Privacy statements

The privacy requirements in the New Zealand Government Web Usability Standard reflect a combination of the Privacy Act 1993 and other matters that ought to be considered when creating privacy statements.

If a Government organisation wishes, its website can supplement the privacy statement with additional targeted messages in specific contexts, e.g., where the web site collects user information by means of an input form.


Giving notice to website visitors about how your organisation collects and uses personal information is good practice and assists your organisation in both complying with the Privacy Act 1993 and engendering public trust and confidence in those who use the organisation’s website.

Requirements for privacy statements

The NZ Government Web Usability Standard requirements for privacy statements are as follows:

2.4 Privacy

2.4.1 Each website must contain a privacy statement that is visibly linked to from the website home page and that clearly indicates:

  • the scope of the statement (e.g. “This privacy notice applies to personal information collected on [the organisation’s] website:”);
  • the circumstances in which personal information is collected, by whom it is held (e.g. the responsible organisation and/or third parties) and any choices users have as to whether such information is collected in the first place;
  • the uses to which collected personal information may be put by the collecting organisation and the circumstances in which it may be disclosed;
  • the collection and use of statistical information, including users’ IP addresses;
  • a statement that cookies are used, if that is the case, and a brief description of their purpose;
  • users’ rights to request access to or to correct personal information held by the collecting organisation; and,
  • contact details for such purposes.

Example privacy statement

For an example of a privacy statement, see the Web Toolkit website’s privacy policy.

Further information on drafting privacy statements, including the concept of “layered privacy notices”, can be found on the Office of the Privacy Commissioner’s website.