Privacy and security of information
Official Information Act and the Privacy Act
The Community Housing Regulatory Authority (CHRA) is subject to the Official Information Act 1982 and the Privacy Act 1993. If the CHRA receives a request for personal or official information it holds it will consult with any affected parties as appropriate. The CHRA will determine what information should be released and withheld in accordance with the Privacy Act 1993 and the Official Information Act 1982. This legislation protects personal information and other information to the extent that to do so is consistent with the public interest, such as information which is commercially sensitive.
There will be very limited personal information on the Register which is accessible to the public. The Register will comply with the public register privacy principles in the Privacy Act relating to search references, use of information from public registers, electronic transmission of such information, and the CHRA will not charge for public access to the Register.
CHRA will have a designated Privacy Officer – the Manager of CHRA – Fiona Fitzgerald (firstname.lastname@example.org). If a member of the public or individual from a community housing provider (CHP) believes that we have breached his or her privacy, that person will be entitled to complain to the Privacy Officer. Any such complaint will be investigated in terms of our obligations and commitments under this policy.
Collection of statistical information
From time to time, we will collect statistical information, such as on the number and types of complaints received and their outcome. These will not identify individuals or specific CHPs.
Electronic and paper records
In general, we will keep our records electronically unless there are sound reasons to do otherwise. Electronic records will be kept secure in the Ministry of Business, Innovation and Employment’s (MBIE’s) document management system, and will only be able to be accessed by designated CHRA staff.
Hard copy information will be kept secure in a locked facility. Again, only designated CHRA staff will be able to access these documents.
MBIE websites have security measures in place to prevent the loss, misuse and alteration of information under our control. In order to maintain the cyber security of MBIE systems and information, MBIE systems are subject to ongoing monitoring (including activity logging), analysis and auditing. We may use information about your use of our websites and other IT systems to prevent unauthorised access or attacks on these systems or to resolve such events. We may use this information even if you are not involved in such activity.
MBIE may utilise services from one or more third party suppliers to monitor or maintain the cyber security of its systems and information. These third party suppliers will have access to monitoring and logging information as well as information processed on MBIE websites and other IT systems.
Information sharing with other agencies
MBIE and the Ministry of Social Development have agreed operational arrangements in relation to community housing provision and funding. These flow from our respective statutory functions, and include the sharing of relevant information. For example, CHRA will inform the Ministry of Social Development within a reasonable time-frame of any registration decision which affects a CHP’s eligibility for the Income Related Rent Subsidy.
We intend that no personal information will be shared with other agencies unless that is authorised by information privacy principles and exceptions, or a specific information sharing agreement, under the Privacy Act.