Logistics and freight: privacy compliance for identity verification and proof of delivery

Logistics companies — including Mainfreight, Freightways, NZ Post, and countless smaller operators — collect personal information as part of their core operations. Identity verification, proof of delivery, and customer credit checks all involve personal data that triggers Privacy Act obligations.

Common data collection points

• Customer credit checks — running credit bureau checks on new business customers.

• Driver identity verification — verifying driver licences and endorsements through NZTA.

• Proof of delivery — collecting recipient signatures, photos, and GPS coordinates.

• Customs documentation — collecting personal information for international shipments.

Third-party data triggers

When a logistics company runs a credit check on a new customer through Centrix or Equifax, IPP3A applies. When they verify a driver's licence through NZTA, IPP3A applies. These are collections of personal information from third-party sources.

Proof of delivery considerations

Proof of delivery data (signatures, photos) is collected directly from the recipient, so IPP3A does not apply. However, other privacy principles — particularly IPP1 (purpose), IPP4 (fairness), and IPP9 (retention) — do apply.

DEIS for logistics

DEIS allows logistics companies to manage their credit check and identity verification compliance. The evidence trail covers customer onboarding checks and driver verification, ensuring a complete compliance record.