<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1700626273582757&ev=PageView&noscript=1" />

Car insurance nz law firms

What the Act covers

The Privacy Act 1993 deals mainly with the collection and disclosure of personal information. It’s more about information privacy than other aspects of privacy.

The Act has 12 principles that stipulate how information can be collected and used, and people’s rights to gain access to that information and ask for it to be corrected.

Principle 1: Purpose of collection of personal information.
An agency may only collect personal information where it is needed to perform a function or activity of the agency.

Principle 2: Source of personal information.
The agency must collect the information directly from the person concerned. There are exceptions: for example, where the person agrees otherwise, or where the information is publicly available.

Principle 3: Collection of information from subject.
The agency must take all reasonable efforts to ensure the person is aware that the information is being collected, what it will be used for, the recipients of the information, whether the supply of the information is voluntary or mandatory, the consequences of not providing the information and the person’s rights of access to and correction of the information.

Principle 4: Manner of collection of personal information.
Personal information must not be collected in an unlawful, unfair or intrusive fashion.

Principle 5: Storage and security of personal information.
The agency must ensure the information is protected against loss, misuse, or unauthorised disclosure.

Principle 6: Access to personal information.
Where the information can be readily retrieved, the individual is entitled to confirmation of whether the information is held, and to have access to it. There are exceptions, for example, where disclosure would prevent detection of a criminal offence, or would involve a breach of someone else’s privacy.

Principle 7: Correction of personal information.
Individuals may request correction of information held. Where this is not agreed to by the agency, the individual may request that the information is tagged with a statement that the correction was sought and was refused.

Principle 8: Accuracy of personal information to be checked before use.
The agency must not use the information without taking reasonable steps to ensure it is accurate, up-to-date, complete, relevant and not misleading.

Principle 9: Agency not to keep personal information for longer than necessary.
The agency must not keep the information for any longer than it is needed for the purposes for which it was collected.

Principle 10: Limits on use of personal information.
Information collected for one purpose must not be used for any other purpose. There are exceptions: for example, where the agency reasonably believes the individual has authorised the further use, or that the information was from a publicly available publication.

Principle 11: Limits on disclosure of personal information.
The information must not be disclosed except in certain situations. These include where the disclosure is directly related to the purpose for which the information was collected, where the source of the information is a publicly available publication, and where the disclosure is authorised by the individual concerned.

Principle 12: Unique identifiers.

Allianz car insurance claims malaysia

An agency must not assign a unique identifier to an individual unless doing so is necessary for the agency to carry out its functions efficiently. Where doing so is necessary, agencies must not use a unique identifier that has been assigned to that individual by another agency (the only exception is for certain taxation purposes).

Who it applies to

The Act covers government agencies, local councils, businesses, and individuals. There are some exceptions – for example, the news media, members of parliament, the Governor General, ombudsmen, and the courts are not covered by the Act.

The privacy law doesn’t just apply to clients and customers – all personal information is covered, including information about employees. All organisations are required to have a privacy officer to deal with privacy issues.

The Privacy Commissioner’s role

The Privacy Commissioner provides advice and education on privacy, investigates complaints, evaluates new legislation that may impinge on an individual’s rights, reviews data-matching programs, and issues codes of practice.

Codes of practice cover specific industries, agencies, activities, or types of personal information. Codes often adapt the provisions of the Act to a particular circumstance, group of organisations or type of information.

Two codes that most affect the lives of consumers are the Credit Reporting Privacy Code and the Health Information Privacy Code. Information about both these codes is on the Privacy Commissioner’s website.

Limitations of the Act

As the Privacy Act is a principle-based system, it is not enforceable in court. An aggrieved individual must make a complaint (see below) to the Privacy Commissioner alleging an “interference with privacy”. The Commissioner has no powers to fine or prosecute anyone or order an organisation to pay compensation.

There is an important exception – principle 6 (Access to personal information) is enforceable in court if it relates to personal information held by a public sector agency.

The Privacy Act can’t override other Acts that authorise or require personal information to be made available. Where it comes into conflict with the provisions of another Act, the other Act takes precedence. For example, schools must work within the Education Act. If the Privacy Act conflicted with the Education Act, the Education Act would override the Privacy Act.

Making a complaint

A breach of a principle or code of practice is an “interference with privacy” if, in the opinion of the Privacy Commissioner, the breach reaches the legal threshold.

“Interference with privacy” is a legal term that involves two aspects. First, there must be a breach of the law and second, there must be some harm that arose from it.

The complaints system

  • If you feel your privacy has been breached, ask to speak to the privacy officer of the organisation concerned.
  • If you don’t get a satisfactory response, you can complain to the Office of the Privacy Commissioner (OPC). The Office may ask you to fill out a complaint form. The form asks how you think your privacy has been breached and which principles or rules have been breached.
  • The OPC will investigate your complaint and form an opinion as to whether the breach is an “interference of privacy”. If your complaint has substance, the OPC will attempt to secure a settlement through mediation.
  • If your complaint is unable to be settled, the OPC can refer the complaint to the Director of Human Rights Proceedings. The director considers whether proceedings can be brought and if so will act for the plaintiff.
  • An individual can also initiate proceedings to the Human Rights Review Tribunal if the director does not consider the claim has substance. If the Tribunal believes there is an “interference with the privacy” of an individual it is able to grant a range of remedies. The Tribunal can award damages to an individual of up to $200,000. The highest award so far has been over $168,000.
  • If you are still dissatisfied, there is a general right of appeal to the High Court.

Privacy Act reform

The Law Commission has noted that while the complaints system is generally working well there are measures that could be incorporated to improve the efficiency and effectiveness of the system.

Proposed measures include removing the legal test of “interference of privacy” and replacing it with a simple breach of the Act. As it stands there may be cases with merit which are not getting through this filter.

It’s also proposed that the Privacy Commissioner be given power to determine complaints under principle 6 (access to personal information), with the Tribunal of Human Rights as an appeal body; and that the role of Director be removed.

We support any change that will streamline the complaints procedure and promote easy access for an individual to make a complaint and seek redress.


The current system is geared towards individual dispute resolution. It’s a reactive system, relying on the complaints process to enforce compliance with the principles. It’s effective for individual settlement but doesn’t address issues within a particular organisation or wider industry practice.

The Law Commission has proposed several reform options that would allow the Privacy Commissioner to take more proactive steps to ensure compliance within an organisation or wider industry.

Two key proposals were submitted:

  • Compulsory audits. A provisional proposal that the Privacy Commissioner be given mandatory audit powers. This would allow the Commissioner to be more proactive in promoting compliance with the Act rather than relying on the complaints process. It would also provide an incentive for agencies to maintain compliance. Priority would be given to areas such as the public sector, credit reporting and health information systems.
  • Enforcement notices. The Law Commission proposed allowing the Commissioner to issue binding enforcement notices. The Commissioner would identify a breach of the Act and then require the agency to comply.

In 1997 we suggested the Privacy Commissioner should have the power to make binding orders. We stand by this recommendation. We strongly support the proposal to grant compulsory audits and give more enforcement power to the Privacy Commissioner.

Direct marketing

The Privacy Act doesn’t provide any specific controls on direct marketing but the general principles will apply. In order for the Act to regulate direct marketing it partly hinges on whether the marketing approaches are based on the use of “personal information”.

It’s important to note that information such as a telephone number, physical address or an email address is not necessarily “personal information” unless it’s linked to other information in which an individual becomes identifiable. Marketing companies can also get around this by generic consent at the time personal information is collected.

The Act will not directly apply if information is publicly available or it was collected for marketing purposes.

Aside from the Privacy Act, the Marketing Association of New Zealand has developed a code of practice. This code established a “Do Not Call” register to which 44,000 people now belong. This register is said to decrease the number of unwanted, unsolicited phone calls that consumers receive from organisations. It is confined to direct marketers who are members of the Association. See our Telemarketing report for more information.

If you consider direct marketing is impacting on your informational privacy, contact the Office of the Privacy Commissioner and make a complaint.


The Law Commission has identified a range of proposals to address the issue of direct marketing and informational privacy. We support the call for a government-administered “Do Not Call” register. This would be more visible, proactive, and, importantly, independent of the marketing industry.

Data breach notification

A data breach is unauthorised access or use of personal information. Breach notification is the practice of notifying affected individuals when personal information has become available to unauthorised parties.

There have been some high profile data breaches.

  • The Treasury lost a CD in the post that contained personal and company tax details of numerous individuals.
  • The website of mobile phone company 2degrees suffered teething problems making it possible to see the personal details of previous visitors to its site.
  • Massey University’s intranet suffered a fault potentially exposing sensitive student information to anyone who accessed the site.

Data breach law

Holders of personal information are under no legal obligation to notify individuals or the Privacy Commissioner when an individual’s personal information is compromised. However, failure to notify would be taken into account by the Privacy Commissioner if a complaint was received.

There are strong arguments in support of making data breach notification mandatory. An individual who is notified will be able to take measures to ensure the negative effect of the breach is controlled or mitigated.

Information such as medical records and financial information is inherently sensitive. If people were notified of a breach they could take steps such as changing bank account details and passwords.

As notification is currently voluntary it makes it difficult to determine which firms and industries are the worst at protecting information. Mandatory notification would enable the collection of this type of data and allow areas of concern to be identified.

Voluntary notification may also act as a disincentive for organisations to notify individuals. By not contacting the affected individuals, organisations avoid exposure to liability, insurance consequences and damage to reputation.

Mandatory data breach notification would encourage organisations to increase the protection of personal information.


How will the new ADLS lease form affect landlords and tenants?

A new edition of the Auckland District Law Society Inc‘s (ADLS) Deed of Lease, which is commonly used throughout New Zealand for leases of commercial property, has been released. If you are a landlord or a tenant entering into a lease using the new form, the changes will affect you. This article highlights some key changes.

The ADLS Deed of Lease (sixth edition), referred to here as the ‘new ADLS lease’, was released in November 2012. Many of the changes made in it address problems which came to light with the destruction of commercial buildings in the Christchurch earthquakes. Others reflect changing leasing practice.

CPI rent reviews

The new ADLS lease gives landlords and tenants the option of choosing CPI-based rent reviews instead of (or in addition to) market rent reviews.

In previous versions of the ADLS lease, rent reviews are based on a ‘current market rent’ test. This means the rent can be adjusted on each rent review date or lease renewal date to reflect ‘market rent’ for the property. If the landlord and tenant can’t agree on the rent, they can resolve the dispute by going to arbitration or determination by registered valuers. This can be costly.

With CPI rent reviews, the rent will be adjusted by increases (but not decreases) in the Consumer Price Index (All Groups). This removes the risk of expensive disputes over market rent.

It’s possible to combine both market rent and CPI rent reviews. For example, you could elect to have regular CPI rent reviews, with market rent reviews at longer intervals. This may guard against the possibility that CPI adjustments cause the rent to deviate too far from market rent over time.

There are pros and cons to each of these rent review mechanisms, as well as other possible methods. We can advise you on these, and help you to navigate your way through the rent review process.


Building insurance costs have soared in the wake of the Christchurch earthquakes. The new ADLS lease, like previous editions, makes the tenant liable to pay the landlord’s insurance premiums for the types of cover specified in the lease. In the event of a claim, however, the tenant is required to pay only a portion of the insurance excess – up to $2,000. (The tenant’s contribution has been increased from the $500 payable under the previous edition of the ADLS lease.) The landlord is obliged to insure the building against damage and destruction for the usual range of risks (including earthquake cover), with an option in the lease to select between full replacement and reinstatement, or indemnity to full insurable value. The lease also allows the parties to agree that the landlord will take cover for some additional risks.

If you’re entering a lease, you’ll need to carefully consider the insurance provisions. They may need to be modified to suit your particular circumstances. Examples would be if insurance cover isn’t available for some risks, the premium is unaffordable for the tenant, or the insurance excess is too high or reimbursement of part of the excess isn’t suitable.


The new ADLS lease, like previous editions, allows the landlord to pass on certain costs to the tenant as ‘outgoings’. A change from the previous ADLS lease is that the landlord is now required to vary the proportion of outgoings payable by the tenant to ensure that it remains fair, for example, if circumstances change.

The list of outgoings hasn’t changed greatly. The new ADLS lease, however, specifies that the following costs will not be passed on to tenants:

  • Repairs to a building due to defects in design or construction, inherent defects in the building or renewal or replacement of building services
  • Charges for repaving or resealing a car park, and
  • Costs of upgrading, or other work, to make the building comply with the Building Act 2004.

Many landlords and tenants focus on rent, but don’t give enough attention to outgoings, even though outgoings can be costly. It’s important to ensure the list of outgoings is modified where appropriate.

Legal costs

The new ADLS lease requires each party to pay their own legal costs in relation to the preparation of the lease, and subsequent variations and renewals. This differs from the previous edition, which required the tenant to pay these costs.

Landlord’s maintenance

There have been a number of changes to maintenance provisions, including the addition of a specific requirement that the landlord keep the building weatherproof. The landlord is also required to maintain building services and to replace them if they can no longer be maintained through regular maintenance.

Landlord’s access for inspection and works

The Christchurch earthquakes have highlighted issues that can arise if a landlord needs extended access to premises to perform works. The new ADLS lease allows the landlord to require a tenant to vacate the premises if this is reasonably required to enable works to be carried out. If a tenant is required to vacate, or the tenant’s business is materially disrupted, there will be a fair reduction in the rent and outgoings while the disruption continues. The landlord must act in good faith when exercising this right of access.

Who bears the cost of earthquake-strengthening work?

The cost of earthquake-strengthening work has become an important issue for many landlords. Under the previous edition of the ADLS lease, a landlord may be able to pass a percentage of earthquake-strengthening costs on to a tenant under the ‘improvements rent’ provision until the next rent review. However, landlords don’t have this ability under the new ADLS lease, as the improvements rent provision has been removed.

Access in emergencies

The Christchurch earthquakes exposed another problem in previous editions of the ADLS lease, which arose when premises were undamaged but couldn’t be accessed. In this situation the lease arguably required the tenant to continue to pay rent and outgoings, even if they couldn’t access their premises. This led to disputes about whether the tenant could cancel their lease.

The drafters of the new ADLS lease have tried to address this issue. If the tenant can’t access their premises due to an emergency, for example, if a cordon is in place, the tenant will be entitled to a fair reduction in the rent and outgoings until the premises can be used again. If the situation continues for too long (nine months is the default period in the lease), either party will be entitled to terminate the lease.

Reinstatement and chattels removal

The new ADLS lease contains several changes relating to the requirement for the tenant to remove its alterations and chattels, and reinstate the premises at the end of the lease.

One useful addition is the option to attach a Premises Condition Report, which is a report of the state of the premises at the start of the lease. This is a good way to reduce the risk of costly disputes at the end of the lease about the state of repair to which the tenant is required to restore the premises.

Bank guarantees

If a tenant assigns their lease to an unlisted company, there is a new option for security to be given to the landlord in the form of a bank guarantee, instead of personal guarantees from the new tenant’s principal shareholders.

Some landlords are now requiring a bank guarantee from the original tenant, although the new ADLS lease doesn’t provide for this. Personal guarantees may be of limited worth if the people giving them have limited assets, or have their assets tied up in family trusts. In addition, some directors are unwilling to provide personal guarantees.

See a lawyer before you sign a lease

Landlords and tenants often enter leases without giving enough attention to the fine print. Once the lease has been signed, it’s too late to make changes. You may wish you had done so once you become aware of the full implications of the lease terms later on.

Standard form leases are only a starting point. The ADLS lease isn’t always suitable and, when it’s used, it should be tailored to your situation. Whether you’re a landlord or tenant, you can benefit from customising your lease.

If you see us early in the process, we can work with you to negotiate lease terms which best suit your needs.


Call to change insurance law to stop 'ruined lives'


Last updated 05:00, March 2 2017

Car insurance orange city fl 123RF

People are often caught out when they forget to disclose medical conditions to a travel insurer.

New Zealand needs a law change to stop people "ruining their lives" by not disclosing relevant information to their insurers, the Insurance and Financial Services Ombudsman says.

Karen Stevens said about 11 per cent of the 272 complaints her office received in the last financial year included non-disclosure as a problem.

She said the number was dropping, but not fast enough.

"For the 22 years we have provided a dispute resolution service, a constant stream of people have contacted us because their insurance claim has been declined, or their entire policy avoided because they left out information on the insurance application," she said.

READ MORE: Personal finance: Confess to insurers now, or it's distress later

"While some cases are clear, and people have deliberately failed to provide information they were asked for, in many cases people unintentionally leave out information, because they have forgotten, or they do not realise it is so important. The most common things people don't disclose are their pre-existing medical conditions, convictions, and claims history."

Customers are legally required to disclose all information that a prudent underwriter would consider material to the risk of the insurance.

But Stevens said many people did not understand what that meant.

"Because most consumers do not understand how dire the consequences of non-disclosure are and generally don't read the documents, they are unaware of the extent of the duty.

"Our real concern from the complaints we see is that consumers still don't appreciate that they need to tell the insurer about everything – not just what they think is relevant."

Ad Feedback

It was not until they tried to claim and were turned down because the insurer discovered something relevant in their medical history, for example, that they realised a problem. 

Stevens said, once a person's policy had been avoided by one company, it could leave them unable to get cover from any other insurer, for anything. That could then make it hard to get a mortgage or take out finance on a car.

Providers of house, contents and vehicle insurance have signed up to a Fair Insurance Code, which requires their response to non-disclosure to be reasonable.

But Stevens said industry self-regulation was insufficient.

"As Insurance and Financial Services Ombudsman, I would like to see the law on non-disclosure changed to assist consumers who unintentionally leave out information when they apply for insurance," she said.

"A review of the law on non-disclosure is long overdue.  We need legislation to bring us more in line with the law in Australia and the UK – preferably an Insurance Contracts Act to bring all insurance law together. This would help prevent many consumers from finding themselves in the difficult situation of being uninsured, or potentially, uninsurable."

Susan Taylor, chief executive of Financial Services Complaints Ltd, said most cases her office saw related to travel insurance.

People had often forgotten to disclose pre-existing medical conditions. "If they are travelling and require medical attention or have to cancel before they go because they have suffered a medical event, their claim is declined because they failed to disclose. We see a number of those cases."

She said in many situations, the insurance had been bought online. She said insurers could do more to highlight what was required.

- Stuff

Saved|Saved Stories Saved|Saved Stories Save|Saved Stories Save|Saved Stories

Next Business story:

A year of struggle and savings for Facebook ciggie quitter

Business Homepage



Add comment

This e-mail already registered. or enter another.