Stats NZ Integrated Data Commons information, privacy, security, and confidentiality policy

The Integrated Data Commons is led by the Community and operated in partnership with Stats NZ. This policy guides our work with data and information.

Information, privacy, security, and confidentiality (IPSaC) policy statement

All users have a responsibility to:

  • practise good data and information management
  • respect the privacy of personal information collected and held by Stats NZ
  • protect the security of ID Commons users, Stats NZ people, information, and other assets
  • protect the confidentiality information about both individuals and organisations.

ID Commons administrators and moderators, along with Stats NZ, have a responsibility to lead a culture and encourage practices that enable ID Commons users to fulfil these responsibilities.

Policy rationale

Stats NZ is responsible for compliance with its legislated and other mandatory obligations including under the Data and Statistics Act 2022, the Public Records Act 2005, the Privacy Act 2020, the Official Information Act 1982, the Protective Security Requirements (PSR), and the New Zealand Information Security Manual (NZISM).

Stats NZ aspires to model best practice in these areas, rather than mere compliance. Through transparency about our behaviour and demonstrating our stewardship, we foster public trust and confidence in our work and government more generally.

Definitions

Data and information management is a comprehensive collection of practices, concepts, procedures, processes, and a wide range of accompanying systems that allow for Stats NZ to gain control of its data and information.

Privacy is a person’s ability to control the availability of data about themselves.

Security is how an organisation protects its people, information, and assets from harm and builds resilience.

Confidentiality is the protection of data from, and about, individuals and organisations; and how we ensure that data is not made available or disclosed without authorisation.

No sensitive information should be shared

The Integrated Data Commons is a community designed for knowledge sharing and collaboration around integrated data research in Aotearoa. Because many community members work with sensitive information inside Stats NZ Data Labs, information privacy must be front-of-mind and taken very seriously.

All community members play a role in maintaining information privacy.

The following types of information may not be shared in the Commons:

  • No microdata or specific identifiers should be shared.
  • No Data Lab research results, findings, or code should be shared that have not been output-checked.
  • No other information should be shared that would not survive the Data Lab output checking process.
  • No code or sensitive information from Data Lab computers should be transcribed or captured and shared as images.

During registration you are only asked to provide your first name, surname, organisation, and organisational email. Your email will not be visible to other users on the forum. Please do not post, share, or refer to any other personal information while on the platform, including your own personal information or others’ personal information.

Personal information that should not be posted includes:

  • Home address
  • Phone numbers
  • Personal emails
  • Dates of birth
  • Car registration plates
  • Phone number prompts (eg. 021, 022, 027)
  • Email prompts (@gmail, @yahoo, @hotmail)

If you see personal information posted by others, even if you cannot confirm it, please flag this for moderation.

Please ensure you are only accessing the site and browsing on it for your specific work purpose, please do not use the information on this site for personal reasons.

If you are unsure, please email admins.idcommons @stats.govt.nz.

If you spot a possible privacy breach, report it

If you spot a post that may not comply with the privacy rules outlined above or may constitute a privacy breach, please use the flag icon at the bottom of the post to report it to a moderator. Pay special attention to attempts to post sensitive content by uploading screenshots.

If you do not see a flag at the bottom of the post, click the three dots to expand the options. In the pop-up that appears, select ‘It’s Inappropriate’ then click “Flag Post” – this will temporarily remove the post from the Commons while it awaits moderator review and action.

Please note that:

  • In order to maintain information privacy and the integrity of this community, administrators and moderators reserve the right to remove any posted content, and administrators reserve the right to remove any user account, for any reason and at any time.

  • New posts are not previewed by moderators or administrators before they go live. As such, it is the responsibility of every member of the community to ensure the content they post meets the guidelines.

Roles and responsibilities

All ID Commons users should uphold the responsibilities described above. Users are expected to report breaches, incidents, and near misses.

What information do we collect?

We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.

When registering on our site, you will be asked to enter your name and e-mail address. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address. Your email address will not be visible to other users.

When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

  • To personalize your experience — your information helps us to better respond to your individual needs.
  • To improve our site — we continually strive to improve our site offerings based on the information and feedback we receive from you.
  • To improve customer service — your information helps us to more effectively respond to your service requests and user support needs.
  • To send periodic emails — The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our site and not to information collected offline.

Your Consent

By using our site, you consent to our web site privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

This document was last updated 17 March, 2023.