This transparency statement explains how we collect, use and share information gathered about individuals or entities (directly or indirectly) associated with regulatory compliance, law enforcement and security functions.
This may include:
- regulatory non-compliance (e.g. the Community Housing Regulatory Authority’s regulation of Community Housing Providers); or
- threats to the physical security of staff, or the security of HUD’s information or places (e.g. a physical security breach, web-hacking).
We take care to exercise our information gathering powers appropriately and meet our obligations under the Privacy Act 1993, State Sector Code of Conduct, HUD’s Code of Conduct, New Zealand Bill of Rights Act 1990, Search and Surveillance Act 2012, and relevant HUD policies and procedures at all times.
Any such information gathering must be approved according to our internal authorisation process. That process, and the related activities, are regularly reviewed to ensure compliance with the law, our internal policies, and our risk management requirements.
This statement applies to information gathered by us, our contractors, or any other third parties engaged by us. We require any third party that is carrying out information gathering on our behalf to comply with the obligations of HUD employees.
What information is covered by this statement, and why do we collect it?
This section explains how we collect, use and share information when we are carrying out the functions above such as considering and investigating compliance breaches and initiating our own investigations or inquiries.
Our legislation empowers us to require provision of the information we need to give effect to that legislation and ensure compliance, as well as carry out investigations and inquiries where we believe people or organisations may be in breach.
We are also required to protect that information and only disclose what we consider is necessary to give effect to our legislated responsibilities.
Information collected directly
Most of the information we collect is provided directly by people or entities, or an authorised representative, as a requirement to fulfil statutory obligations and according to our powers as a regulator.
However, where we require information that is relevant to us considering and investigating compliance breaches, complaints, and initiating our own investigations or inquiries under legislation, we may gather information from people or entities using statutory powers.
Information collected from another person or agency
This may include us receiving or requesting information from other people or agencies. Any such information will be gathered in accordance with the relevant legislation and any information sharing agreements, memoranda of understanding (MOUs) or similar. We will take all practicable steps to verify information received from third parties.
We may also collect publicly available information– for example media reports – where this would assist us in carrying out any of our functions, including to verify information that is collected by other means.
Collection by third parties
Where information gathering requires specialist capability that we don’t have within our organisation, we may engage a third party to collect information for us. Such information gathering (including about individuals) is subject, among other things, to standard legal limits relating to privacy, access to private property, and the privacy/security of communications between individuals.
What do we do with it? Do we share it?
How we use it
In order to carry out our compliance functions, we may use the information we hold for audit or monitoring purposes. Where we identify the need to use the information, further consider or investigate compliance breaches, or complaints, or initiate our own investigations or inquiries, we will only do so if required or permitted by law, or with your authorisation.
When we share it
We may share information where necessary to properly carry out our functions. This information will be shared in accordance with the relevant legislation and any information sharing agreements, MOUs or similar with the other agency. This may include when we are considering and investigating compliance breaches, complaints, and initiating our own investigations or inquiries. We will take all practicable steps to verify information provided to third parties.
We may, for example, share information with:
- another regulator, oversight agency, or complaints body
- the other party to a complaint, for the purpose of investigating and resolving the complaint
- anyone we believe could provide information that is relevant to whether to investigate a complaint, or to an investigation or inquiry, including witnesses to complaint matters
- the Police or another government agency, if required by law (for example to assist with the investigation of a criminal offence), or to report significant misconduct or breach of duty or where there is a serious threat to health or safety.
If our staff are threatened or abused, or information appears to us to have been gathered unlawfully, we may refer this to the Police.
How will we protect it?
Enquiries and complaints
If you have any enquiries about our information gathering activities, or believe we have not acted in accordance with this statement, you should contact us at the following address:
HUD Privacy Officer, Ministry of Housing and Urban Development
PO Box 82, Wellington 6140
Published: September 12, 2019