Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Your rights

Print | Email this page

Protect your personal information

An older woman with short grey hair in a pixie cut looks at her smartphone. She is facing sideways to the camera and wearing a floral shirt and brown cardigan. In the background is her laptop. We can see that she is outside. When personal information gets stolen it’s often sold to malicious actors on the dark web. They might use it to steal your identity or defraud people. Here’s some actions you can take to help keep your personal information safer.

Secure your online spaces and places 

Use strong passwords and keep them safe

Create unique, long, and complex passwords for each account you have and then keep them safe. Password managers are a way to manage many passwords and there are free options available. Smartphones sometimes have password managers built in. 

You can store your passwords for everything in a password manager and your accounts will be more secure than they would be if you used the same password for everything. This is more secure than a notebook of passwords beside your computer. 

Another benefit of a password manager is that it will often generate a long and complex password for you.

Use multi-factor authentication (MFA)

Multi-factor authentication (sometimes called MFA or 2FA) is a second way of confirming it’s you when you log in using your password. If you have the option, use it because it adds a layer of security to your account.

Use security software

Use security software, like an antivirus product, to protect your devices and accounts. Make sure to run your updates when you’re notified about them.

Review your privacy and security settings

Take time to review how your privacy settings are set up on your devices and web services. You might not realise you’re giving certain permissions to the service you’re using. You can be more privacy protective if you adjust your settings to limit how you’re sharing, and who you’re sharing with.

Be aware so you can protect yourself

Know your rights

Every New Zealander regardless of their age or circumstance has privacy rights. Know what’s allowed under the Privacy Act so that you can advocate for yourself and your whānau.

Ask why, how, and who if you're asked to share personal information

When someone asks for your information, stop and think about whether they need it. If you’re signing up for a newsletter then you might need to share your email address but it’s unlikely they should need your home address. It’s okay to question why people are asking for certain information and to say no if you don’t want to hand it over. Consider the situation you’re in and whether the request for information seems reasonable. For example, someone collecting for charity doesn’t need to know your income, but your bank manager likely does if you’re applying for a mortgage. 

You can often find out what a company, service provider, or other agency collects and what it will use it in their privacy policy

Check whether your password has been in a data breach

Checking your email address at Have I been Pwned? will tell you whether it’s been in a data breach. If your email has been compromised, then change your passwords.

Know what to do if you’ve been scammed

Scamwatch has help on protecting yourself from scams. If your name and contact details were involved in a data breach, a scam email might be personalised and address you by name.

Be savvy to protect yourself

Scammers spend a lot of time and money trying to get your personal information. Here’s some things you can do to try and stop them:

  • Don’t open attachments or click on links in emails, text messages, or social media messages from strangers or if you’re unsure that the sender is genuine. If your name and contact details were involved in a data breach, then a scam email might be personalised and include your name.
  • Don't use public Wi-Fi to enter sensitive information like financial details.
  • If someone calls you and claims to be from an organisation or agency, you can always pause, tell them you’ll call them back, and then phone them using the number publicly listed on their website.
  • If a person on a call is asking for more information than you want to give, or if you feel it’s suspicious, then it’s always okay to hang up.

If you are affected by a privacy breach

You may hear directly from an organisation that they have had a privacy, security or data breach, or see in the media that an organisation you have given your details to has been breached. There are steps you can take to minimise the risk of harm from the breach.

  • If your credit card or anything related to your bank has been affected, freeze your cards and accounts immediately and contact your bank about next steps.
  • Issues with driver licenses should be referred to Waka Kotahi while passport problems should be managed by contacting the Department of Internal Affairs.
  • If your email address was shared, you should change all the passwords for the accounts you have linked to that email address and alert your provider. You might start noticing spoofed emails as well.

If you feel you've been harmed as a result of a privacy breach, we may be able to help. Read information on making a complaint to the Privacy Commissioner.  

You can also contact New Zealand’s national identity and cyber support community service IDCARE on 0800 121 068. 

Back to top