Stats NZ has a new website.

For new releases go to

As we transition to our new site, you'll still find some Stats NZ information here on this archive site.

  • Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+
Privacy, security, and confidentiality of information supplied to Statistics NZ
Legal requirements

We are required by law to protect the information we collect. These requirements are outlined in the Statistics Act 1975 and the Privacy Act 1993.

Statistics Act 1975

The Statistics Act 1975 governs the use of data we collect from individuals, households, and businesses. Our data collection is for statistical purposes, and for research that's necessary to support decision-making by New Zealanders, businesses, and government. 

Section 37 (Security of information) protects the information we collect from you. It states that the information:

  • can only be used for producing statistics
  • must be kept secure to prevent unauthorised access
  • must not be published in a way that could lead to disclosing details about a specific individual, household, or business.

See Safeguarding confidentiality for more information about the methods we use to ensure that individual responses remain confidential.

Section 37A (Statistician authorised to disclose certain information) sets out some limited situations where information may be disclosed in a way that could identify a specific individual, household, or business. These include situations where the supplier of the information consents, or where information is already publically available.

See the Business register release policy for information about the release of information about businesses.

See Trade confidentiality for information about the release of trade data.

Section 37B (Disclosure of information collected jointly) allows information that we collect jointly with another agency to be shared between us. In such cases, we inform survey respondents about the other agency and how the information will be used. Where a respondent requests that we don’t share their information with the other agency, we respect their wish.

Section 37C (Disclosure of individual schedules for bona fide research or statistical purposes) provides data access to researchers under strict conditions. The conditions the researcher must meet are:

  • The purpose must be for the public good and the information must be used only for the purposes of the approved research.
  • Names and addresses must be deleted and respondents’ confidentiality protected.
  • Information must be secure at all times and all researchers make a statutory declaration of secrecy.
  • The researcher must have the necessary research, knowledge, and skills to carry out the work.
  • Access to data is at the Government Statistician’s discretion.

See the Microdata access protocols for information about access to information for research purposes and the “five safes” framework.

Section 37D of the Statistics Act 1975 also permits some information to be made available after 100 years if it’s historically significant.

All our staff are bound by the Statistics Act 1975, and the declaration of secrecy they sign. They can face individual penalties for infringement.

Privacy Act 1993

The Privacy Act 1993 guides how we manage the personal information you give us. We follow the privacy principles (set out in the Act) when collecting, storing and using personal information.

See a thumbnail sketch of the privacy principles for more details.

See Privacy for the guidance issued by the Government Chief Privacy Officer that we follow.

We have a Chief Privacy Officer who is supported by a Senior Advisor, Privacy. The Chief Privacy Officer chairs the Information Privacy, Security, and Confidentiality governance group whose role is to ensure we comply fully with the Act in everything we do. This includes monitoring, evaluating, and reporting on our compliance. The Senior Advisor, Privacy handles any complaints and works closely with the Office of the Privacy Commissioner, on behalf of the Chief Privacy Officer, to ensure we maintain best practice in our work.

We conduct privacy impact assessments (PIA) as part of our work. A PIA focuses on identifying the ways a new proposal or operating system, or changes to an existing process may affect personal privacy. This assessment helps us make informed decisions and manage privacy risks better.

See the privacy impact assessment toolkit from the Office of the Privacy Commissioner.

See Integrated Data Infrastructure extension for one of our PIAs.

You can contact us for any information about our legal requirements by emailing

Updated 23 December 2015


  • Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+
  • Share this page to Facebook
  • Share this page to Twitter
  • Share this page to Google+