As employers collect and manage increasing amounts of personal information, workplace privacy has become a growing concern. Employees are often unsure what information an employer can lawfully collect, how it may be used and what protections apply.
In New Zealand, workplace privacy is primarily governed by the Privacy Act 2020 (the Act), alongside common law principles and the right to be free from unreasonable search and seizure under the New Zealand Bill of Rights Act 1990.
The Privacy Act 2020
The Act applies to both public and private sector employers. It regulates how personal information is collected, used, stored, protected, and disposed of. Its purpose is to promote and protect individual privacy while recognising that information is often required for legitimate business purposes.
The Act contains 13 Information Privacy Principles, which provide a flexible framework designed to apply to a wide range of situations, including employment relationships.
What is personal information?
Personal information is any information about an identifiable individual. In the employment context, this can include names and contact details, payroll and bank information, medical and leave records, performance documentation, work emails, swipe card data and information generated by company devices.
If an employer collects, holds, or uses this information, the Act will apply.
What employers need to do
Employers are entitled to collect personal information for legitimate purposes such as recruitment, payroll, performance management and health and safety.
However, they must do so in a way that is lawful, fair, and transparent. In practice, this means ensuring that personal information is:
- collected for a clear and lawful purpose
- collected and used with the employee’s knowledge, and consent where required
- stored securely and accessed only by authorised staff
- kept only for as long as it is needed
- used only for the purpose for which it was collected.
Employers must also act in good faith, which requires open communication and consideration of employee interests when making decisions about collecting or using personal information.
Monitoring and surveillance
Some employers monitor workplace activity to protect security, meet compliance obligations, or manage systems and resources. This may include CCTV, monitoring of work email and internet use, or GPS tracking of work vehicles.
Such monitoring is not unlawful in itself, but it must be reasonable, proportionate and transparent. Employees should generally be informed about what monitoring occurs, why it is necessary and how the information will be handled. Covert monitoring carries a much higher legal risk, particularly where less intrusive options are available.
Employee rights
Employees are entitled to access their personal information and to request corrections if it is inaccurate. They can also question how their information is being used and raise concerns if they believe their privacy has been breached.
Why it matters
Workplace privacy is not just a compliance issue. Respectful and transparent handling of personal information helps build trust and supports positive employment relationships. Employers who take privacy obligations seriously reduce legal risk and foster a stronger workplace culture.
For guidance on workplace privacy obligations or the lawful handling of employee information, please reach out to our specialist Employment Law team for advice on ensuring your practices are compliant and fit-for-purpose.
