We’ve created an online enrolment service that lets you enrol online using your New Zealand driver licence, passport or RealMe verified identity. To make sure our new service keeps your personal information secure, we did a privacy impact assessment (PIA). This document summarises our assessment and explains how our service will affect your privacy.
The purpose of our PIA is to:
- identify the privacy risks of our service collecting your enrolment information and confirming your identity
- consider the changes to what personal information we collect and the way we use, keep or dispose of your personal information through our new service
- make sure our new service meets privacy obligations under the Privacy Act 1993 and Electoral Act 1993
- let us build privacy protections into our service to minimise privacy risks.
We based our PIA on the Privacy Act’s 12 privacy principles, which set out how organisations should handle personal information. We also worked with the Office of the Privacy Commissioner and followed their PIA guidelines.
Privacy principle 1 is about the purpose for collecting personal information. It says to only collect personal information if we need it.
We need the personal information that our service collects to enrol you to vote or update your enrolment details.
We collect some personal information to confirm you can enrol
We collect your name, address, date of birth and Māori descent information. Under the Electoral Act, we need this information to confirm if you can enrol to vote.
We need more information if you’re overseas
If you want to enrol to vote from overseas, we collect your citizenship or permanent resident status, and the date you were last in New Zealand. We need this information to confirm whether you can enrol to vote, based on the time since you were last in New Zealand.
We collect your contact details so we can stay in touch for electoral purposes
We collect email addresses and phone numbers so we can contact you for electoral purposes. These purposes include confirming we’ve got your application and getting in touch if there are any issues with your application.
Using email allows us to notify you quickly. Email notification will be especially helpful if you enrol or update your details after writ day and may not get an EasyVote pack (a pack of information about voting).
Privacy principle 2 is about the source of personal information. It says to get personal information directly from the people concerned whenever possible.
Our service always collects personal information directly from the person the information is about. We used the Department of Internal Affairs’ (DIA) evidence of identity risk assessments to help us work out how to be sure the person giving us the information is who they say they are.
We use driver licences or passports to confirm your identity
We mitigate any risk of someone else taking your identity by needing you to give us your:
- New Zealand driver licence or passport details
- consent to use your driver licence or passport details to confirm your identity.
When you apply to enrol, you can’t edit the name or date of birth you give us to confirm your identity.
Nobody can confirm their identity with a driver licence or passport that someone has reported as lost or stolen.
We match your driver licence or passport details to make sure they’re correct
To check that your driver licence or passport details are correct, we match them against the New Zealand Transport Agency (NZTA) database or the DIA database. We’ve entered confirmation service agreements with DIA and NZTA for this information matching.
Matching driver licence details with NZTA
When we match your driver licence details with NZTA, we get a ‘Yes’ or ‘No’ response. We need a ‘Yes’ to confirm your details are accurate and valid. To get a ‘Yes’, the system checks:
- that the licence number and version number you give us exactly match the driver licence register
- for an exact match of your first name, surname, and date of birth.
Matching passport details with DIA
When we match passport details with DIA, we get a ‘consistent’, ‘not consistent’ or ‘exception’ response. We need a ‘consistent’ to confirm your details are accurate and valid. To get a ‘consistent’, the name, date of birth and date of expiry that you give us need to exactly match DIA’s passport data.
We only keep your name and date of birth
If we get a successful match, we keep your name and date of birth as the basis of the information you need to enrol or update online. We don’t capture or keep any other details from your driver licence or passport.
Privacy principle 3 says to tell people what personal information we’re collecting, what we’ll do with it, whether it’s optional and the consequences if they don’t provide it.
We’ve made sure our service is clear about the information it collects from you.
We have a privacy statement
Our service includes a privacy statement that you can read before you complete an application. The statement tells you:
- what information we’re collecting
- why we’re collecting the information
- who will see the information
- how you can access and correct your information.
We tell you what’s compulsory and what’s optional
Our service clearly tells you what information you have to give us, and what is optional. You won’t be able to continue enrolling until you complete compulsory fields, such as name, home address, and date of birth. You will be able to continue without completing the optional fields such as title, occupation and postal address.
To use our new service, you must give us your email address and at least one contact phone number. You can use a paper form if you don’t want to give us your email address and phone number.
Privacy principle 4 is about how you collect personal information. It says to be fair and not too intrusive.
We collect your personal information for enrolment purposes according to the requirements of the Electoral Act. Our service collects personal information in a way that’s lawful, fair and not too intrusive.
If you don’t want to use our online enrolment service, you can use a paper form to enrol or update your details.
Privacy principle 5 is about storing and securing personal information. It says to protect information from loss or misuse.
We’ve taken several steps to make sure our new service keeps your personal information secure.
We have certified and accredited security
We’ve had our service formally certified and accredited to make sure we’re managing information security risks and we have suitable controls in place. To get our certification and accreditation, we had our security independently tested and controls independently audited.
Some of the controls we have are:
- physical security
- transport layer security
- intrusion detection
- incident response procedures.
We have a culture of privacy
Our code of conduct requires our staff to take proper care when using, exchanging, storing, disclosing, and disposing of personal information. Staff must make sure personal information stays secure, and they can only use it for its intended purpose.
We have audit processes in place to let managers review staff access to the enrolment management system. When we work with external IT providers, they must follow confidentiality clauses in contracts. We give privacy guidelines and training to our staff and contractors.
Our online services can’t access the unpublished roll
Nobody can access personal information on the unpublished roll through the Check-it or digital enrolment services.
We hide some non-essential information
When you update your enrolment information, our service partially hides personal information you don’t need to enter for your application, such as your phone number and email address.
We keep our Check-it service secure
We provide a Check-it service that you can use to look up your own enrolment details on our website. To keep personal information safe, the Check-it service only confirms whether information you enter matches what we have on record. We monitor how people use the service and have processes in place to make sure nobody uses it for any other purposes.
Privacy principle 6 is about access to personal information. It says to let people see their personal information if they want to.
There are several ways you can access the personal information our service holds about you.
You can check your enrolment information online
Our online enrolment service lets you see the personal information we hold in your enrolment record. You can also use our Check-it service to enter your name, date of birth and address and confirm this information matches your record.
You can visit us in person to see your enrolment application
Under the Electoral Act, you can inspect your application to enrol to vote, for free. To do this, visit our offices at any time between 9am and 4pm on any day our offices are open for business.
You can ask us for the personal information we hold about you
You can contact us and ask to access the personal information we hold about you. We’ll refer your request to our privacy officer, who will treat it according to the Privacy Act.
Privacy principle 7 is about correcting personal information. It says people can correct personal information if it’s wrong.
You can go online to correct the information we hold about you, or you can contact us.
You can correct your information online
You can use our online enrolment services to update your details if you can find yourself with our Check-it service.
You can ask us to correct your information at any time
You can contact us at any time to ask us to correct personal information you believe is wrong.
Privacy principle 8 is about the accuracy of personal information. It says to make sure personal information is correct, relevant and up to date before we use it.
We regularly check to make sure the personal information we hold is accurate.
We check the accuracy of your enrolment application
When you enrol to vote, we take several steps to make sure the information you give us is correct, including:
- cross-checking your name, date of birth and address to make sure we don’t copy a record
- checking your application against any previous enrolment records, if you have any
- checking your address against data from Land Information New Zealand, local councils, or postal addresses
- checking your details against Immigration New Zealand’s list of people who aren’t eligible to enrol
- auditing and reviewing your application for accuracy.
We keep in touch with you to make sure your information is correct
Once you’re enrolled, we regularly contact you to give you the opportunity to check your information. We contact you:
- after we process your application to enrol
- in response to any applications to update your enrolment information
- as part of our campaigns to encourage people to update their details before elections.
We have a limited ability to check phone numbers and email addresses
We have a limited ability to confirm phone numbers and email addresses, and we recognise that more than one person can share both contact methods. So we only use text messaging for general communication, and don’t include personal information in text messages.
We research the accuracy of the roll
Every 3 years, we independently research and report on the accuracy of the electoral roll.
Privacy principle 9 is about keeping personal information. It says to only keep personal information for as long as we need it.
Under the Electoral Act, we must keep your enrolment records for at least two general elections. We can your keep an enrolment application for as long as we need it. How long we need an application for mainly depends on how often you change your details.
We’ll be reviewing our policy for keeping and disposing of data to make sure we securely dispose of data once we no longer need it.
Privacy principle 10 is about using personal information. It says to only use personal information for the purpose we collected it for.
We only use your electoral information for electoral purposes under the Electoral Act and Local Electoral Act. These purposes are:
- maintaining the electoral rolls
- running general elections, by-elections and referendums
- giving roll data to local councils so they can run local elections.
If we start sending enrolment and voting information by email, we’ll consider a second level of privacy protection and consult with the Office of the Privacy Commissioner. All our emails would include options to let you unsubscribe.
Privacy principle 11 is about sharing personal information. It says to only share personal information if we’ve got a good reason.
The law requires us to give lists of people who are enrolled to vote to certain people and organisations when they ask for them.
Our privacy statement tells you who we share your information with
Our privacy statement tells you who we’ll share your personal information with, and why. Some of your personal information goes on the electoral rolls, which are public.
These people and organisations can get lists of people who are enrolled to vote:
- the Tūhono iwi affiliation service
- local councils
- the Ministry of Justice for jury lists
- political parties, candidates and MPs
- state sector organisations.
You can only use our services to access your own information
You should only use our services to access your personal information. We don’t let anyone access or update another person’s online enrolment record.
Before you can enrol or update your details, you must either:
- verify your identity
- use your RealMe login and password after previously registering for our online update service.
Privacy principle 12 is about using unique identifiers. It says to only assign unique identifiers where allowed.The Electoral Act lets us create unique identifiers for people who enrol to vote.
We create Person ID for you
When you enrol to vote, we create a Person ID for you. We don’t show Person IDs on our online enrolment services or the printed electoral rolls. Under the Electoral Act, we give Person IDs to candidates, parties and MPs. We don’t give them to researchers or local authorities.
We don’t keep your driver licence and passport numbers
We don’t keep the driver licence and passport numbers we use to confirm your identity.