Personal information must be protected against loss, access, use, modification, unauthorised disclosure, and other misuse by such security safeguards as are reasonable in the circumstances. If personal information is given to a third party in connection with NZMT’s business, it must do everything reasonably within its power to prevent unauthorized use or disclosure of the information.

Upon request, an agency must provide an individual confirmation of whether it holds personal information about them, and access to that information, unless an exception applies. If access is granted to the personal information under IPP6, the individual must be informed of their right to correct the information under IPP7.

An individual whose personal information is held by an agency is entitled to request that the agency correct the information. Requirements and exceptions apply to the process of correction.