Which NZ industries need IPP3A compliance for lookups?

Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.

Is DEIS a legal adviser?

No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Hospitality and tourism: IPP3A when verifying guests, staff, and contractors

Hotels, motels, and tour operators run credit checks, reference checks, and licence verifications — often without recording how IPP3A was satisfied.

hospitalitytourismhotelsscreeningDEISdeis.nzNew ZealandPrivacy Act 2020

Frequently asked questions

What is the main takeaway from "Hospitality and tourism: IPP3A when verifying guests, staff, and contractors"?: Hotels, motels, and tour operators run credit checks, reference checks, and licence verifications — often without recording how IPP3A was satisfied.
Which NZ industries need IPP3A compliance for lookups?: Any sector running credit checks, vehicle history searches, company director lookups, or tenant screening on individuals — including finance, automotive, real estate, recruitment, and insurance — must satisfy IPP3A when collecting from third parties.
Is DEIS a legal adviser?: No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Hospitality and tourism businesses collect personal information constantly — guest bookings, staff onboarding, contractor vetting, and liquor-licence compliance. Much of it comes from third-party sources, which triggers IPP3A.

High-risk collection points

Staff and contractor screening. Reference checks, credit checks for finance roles, and driver licence verification through NZTA all involve third-party data. A generic employment agreement rarely records the pathway for each check.

Corporate and event bookings. Credit checks on new corporate accounts or large event deposits pull bureau data about authorised signatories — not just the company.

Liquor licence and duty manager checks. Verifying criminal record or licence status through external registers is third-party collection about identifiable individuals.

The publicly available trap

Some hospitality operators assume guest names on a booking platform or director names on the Companies Register are "public" and need no IPP3A step. The OPC's proportionate standard still expects documentation — especially when data is aggregated or used for a new purpose.

Practical steps

List every third-party source used in HR, finance, and operations.

Match each source to an IPP3A pathway before the lookup runs.

Retain evidence for the retention period your policy requires — DEIS defaults align with common seven-year audit expectations.

DEIS is already used by accommodation groups and tourism operators who want one evidence trail across seasonal hiring spikes.