Reading time: 5 minutes

New Zealand law treats privacy rights seriously, imposing a mandatory standard for any business that handles personal information. Indeed, you may already be aware of your privacy obligations towards your customers. These same obligations also apply to your employees. You should not unnecessarily interfere with the privacy of your employees. If they think you have done so, they can complain to the Privacy Commission, and you may face legal and financial penalties. Therefore, to respect your employees and comply with New Zealand privacy law, you need to uphold your employee privacy obligations. This article will explain what these are and how they may play out in the workplace.

Your General Privacy Obligations

If your business handles any personal data, you are an agency, and you must comply with the Privacy Act. Indeed, personal information is any data that can identify a living person, such as:

  • names;
  • photographs;
  • phone numbers;
  • home addresses; or 
  • email addresses.

When you handle such personal data, you need to follow the law’s requirements at all stages of its life within your business. The table below outlines these requirements.


Only collect the information you need for a legitimate business purpose, directly from the relevant individual where possible. You must tell them you are doing so, and collection must be legal and unintrusive.


Use information for the purpose you collected it, and ensure it is accurate and up to date.


Store personal information securely, and do not keep it for longer than is necessary. Allow individuals to access and correct the information you hold unless there is a valid reason not to.


You can only disclose personal information if that was why you collected it or if you have consent to do so. Some laws may also require disclosure. 


Dispose of information securely and permanently.

There are also specific principles relating to sending personal information overseas and unique identifiers that you must follow.

Privacy Obligations Towards Your Employees

Your business has these obligations towards all individuals, including your employees. This covers all employees, including:

  • past;
  • present; and
  • potential.

You will likely store a lot of personal data about your employees in their respective files, so you must follow the legal requirements when handling such information. This information will include what you collect:

  • from your employees directly;
  • from third parties; and
  • through the course of a person’s employment.

Note that your employees can ask you for access to their personal files and any other similar information you hold about them. Within 20 working days of receiving such a request, you must either:

  • give them access; or
  • provide a legitimate reason to refuse access.

For example, if giving them access would infringe on another employee’s privacy rights, then you can refuse access.

Legitimate Purpose for Information Collection

Throughout your employment relationship, you will need to collect different kinds of personal information about your employees. As long as it is for a legitimate and necessary business purpose, then you can do so without too much hassle. You need to ensure your employees know when you collect and use their personal information, so it is a good idea to include a privacy clause detailing this in their employment agreement.

For example, many businesses use CCTV for security purposes. You need to ensure your employees know that you are filming them and only do so when you need to.

If you cannot provide a legitimate purpose for collecting an employee’s personal information, you should not gather that information. For example, you may collect some personal information with consent directly related to an employee’s fitness for employment. This includes: 

  • criminal conviction information;
  • information relating to anti-money laundering or a credit check;
  • information from referees; and
  • health information where appropriate.

Privacy Policies In the Workplace

It is important that you engender a positive culture around privacy protection in the workplace and that your employees are receptive to this culture. If an employee breaches the privacy of another employee or a customer, your business will usually be the one responsible. This is unless you can prove you have taken all reasonable steps to prevent employees from breaching another person’s privacy. Therefore, make sure that:

  • you train staff so that they know their privacy law obligations;
  • you have a privacy officer;
  • there are clear policies around how your business handles personal information;
  • employees understand both their privacy rights and duties; and
  • you have ways of monitoring access to both employee and customer information.

Key Takeaways

Your business needs to follow New Zealand privacy law when you deal with personal information. This applies to any personal information about your customers, as well as your employees. In particular, you need to ensure your employees know when you collect their information, and you need a legitimate reason to do so. If you would like more information or help with your privacy obligations towards your employees, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is the Privacy Act?

The Privacy Act details New Zealand’s rules around what organisations need to do when dealing with the personal information of individuals. It aims to protect the privacy rights of New Zealand citizens according to an appropriate standard.

Does my business have privacy obligations towards my employees?

When your business holds personal information, it has privacy obligations towards the person that personal information is about. Therefore, when you hold personal information about your employees, you owe them the same privacy obligations you would for anyone else.

Is it illegal to record your staff on CCTV?

You can only use CCTV to record your employees when you have a legitimate reason to do so, such as preventing theft or vandalism. You cannot place CCTV in certain areas such as changing rooms or toilets.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards