Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It’s easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Privacy statements for websites

Telling website visitors how your organisation collects and uses personal information is good practice and the law.

What is a privacy statement

A privacy statement tells people how you will be collecting, using and disclosing their information.

The Privacy Act 2020 requires New Zealand organisations to be transparent about how, when, and why they collect personal information.

Privacy Act 2020

Comply with the Web Usability Standard

The privacy requirements in the New Zealand Government Web Usability Standard reflect a combination of the Privacy Act 2020 and accepted best practice that should be considered when creating privacy statements on publicly facing websites.

Privacy requirements in the Web Usability Standard

Required privacy statements

Websites must provide 2 privacy statements to comply with the Web Usability Standard:

an Organisation Privacy Statement (OPS) — which describes, at a general level, all the ways a mandated organisation collects and uses personal information, and
a Website Privacy Statement (WPS) — which describes how the particular website does that.

How your statements can meet the Standard

The OPS and WPS can meet the Web Usability Standard requirements by linking to each other and to other privacy statements. This gives agencies some freedom to adopt an approach that suits their context and does not require more than what’s in the Privacy Act 2020.

For an example of how a WPS and an OPS can work together, see the following from the Ministry of Social Development (MSD):

In this example, which is just one of many approaches:

‘Our privacy notice’ on workandincome.govt.nz is the OPS and contains information about all the ways MSD collects and uses personal information
‘Our privacy notice’ also contains information about how MSD’s websites collect and use personal information — in this way, it effectively contains the WPS for both msd.govt.nz and workandincome.govt.nz
the privacy statement on each website just summarises and links to the OPS, which contains the WPS for each website.

Another approach would be for each website to have its own distinct WPS that:

describes how the website collects and uses personal information
links to the OPS which describes all the other ways the organisation collects and uses personal information.

Write a privacy statement

The Office of the Privacy Commissioner developed Priv-o-matic, a tool to create basic privacy statements. It is ideal for small to medium sized organisations.

Generate a privacy statement — Office of the Privacy Commissioner

Other information to include

An organisation may also choose to add targeted messages to the privacy statement for specific contexts, such as when the website collects a user's information submitted in an online form.

JavaScript is currently turned off in your browser — this means you cannot submit the feedback form. It’s easy to turn on JavaScript — Learn how to turn on JavaScript in your web browser.

If you’re unable to turn on JavaScript — email your feedback to info@digital.govt.nz.

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Last updated 03 February 2021