What agencies must do with your personal information (IPP 4 – 7)
Once an agency has collected personal information, it must:
- Store it safely and secure it from loss, unauthorised access, use, modification, disclosure or any other misuse. Rules around the storage and security of personal information are set out in Information Privacy Principle 4 (IPP 4).
- Accept requests for access to, and amendment of, personal information, under IPP 6 and IPP 7.