Your obligations under the Privacy Act

By Geoff Hardy - 22 Nov 2018

As a business, you must use this information for lawful purposes which must relate to what you do as a business (e.g. running credit checks on a prospective tenant if you are a landlord). The collection of this information must also be necessary for this. You are obliged to ensure that information is correct and up to date and an individual is allowed to ask you to hand over information about them under the PA (an information request).

But what if some of this information is embarrassing, damaging or commercially sensitive? What can you do to withhold some of this information from the requesting individual? In most cases, the information is only going to be embarrassing or disparaging about the requesting individual. However, at the opposite end of the spectrum the information could be damaging not just to your reputation, but also to your bottom line.

Luckily, the PA has provided that you can refuse an information request on some grounds, fully or partially withholding information you have about the person provided you tell them why you are holding the information back. There are various ways of refusing to give information under the PA. The common grounds for refusing to hand information to individuals for most businesses will be that the information is commercially sensitive or evaluative.

However, this is not the end of it. If the individual making the information request is persistent, he or she can then make a complaint to the Privacy Commissioner who then makes a decision on whether you have withheld the information for a proper reason. The Commissioner will then attempt to mediate between you and the individual. If this is unsuccessful, he can then refer this to the Human Rights Review Tribunal which can then make an order against you.

If you are currently being requested to hand over information about someone and want a full explanation of what your rights and obligations are, please contact any member of our Commercial Law team.