How does this relate to the Privacy Act 2020 in New Zealand?

The Privacy Act 2020 sets out how agencies must handle personal information, including Information Privacy Principle 3A (IPP3A) when data is collected from third-party sources. DEIS helps NZ businesses record compliance pathways for each lookup.

Is DEIS a legal adviser?

No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

IPP7: handling requests to correct personal information

When an individual says your records are wrong, you have obligations to correct or annotate. Here is the process.

IPP7right of correctionPrivacy ActDEISdeis.nzNew ZealandPrivacy Act 2020IPP3A

Frequently asked questions

What is the main takeaway from "IPP7: handling requests to correct personal information"?: When an individual says your records are wrong, you have obligations to correct or annotate. Here is the process.
How does this relate to the Privacy Act 2020 in New Zealand?: The Privacy Act 2020 sets out how agencies must handle personal information, including Information Privacy Principle 3A (IPP3A) when data is collected from third-party sources. DEIS helps NZ businesses record compliance pathways for each lookup.
Is DEIS a legal adviser?: No. DEIS is a compliance platform that records lookup pathways and evidence. Organisations should confirm legal positions with their counsel or the Office of the Privacy Commissioner where needed.

Information Privacy Principle 7 (IPP7) gives individuals the right to request correction of their personal information held by an agency.

The obligation

When an individual requests correction, you must:

Consider whether the information is accurate, up to date, complete, and not misleading.

If it is inaccurate, correct it.

If you disagree that it is inaccurate, attach a statement of the correction sought by the individual.

Inform the individual of the outcome.

If you corrected the information, take reasonable steps to inform any third party to whom the incorrect information was previously disclosed.

The DEIS dimension

If your business ran a lookup through DEIS and the results contained inaccurate information about an individual, IPP7 creates specific obligations:

You must correct any records you hold that are based on the inaccurate data.
You should notify the original data source (e.g., Centrix, Carjam) about the potential inaccuracy.
Your evidence log should record that a correction was requested and the outcome.

How DEIS helps

DEIS allows you to flag lookup results that are subject to a correction request. The flag appears in the evidence log and on the individual's transparency portal, ensuring full visibility of the correction process.