Which NZ industries need IPP3A compliance for lookups?

Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.

Is DEIS a legal adviser?

No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Debt collection agencies: privacy compliance when tracing and collecting

Debt collectors access multiple data sources to trace debtors and assess ability to pay. Here is how to manage the privacy obligations.

debt collectiontracingPPSRDEISdeis.nzNew ZealandPrivacy Act 2020IPP3A

Frequently asked questions

What is the main takeaway from "Debt collection agencies: privacy compliance when tracing and collecting"?: Debt collectors access multiple data sources to trace debtors and assess ability to pay. Here is how to manage the privacy obligations.
Which NZ industries need IPP3A compliance for lookups?: Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.
Is DEIS a legal adviser?: No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Debt collection agencies are heavy users of third-party data. Tracing activities, credit checks, and asset searches all involve collecting personal information from sources other than the debtor.

Common data sources

Debt collectors typically access:

Credit bureau data (Centrix, Equifax, illion) for credit history and contact details
PPSR for asset searches
Companies Office for company associations
Electoral rolls and phone directories for tracing
Vehicle registries for asset identification

IPP3A for debt collectors

When a debt collector traces a debtor using third-party data, IPP3A requires notification. However, there is an exception where notification would prejudice the ability to collect the debt (under the "prejudice to the maintenance of the law" or similar exceptions).

This exception is not automatic. Collectors must assess whether notification would actually prejudice collection in each case and document their reasoning.

Best practice

Assess each lookup: would notifying the debtor actually prejudice your ability to collect?

If not, notify. Many routine lookups (e.g., confirming a known address) would not be prejudiced by notification.

Document the exception relied upon for each lookup where notification is withheld.

Use DEIS to record the pathway — including the exception reasoning — for every lookup.