Which NZ industries need IPP3A compliance for lookups?

Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.

Is DEIS a legal adviser?

No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Construction industry: privacy compliance when vetting subcontractors

Checking a subcontractor's company status, director history, and financial standing involves third-party data. Here is how to handle the privacy obligations.

constructionsubcontractorsvettingDEISdeis.nzNew ZealandPrivacy Act 2020IPP3A

Frequently asked questions

What is the main takeaway from "Construction industry: privacy compliance when vetting subcontractors"?: Checking a subcontractor's company status, director history, and financial standing involves third-party data. Here is how to handle the privacy obligations.
Which NZ industries need IPP3A compliance for lookups?: Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.
Is DEIS a legal adviser?: No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Construction companies routinely vet subcontractors before engaging them on projects. This vetting typically involves Companies Office searches, credit checks, and sometimes vehicle or asset searches (for plant and equipment). Each of these involves collecting personal information about the subcontractor's directors and owners from third-party sources.

The vetting process

A typical subcontractor vet might include:

Companies Office search — director names, shareholding, compliance status
Credit check — financial standing of the company and sometimes personal credit of directors
PPSR search — checking for security interests over plant and equipment
Health and safety records — third-party H&S databases

IPP3A for company directors

When you search a company and obtain personal information about its directors, IPP3A applies to the directors as individuals. The fact that they hold a public office (company director) does not remove their privacy rights.

Practical approach

When engaging a new subcontractor, inform their directors that you will be running background checks.

Get written consent as part of your subcontractor onboarding paperwork.

Record the consent pathway in DEIS for each lookup.

If you check directors' personal credit (not just the company's), ensure the consent specifically covers personal credit checks.

DEIS for construction

DEIS allows you to group lookups by subcontractor/matter, making it easy to see all checks run on a particular subcontractor and their directors. The evidence trail links the consent form to each individual lookup.