Privacy and security
Information about the personal information we collect, our approach to privacy and security, and your rights.
The Ministry for Primary Industries (MPI) collects, uses, and discloses information as part of its role to prevent, detect, investigate, respond to, and resolve non-compliance and offending.
We understand that the way we use and hold information is important to maintain the public’s trust and confidence.
We are committed to ensuring the privacy, security, and confidentiality of all the information we hold.
The information on this page was last reviewed by MPI on 23 January 2024.
This Privacy and Transparency statement has been developed and published to provide the public and those we engage with in the course of our work with information about the type of information gathering activities we undertake. It outlines the purpose of those activities, and the steps we take to manage and protect the information we collect.
MPI's Privacy and Transparency Statement [PDF, 274 KB]
We collect, use, manage, and disclose personal information only as provided by the law and to meet our statutory obligations, which include activities covered by:
We have internal authorisation processes and procedures to make sure we gather, use, share, and disclose information in a way that complies with the law and manages possible risks.
Our approach to managing data aims to support transparency and make it easier for the public to engage with government agencies. As data custodians, we also protect individual privacy, confidentiality, and trade sensitivity over accessibility.
We expect all our staff and contractors to meet the State Services Commission’s Code of Conduct and act with fairness, impartiality, responsibility and trust. We are also committed to adopting and complying with the State Sector’s Model Standards for information gathering associated with regulatory compliance, law enforcement and security functions. We strive for continuous improvement in the way we manage information, in accordance with the Government Chief Privacy Officer’s core expectations for privacy management and governance in the public sector.
Assurance for staff integrity and conduct within MPI, and for oversight of our regulatory compliance and law enforcement functions, is provided through a number of mechanisms, including through the work of the Security and Privacy Directorate, Human Resources, Procurement, the Assurance and Evaluation Directorate, the Compliance Directorate, the Professional Standards Unit, the Inspector-General for Regulatory Systems, and the Risk and Audit Committee.
You can browse our website without providing any personal information.
We do not try to identify people using our website through their browsing history.
To help us improve our website, we collect some basic, anonymous, technical information including:
We use web cookies to temporarily store information to enhance your browsing experience and helps us improve our website.
Cookies are small text files on your computer’s hard drive to collect information about your use of our website. Cookies do not collect identifiable information about you.
You can disable and enable cookies at any time and can continue to view our website. But if you disable a cookie, you will not be able to subscribe to our updates, publications and alerts, fill out a feedback or enquiry form, and will have a reduced online experience.
To enable or disable a cookie:
You can voluntarily provide personal information through our website to access our services and to engage with our staff. We will use the information we collect and share it with third parties only as specified.
When you fill out a feedback form, your message may be stored and analysed to improve our website or services.
The information you provide may be seen by staff, and by contracted or third party site administrators responsible for website administration, maintenance, or other related services. Information may also be stored in a secure database by a third party acting on our behalf. As of 13 June 2019, our service provider is Campaign Monitor.
Find out how Campaign Monitor keeps your data private and secure
If you subscribe to our news and alerts, you are giving consent to receive emails from us as provided for in legislation.
Unsolicited Electronic Messages Act 2007
We may ask for or need, some personal information to administer your subscription. You may be asked to confirm that the information is true and correct. We record this information securely and use it to update our databases, which are part of our records.
You can unsubscribe any time and your details will be deleted from the database.
Information you provide on any online discussion forums will be able to be seen by other forum users. We recommend you do not disclose any sensitive information through these types of forums.
If you apply for a job with us, you will need to create an online profile that we will use to manage your application. Should your application for a job be unsuccessful, or should you wish to withdraw an application from consideration, your information will be disposed of when our administrative activities are completed.
We collect personal information when you use our phone and email contact centres, such as the pest and disease hotline (to report possible cases of exotic pests or diseases), and our poacher hotline (to report illegal fishing activity).
We will not use your email address or other details to contact you or give them to anyone else unless we consider it necessary for a lawful purpose. In that situation, we would assess any relevant privacy considerations.
You can use our contact centre services anonymously if you wish.
We monitor, analyse and audit our online systems and information to maintain security.
We may use information about your use of our website or other IT (information technology) systems to prevent or resolve unauthorised access or attacks, even if you were not directly involved.
We may use third-party suppliers to do this.
If you enter an MPI building, or site you will be required to sign in with your contact details, and upon leaving, sign out. This information is stored securely on our building access software. We will use this information to manage our occupancy, which is required for evacuation procedures. During New Zealand’s COVID-19 response, this information may also be used for contact tracing if necessary.
MPI is committed to providing secure and safe secure workplaces and uses closed circuit television (CCTV) to help protect our sites, staff, and visitors.
The purpose of MPI CCTV systems is to:
Signage is prominently displayed at the perimeter of areas covered by CCTV informing people of the presence of cameras prior to them being monitored or as they enter the monitored area.
In general, we do not share personal information, except in the following circumstances.
We collect information from a range of sources to undertake our statutory functions and to administer the laws we are responsible for. Some information we collect is provided voluntarily and some is mandatory.
We do not obtain approval to obtain information that is readily available to the public (such as through an online search engine).
Any proposed covert collection of information for regulatory, compliance or enforcement work is restricted to staff with specialist knowledge, experience and competence. Relevant senior staff determine this on a case by case basis and take a range of factors into account such as the severity of the harm we seek to prevent or address, the intended and possible outcomes, and the credibility and reliability of the information source.
MPI has introduced body worn cameras for use as personal protective equipment by authorised fishery officers and honorary fishery officers. The aim is to reduce both the number and severity of incidents involving aggressive and threatening behaviour and obstruction, thereby improving health and safety for our frontline staff and for the public.
Body worn cameras are not used as a substitute for standard investigative and compliance procedures. Where video and audio has been collected and has been retained, it may be used to help resolve complaints, and for enforcement, prosecution, and other lawful secondary purposes, if it contains materially relevant evidence.
Find out more about body worn cameras
We have certain legal powers to carry out our regulatory and enforcement functions. In some situations, this might require us to:
We collect information in a number of ways for a range of different reasons.
In most cases, we tell people why we are collecting the information and what it will be used for.
If there is a legal requirement to provide information, we will specify which law applies, why it is needed, if it is compulsory or voluntary to provide it, and the consequences if you choose not to provide it.
Sometimes, we collect information about someone from another source, if this is permitted by law, including under the Privacy Act.
In this situation, someone may be unaware that we have obtained information about them from another individual or agency.
On occasions, we receive information that gives us reasonable cause to believe that a person or group may pose a threat to the public or to our staff. In such cases, we may take appropriate actions to protect people, information, or places.
We take all reasonable and practical steps to check the accuracy and reliability of information received from third parties.
We do not employ private investigators to conduct surveillance on individuals or as part of our compliance or enforcement activities.
However, if we received information of a direct threat or possibility of harm to anyone, we would collect information as part of our assessment and response. We may use a specialist third party to help us with this.
In some situations, it may be appropriate to collect information or undertake surveillance in a way that does not immediately identify us, as allowable under the Search and Surveillance Act 2012.
Enhanced levels of oversight and controls will be adopted in such situations.
We take care to exercise our information gathering powers lawfully and appropriately, and to meet our obligations under the Privacy Act 2020, State Sector Code of Conduct, and State Services Commissioner’s Information Gathering Model Standards at all times.
We protect information collected in these situations, and disclose only what we consider necessary to carry out our statutory responsibilities, and to support other government agencies to enforce the law and carry out regulatory compliance and security activities.
We may use and disclose information only in connection with our lawful purposes, functions and powers.
We may share information with other agencies to carry out either of our responsibilities or comply with international obligations and commitments.
Information will be shared only in accordance with our statutory powers and with appropriate controls. We take all practicable steps to verify information before sharing it with a third party.
Where possible, we inform the person concerned at an appropriate time. However, there are some circumstances where there are legitimate reasons for us not to do this, such as if it would affect our ability to investigate possible offending or a crime or threat.
Our third party contracts may include service requirements to do with privacy, information security and commercial confidentiality.
We may also exchange information with agencies in other countries that we have a treaty or co-operation arrangement with.
Information may be used to audit or monitor our compliance activities.
We exchange information for statistical purposes with Statistics New Zealand.
Information may be used for analysis, risk assessment, or auditing and monitoring.
We share information with New Zealand’s other border agencies to help us detect and prevent risks and to help people comply with their obligations.
We do not make decisions or take enforcement actions based solely on data models.
We are responsible for maintaining and publishing a number of public registers related to specific laws.
Anyone who is concerned that information we make public on one of the public registers we administer may pose a risk to their own, or someone else’s safety should contact us as in certain circumstances we can take steps to limit the amount of identifying information made publicly available.
Submissions we receive from members of the public become official information, which can be requested under the Official Information Act 1982 (OIA).
The OIA requires us to make submissions available unless we have a good reason to withhold information. These reasons include the need to protect commercial or privacy interests.
We may also choose to proactively publish submissions to further public discussion and transparency of policy decisions.
Let us know if you would like to us to consider withholding specific information from public release when you provide feedback on proposals.
Withholding any information is at our discretion, however decisions can be reviewed by the Ombudsman.
We respect your privacy and aim to keep your information confidential unless we are lawfully required or allowed to disclose it.
We have secure environments to protect your personal information and business records. We use reasonable security safeguards to protect information – both digital and hard copy – from loss, unauthorised access, use or disclosure.
We have a role-based, needs-only, access approach, where possible. All staff are assigned unique passwords, and we have a range of measures to prevent unauthorised access to your personal or commercially sensitive information.
The security of our premises and information is managed according to the:
All information we hold is subject to the requirements of the Official Information Act 1982 (OIA) and the Privacy Act 2020.
Under these laws, you have the right to ask for certain information. Under the OIA, you have the right to request a wide range of official information. Under the Privacy Act, you have the right to ask for access to any information we hold about you, including information collected from a third party.
To request information under the OIA, email: info@mpi.govt.nz
To request information about you under the Privacy Act, email privacyrequests@mpi.govt.nz
In your request, check that you have included:
For some requests, we may need to see a photo identification or other proof of identity, to verify that you have authority to access information or to act on someone’s behalf.
We aim to respond to all requests for information within 20 working days. Some requests may take longer, such as large or complex requests and those that require us to consult with other parties. We will let you know if we need an extension of time.
If we refuse your request, we will explain why and outline the steps you can take if you disagree with this decision.
You have the right to ask us to correct the information we hold if you think it is not correct.
We may decline a request to update our records if we don’t consider it appropriate to do so. If this happens, you can ask for a statement to be added to your information that describes what your request was and explains why the change was not made.
We hold your personal information as long as necessary to achieve the purpose that it was collected for, or as required by law.
Information we collect may be classified as a public record and is kept according to our record retention and disposal policy, which is subject to the Public Records Act 2005.
We are committed to providing you with excellent and timely service, and welcome your feedback – whether positive or negative – on our service.
You can also lodge a complaint with the Ombudsman or Privacy Commissioner.