the individual is aware of:

  • Collection: That their personal information has been collected and the kind of information that has been collected.
  • Purpose: Why the information has been collected.  Vague terms, such as “for business purposes” are unlikely to be sufficient.
  • Recipients: The individuals or organisations that are going to receive the information.
  • Agency Details: The name and address of the collecting and holding agency.
  • Legal Basis: If the collection is authorised by a specific law, the relevant legal authority must be specified.
  • Rights: Individuals must be informed about their right to access and correct their information and advised how they can exercise those rights. 

Under IPP3A, agencies are required to notify individuals as soon as reasonably practicable after indirectly collecting their personal information, unless a relevant exception applies.  What is reasonably practicable will depend on an agency’s circumstances, which may be influenced by the level of knowledge as well as the cost and effort that is required to provide the notification. 

What Exceptions are Available?

Notification will not be required when an exception applies.  The same exceptions that exist under IPP3 will still apply, but the Bill introduces additional exceptions specifically for indirect collections, including: 

  • Already aware: The individual has already been made aware of all the required information.  This needs to be evidenced based, and not based on assumptions.
  • Would not prejudice the individual: The individual will not suffer any detriment or lose important information because they are not notified.  The Guidelines suggest collecting agencies apply the ‘no surprises’ test, which asks whether the person would be surprised that their personal information has been collected.  If the answer is yes, notification of the collection will likely be required.
  • Not reasonably practicable: Notification is not reasonably practical in the circumstances.  However, just because it is inconvenient, or there is an administrative burden, does not automatically mean notification will not be reasonably practical.  The Guidelines make it clear that the more extensive or sensitive the data, the higher the threshold will be.

If an exception applies which permits non-compliance with IPP3A, this exception may not last forever.  Agencies should be reassessing any changes of circumstances as needed, and consider whether notification is subsequently required.  

What should Agencies do now?

In anticipation of the Bill becoming law, now is a good time to start undertaking an assessment of how you are collecting personal information and identifying any indirect collection.  Consideration should also be given to the terms on which you are obtaining that information, as well as any personal information you are disclosing to third parties.  This will allow you to start building a picture of what compliance requirements may need to be met and to think about what systems could be used to ensure smooth compliance once the Bill is enacted.

If you have any questions or wish to find out more, please contact our Corporate & Commercial Team or your usual contact at Hesketh Henry. 

 

Disclaimer:  The information contained in this article is current at the date of publishing and is of a general nature.  It should be used as a guide only and not as a substitute for obtaining legal advice.  Specific legal advice should be sought where required.

 

SHARE
Print
Do you need expert legal advice?
Contact the expert team at Hesketh Henry.
Kerry
Media contact - Kerry Browne
Please contact Kerry with any media enquiries and with any questions related to marketing or sponsorships on +64 9 375 8747 or via email.
Do you need expert legal advice?
Contact the expert team at Hesketh Henry.
Topics
Written By
IMG Edit for Website
Daniel Loudon
IMG Edit for Website
Julika Wahlmann-Smith
Sign up for our
Employment News eZine
ezine

Related Articles / Insights & Opinion

Rewriting the Risk: Lessons from John Sisk & Son Ltd v Capital & Centric (Rose) Ltd [2025] EWHC 594 (TCC)
A recent decision by the English High Court, John Sisk & Son Ltd v Capital & Centric (Rose) Ltd [2025] EWHC 594 (TCC), considered the interpretation of a risk allocation provision under a besp...
09.07.2025 Posted in Construction & Disputes
Can Contractors Terminate for Repeated Late Payment? Key Lessons from Providence v Hexagon
The decision of the English Court of Appeal in Providence Building Services Ltd v Hexagon Housing Association Ltd [2024] EWCA Civ 962 provides important guidance on a contractor’s termination right...
09.07.2025 Posted in Construction & Disputes
Property
Make Your Premises Good Again
With all the time, effort and cost that goes into taking on a new lease of commercial premises, what happens when it comes time to move on can seem unimportant. It is not surprising, then that make-go...
25.06.2025 Posted in Property
Flooded car
Flooding due to overland flow paths and damaged drainage
Persistent heavy rainfall across the country often results in damage to property due to flooding caused by overland flow paths and defective drainage.  But who is responsible for the cost of the dama...
17.06.2025 Posted in Climate Change & Property
iStock Succession Plan medium
Family Ties: Intra-Family Succession and Exit Planning
As the second instalment in a series of articles looking at the generational wealth transition and its impacts on business succession in New Zealand, Ben Hickson (partner, Corporate & Commercial...
16.06.2025 Posted in Corporate & Commercial & Private Wealth
Employment law at a glance – June 2025
If you are anything like us, you will be shocked to realise that we are halfway into 2025. As time has been marching on, so too have employment law developments – and there have certainly been quite...
05.06.2025 Posted in Employment
HH Pg Forrest uncropped
ETS Update: Climate Change Commission recommends minor tweaks to ETS Settings
Last month, He Pou a Rangi Climate Change Commission (the Commission) released its annual advice to the Government on the Emissions Trading Scheme (ETS) settings for the period 2026 to 2030 (Advice)....
09.05.2025 Posted in Climate Change & Corporate & Commercial & Forestry
BROWSE ALL
Insights & Opinion
Our Affiliations
German New Zealand Chamber of Commerce Advoc law link gala logo juraforum
Website by Scratch
SEND AN ENQUIRY
Send us an enquiry

For expert legal advice, please complete the form below or call us on (09) 375 8700.

Contact Us +64 9 375 8700 +64 9 309 4494 lawyers@heskethhenry.co.nz