EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >New Zealand|
Article 21 of the New Zealand Bill of Rights Act 1990 states "Everyone has the right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence or otherwise." The New Zealand Court of Appeal has interpreted this provision in several cases as protecting the important values and interests that comprise the right to privacy.
New Zealand's Privacy Act of 1993 came into force on July 1, 1993, and has been amended several times. It regulates the collection, use and dissemination of personal information in both the public and private sectors. It also grants to individuals the right to have access to personal information about them held by any agency. The Privacy Act applies to "personal information," which is any information about an identifiable individual, whether automatically or manually processed. Recent case law has held that the definition also applies to mentally processed information. The news media are exempt from the Privacy Act in relation to their news activities.
The Act creates 12 Information Privacy Principles generally based on the 1980 Organization for Economic and Cooperation Development (OECD) Guidelines and the information privacy principles in Australia's Privacy Act 1988. In addition, the legislation includes a new principle that deals with the assignment and use of unique identifiers. The Information Privacy Principles can be individually or collectively replaced by enforceable codes of practice for particular sectors or classes of information. At present, there are three complete sector-specific codes of practice in force: the Health Information Privacy Code 1994, the Telecommunications Information Privacy Code 2003, and the Credit Reporting Privacy Code 2004 (which came into full effect on April 1, 2006). There are several codes of practice that alter the application of single information privacy principles: the Superannuation Schemes Unique Identifier Code 1995, the Justice Sector Unique Identifier Code 1998, and the Post-Compulsory Education Unique Identifier Code 2001. In addition to the information privacy principles, the legislation contains principles relating to information held on public registers; it sets out guidelines and procedures in respect to information matching programs run by government agencies, and it makes special provisions for the sharing of law enforcement information among specialized agencies.
The Broadcasting Act of 1989 requires broadcasters to maintain standards that are consistent with "the observance of good taste and decency . . . the maintenance of law and order and the privacy of the individual." It establishes a Broadcasting Standards Authority (BSA) to oversee enforcement and to rule on complaints. The BSA has ruled on several privacy cases. Recently, particular controversy surrounded several television broadcasts that unreasonably intruded on the privacy of children. In March 1999, one program, widely publicized in advance, revealed the results of a DNA paternity test live on TV with mother, father and young child present. The Broadcasting Amendment Act of 2000, which came into effect on July 1, 2000, empowers the BSA to encourage the development and observance by broadcasters of codes of broadcasting practice in relation to the privacy of the individual. In August 2006, the Broadcasting Standards Authority issued an Advisory Opinion amending its Privacy Principles; these principles are taken into account by the Authority when considering privacy complaints.
The Crimes (Intimate Covert Filming) Amendment Act 2006 came into force on December 5, 2006. The Act amends the Crimes Act 1961 by creating three new offense provisions relating to the making of intimate visual recordings, the possession of intimate visual recordings, and the publishing, import, export, or sale of intimate visual recordings. The legislation is aimed at the surreptitious visual recording of another person in intimate circumstances without the person's consent or knowledge and in circumstances that the person would reasonably expect to be private (such as secret recording with a mobile phone camera of people undressing in a locker room). This legislation follows on from recommendations made by the Law Commission in 2004.
The Office of the Privacy Commissioner is an independent oversight authority that was created prior to the Privacy Act by the 1991 Privacy Commissioner Act, which focused on the supervision of information matching among government departments. The Privacy Commissioner oversees compliance with the Privacy Act 1993, but does not function as a central data registration or notification authority. The Privacy Commissioner's principal powers and functions include promoting the objects of the Act, monitoring proposed legislation and government policies, dealing with complaints at first instance, approving and issuing codes of practice, and authorizing special exemptions from the information privacy principles, and reviewing public sector information matching programs.
Complaints by individuals are initially filed with the Privacy Commissioner, who then attempts to conciliate the matter. A total of 636 formal complaints were received during the 2005-2006 fiscal year, compared to 934 in the 2003-2004 fiscal year. The Privacy Commissioner’s Office attributes the continuing downward trend in the number of formal complaints registered to proactive handling of complaints – encouraging early action and self-resolution - and more targeted privacy training. The Commissioner regards the power to investigate and to require answers during investigations as "a vital element" in securing such a high conciliation rate. When conciliation fails, the Director of Human Rights Proceedings or the complainant (if the Director of Human Rights Proceedings is unwilling) can bring the matter before the Human Rights Review Tribunal, which can issue decisions and award declaratory relief, issue restraining or remedial orders, and award special and general damages up to NZD 200,000 (~USD 115,000).
The Office of the Privacy Commissioner issued its first Statement of Intent on July 31, 2006. The purpose of this Statement is to set out the medium term intentions and undertakings of the Office of the Privacy Commissioner for the period 2006/07 and its direction to 2009/10, and thereby promote its public accountability. Specific goals include: aligning New Zealand’s privacy standards with international requirements; continuation of public outreach and education; and further review and amendment of privacy legislation and codes.
A landmark Employment Court ruling in April 2004 gave Air New Zealand the right to conduct random drug tests on its workers in "safety-sensitive areas." This was the first comprehensive decision on the issue in New Zealand. While the court ruled that the national airline may not impose random tests for drugs or alcohol across its workforce, it may undertake random testing of workers in certain circumstances: in safety sensitive areas; to carry out pre-employment testing of workers before they join the company; testing of workers whose behavior suggests they have taken drugs; and workers involved in an accident or near-miss.
In 2005, the New Zealand Court of Appeal rejected broadcaster Mike Hosking's complaint of breach of privacy over the intended publication of photographs taken of his twin baby daughters on a public street. However, while the Court of Appeal unanimously dismissed the Hoskings' appeal on the basis that the facts as alleged did not amount to a civil wrong, the majority of the Court accepted the existence of an interference with privacy tort, and set out two fundamental requirements for a successful claim: the existence of facts in respect of which there is a reasonable expectation of privacy; and publicity given to those private facts that would be considered highly offensive to an objective reasonable person.
The New Zealand Court of Appeal considered the countervailing interests of privacy and freedom of information in two separate 2006 cases. In Mafart and Prieur v. Television New Zealand Limited, the Court of Appeal affirmed the High Court’s authorization of Television New Zealand to search and copy videotapes, taken at the time of the appellants' committal and guilty pleas, under the Criminal Proceedings (Search of Court Records) Rules 1974. The Court determined that the strong public interest in the subject matter of the tapes (the sinking of the ship Rainbow Warrior), the lack of harm to the appellants, and the appellants’ prior agreement to the tapes becoming part of the official Court record provided no justification for the court to “exercise a quasi-censorship function”. The Supreme Court declined leave to appeal.
In the second case, Television New Zealand Limited v Rogers, the Court of Appeal overturned a High Court injunction against broadcasting a videotape that depicted the respondent participating in a reconstruction of a high-profile murder in respect of which he was in due course acquitted.  Although the High Court found that the broadcast would have given rise to an unlawful interference with his privacy, as the tort was recognized Hosting, the Court of Appeal regarded the balancing of the legitimate public concern against the respondent's right to privacy as a matter of proportionality. Since the privacy value of the facts in issue was at the lower end of the scale, the Court considered the degree of legitimate public concern necessary to establish a defence to the invasion of privacy would also be at the low end of the scale. When the videotape was made, the respondent must have had the understanding and expectation that its contents would be made public in the context of the criminal proceedings. Leave to appeal from this decision was granted by the Supreme Court.
The principles in Hosking and in Television New Zealand Ltd v Rogers were applied in Andrews v Television New Zealand Limited, where the High Court dismissed the plaintiff couple's claim of unlawful invasion of privacy for broadcast of a car accident scene in which the plaintiffs were trapped in their vehicle for a considerable period of time. The programme in which the plaintiff's predicament was broadcasted appeared some months afterwards, and it was broadcasted without their consent and without prior notification to them.
The Criminal Investigations (Blood Samples) Act of 1995 authorized the establishment of a national DNA databank. Police are required to obtain an order from a High Court judge before a compulsory test can be conducted, and they can take samples only from suspects of violent crimes and convicted burglars. Voluntary samples from anyone can be included in the databank. In October 2000, police were ordered to reduce the number of voluntary DNA samples due to budgetary concerns. By 2002, however, it was reported that police were being advised to increase this number again and to try to obtain voluntary samples from anyone arrested with a prior criminal record. As of June 2006, the total number of DNA profiles stored in a DNA databank in New Zealand was 63,572. Of these, 53,623 were obtained by consent and 9,949 were obtained by compulsion notices or orders. By contrast, in June 2004, the total number of DNA profiles stored in the national database was 42,844 (up from 33,892 in 2003). Of these, 36,439 were obtained by consent and 6,239 were obtained by compulsory order. In May 2002, a new NZD 3,000,000 (~USD 2,000,000) laboratory was opened in Auckland for the purpose of forensic DNA testing. Testing is carried out by the New Zealand Government-owned Institute of Environmental Science and Research (ESR).
In February 2006, a Memorandum of Understanding between the Ministry of Health and the New Zealand Police relating to the disclosure of newborn blood spot samples and related information (also known as "Guthrie" cards) came into effect. The card holds both the blood spot sample and identifying details relating to the newly born (name, date of birth, place of birth, birth mother's name, National Health Index number, sex, birth weight, lead maternity carer's name, registration number and contact details). Guthrie cards have been used by the Police only once or twice a year to identify dead or missing persons. This is done mainly with parental consent (for example, where a child dies in a house fire). The Guthrie cards are only used as a last resort where all other means for identifying the person are not practicable or have failed. The Memorandum acknowledges that the blood spot card and information is collected for health purposes only. Any use of the blood spot card for any non-health related purpose is exceptional, and the Police should have recourse to the blood spot cards and associated information only rarely, and as a last resort.
The Privacy Commissioner has proposed amendments to the Health Information Privacy Code 1994. One proposed amendment would allow health practitioners to disclose patients’ genetic information to genetic relatives if the “disclosure is necessary to prevent or lessen a serious threat to the life or the health” of the relative. The amendments are currently in public consultation, and are expected to be implemented sometime in 2007.
The New Zealand Crimes Act and Misuse of Drugs Act govern the use of police interception powers. Interception warrants authorize not just the interception of communications but also the placing of listening devices. A judge authorizes warrants where there are reasonable grounds to believe that certain offenses have been committed or are being contemplated. Emergency permits may be granted for the bugging of premises and, following the 1997 repeal of a prohibition, for telephonic interceptions. Those who disclose the contents of illegally intercepted private communications face two years in prison. However, those who disclose the contents of lawfully intercepted private communications are merely liable for a NZD 500 (~USD 290) fine.
In 2005-2006 the New Zealand police sought, and were granted, 60 interception warrants under the Misuse of Drugs Act. Four renewed interception warrants were sought and granted under the Act. Under the Crimes Act, 18 interception warrants were granted and one renewal was sought. By contrast, in 2004-2005 the police sought and obtained 27 (new and renewed) interception warrants under the Misuse of Drugs Act and 15 (new and renewed) interception warrants under the Crimes Act. One emergency permit was granted under the Crimes Act. In 2005-2006, a total of 235 warrants (new and renewed) were obtained under the Telecommunications Amendment Act 1997; 210 warrants were obtained in 2004-2005 and 93 warrants were obtained in 2003-2004 for obtaining call data analyzers (pen registers and trap-and-trace devices that obtain call information but not the contents of communications).
The New Zealand Security Intelligence Service (NZSIS), established under the New Zealand Security Intelligence Service Act of 1969, is also permitted to carry out electronic interceptions. The NZSIS has a staff of 150 full-time equivalents (up from 145 and 132 respectively from the previous years) and an annual budget of NZD 23 million (~USD 16,777,000). The majority of its work is devoted to threats to national security. The Act was amended in 1999 to allow for the NZSIS to enter premises to install wiretaps following a Court of Appeal case that prohibited the entering of premises without a warrant. The amendment also created a "foreign interception warrant." Another amendment created a Commissioner of Security Warrants to jointly issue warrants with the Prime Minister. The Minister in Charge of the NZSIS is required to submit an annual report to the House of Representatives. During the year ending June 2006, the Minister reported that 22 domestic interception warrants were in force. Of these, 13 were new interception warrants and nine were carried over from the previous year. The average length of time that these warrants were in force was 140 days. According to the Minister's report, "the methods for interception and seizure used were listening devices and the copying of documents." The report also stated that foreign interception warrants were in force during the year but does not give any statistics for these warrants. Issues investigated during the 2005-2006 fiscal year included the following: activities in New Zealand of a foreign national assessed to be a close associate of
Islamic extremists in a foreign country; activities of individuals within New Zealand assessed as being Islamic extremists; links between individuals in New Zealand and international extremist organizations; individuals in New Zealand seeking to raise funds for terrorist organizations; covert activity in New Zealand on the part of foreign intelligence services; and links to and activities in support of weapons of mass destruction programs abroad.
One agency not governed by the restrictions imposed on law enforcement and the NZSIS is the Government Communications Security Bureau (GCSB), the Signals Intelligence (SIGINT) agency for New Zealand. The GSCB was established by Executive Authority in 1977 and focuses on foreign intelligence. Operating as a virtual branch of the US National Security Agency, this agency maintains two intercept stations at Waihopai and Tangimoana. The Waihopai station routinely intercepts trans-Pacific and intra-Pacific communications and passes the collected intelligence to NSA headquarters. David Lange, a former Prime Minister of New Zealand, said that he and other ministers were told very little about the operations of GCSB while they were in power. Of particular interest to GCSB and NSA are the communications of the governments of neighboring Pacific island states. GCSB was specifically exempted from the provisions of the Crimes Act in 1997.
The Government Communications Security Bureau Act was enacted in 2003. This enactment places the GCSB on a statutory footing. One unit within the GCSB, Centre for Critical Infrastructure Protection, is dedicated to the protection of the nation's critical infrastructure from cyber threats by Internet hackers or computer viruses.
The Government has created major new surveillance powers for these state agencies. The Crimes Amendment Act, overwhelmingly passed by Parliament in July 2003, gives intelligence agencies additional powers to intercept communications, with High Court approval, while also criminalizing similar unauthorized activities as well as the distribution or possession of computer hacking programs. The controversial anti-hacking legislation gives police explicit authority to intercept electronic communications. The new law makes it illegal to intercept, access, use or damage data stored on computers without proper authorization. It also makes the sale, distribution or possession of hacking programs illegal. The Act prohibits the unauthorized interception of electronic communications and makes hacking and denial of service attacks illegal, but would grant exemptions to the police, the NZSIS and the GCSB, allowing them to secretly hack into individuals' computers and intercept e-mail, text messages, and faxes. Police are required to specify a person, place, and specific electronic address, phone number, or similar facility when applying for an interception warrant.
Even more controversial was the Telecommunications (Interception Capabilities) Act 2004, which was enacted on March 31, 2004. Similar to the United States Communications Assistance for Law Enforcement Act (CALEA) of 1994, the legislation requires all Internet Service Providers (ISPs) and telephone companies to upgrade their systems so that they would be able to assist the police and intelligence agencies, including the Government Communications Security Bureau (GCSB) and Security Intelligence Service (SIS), intercept communications. The Act obliges telecommunications companies and ISPs to intercept phone calls and e-mails at the behest of the police and security services. The legislation also requires a telecommunications operator to decrypt the communications of a customer if that operator had provided the encryption facility. It does not require individuals to hand over encryption keys.
Since the terrorist attacks on September 11, 2001, the New Zealand government has been working to strengthen counter-terrorism laws. Before September 11, 2001, New Zealand was a party to only eight of the 12 conventions that the international community had negotiated over the last 30 years. However, according to Foreign Minister Phil Goff, as of December 2003, New Zealand is a party to all 12 United Nations terrorism conventions.
The Terrorism Suppression Act 2002 was enacted on October 17, 2002 to put in place certain measures to combat terrorism, as well as implement New Zealand’s obligations under the Bombings Convention, the Financing Convention, the Anti-Terrorism Resolution, and (as added by the Terrorism Suppression Amendment Act 2003) the Nuclear Material Convention and the Plastic Explosives Convention. The act creates the offense of "terrorist bombing," and contains measures that aim at combating the financing or other support of terrorist acts. The act also provides for the designation of terrorist entities.
In June 2005, the Terrorism Suppression Amendment Act (No. 2) was enacted to update the original 2002 Act in two important respects: to ensure that the designation of terrorist entities under the original legislation does not expire (which would have placed New Zealand in violation of UN Security Council resolutions), and to bring New Zealand law into more complete compliance with Security Council and OECD-based Financial Action Task Force requirements to criminalize the act of providing financial support to terrorist organizations. The legislation also tightens the requirements relating to international and domestic wire transfer of funds and the cross-border transfer of cash by couriers.
New Zealand recently enacted anti-spam legislation, modeled on Australia’s Spam Act 2003. The Unsolicited Electronic Messages Act 2007 received royal assent on March 5, 2007, and comes into force six months after the date of assent. The Act aims to create a safe and secure environment in New Zealand for the use of information and communication technologies by minimizing spam and the costs to the community and business that arise from it. The Act uses an opt-in consent model for commercial messages, and applies to telecommunications services such as email, instant messaging and texting. The Act does not apply to phone calls, VoIP voice calls, or faxes.
The Unsolicited Electronic Messages Act 2007 applies to any commercial message with a New Zealand link sent to an electronic address using a telecommunications service without the consent of the recipient. The legislation requires commercial messages to include accurate information about the person who authorized the sending of the message; mandates a functional unsubscribe function for all such messages at no cost to the recipient; and prohibits address-harvesting software or a harvested-address list from being used in connection with sending unsolicited commercial messages in contravention of the Act.
InternetNZ, a non-profit Internet interest group, created the Anti-Spam Task Force, which counts the New Zealand Direct Marketing Association among its members. The group has met with the New Zealand government, held a conference in November 2003, funded a member to attend the OECD Conference on Spam, and worked with the press. The group encourages all ISPs to refer their customers to their Web site, which includes advice to individuals and businesses, and a discussion of legislative activity in the country. The Internet Society of New Zealand, the Direct Marketing Association, and the Telecommunications Carriers Forum have developed an ISP Spam Code of Practice, which is intended to work in conjunction with the government's legislation in this area. The Code, which applies to email spam, will be implemented as self-regulation or as a voluntary code at the same time as the Unsolicited Electronic Messages Act 2007 comes into force later this year in order to assist direct marketers in complying with the new law. In December 2004, the Telecommunications Carriers Forum adopted the SMS Anti-Spam Code. It has been ratified by Telecom, Vodafone, TelstraClear, TUANZ, WorldxChange, CallPlus, BCL, Vector Communications, and the Direct Marketing Association.
New Zealand is one of several countries involved in negotiations with the European Commission concerning the "adequacy" of its privacy regime in relation to the European Union Data Protection Directive (1995/46/EC). Since 1998 the Commission has been urging the Government to introduce two minor amendments to the Privacy Act in order to secure a finding of adequacy. The first amendment would remove the existing requirement that in order to make an access or correction request, an individual must be a New Zealand citizen or permanent resident, or present in New Zealand at the time the request is made. The second would introduce a limited data export control to regulate the transfer of personal information outside New Zealand. On December 12, 2000, these changes were finally included in the Statutes Amendment Bill and submitted to Parliament. Accordingly, it was expected that these amendments would be approved and enacted without delay. In the fall of 2001, however, one party withdrew its support of one of the amendments. In his annual report for the year ending June 30, 2001, the Privacy Commissioner encouraged "those responsible for the business of the House of Representatives [to] ensure that whatever vehicle these amendments proceed in is given priority." There has been no apparent progress on this issue. The Statutes Amendment Bill has not yet been re-introduced.
In September 2006, the New Zealand and Australian Privacy Commissioners signed an agreement that will allow for cooperation between their offices on privacy-related issues until September 2008. The agreement, modeled in part on the APEC Privacy Framework, OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, and the Asia Pacific Privacy Authorities Forum, covers the sharing of information related to surveys, research projects, promotional campaigns, education and training programs, and techniques in investigating privacy violations and regulatory strategies. Other areas addressed include cooperation on complaints with a cross-border element and the possible undertaking of joint investigations. The agreement is not legally binding.
The Official Information Act of 1982 and the Local Government Official Information and Meetings Act of 1987 are freedom of information laws governing the public sector. The Official Information Act is seen as an important weapon to oversee the actions of the executive and ministers. There are significant interconnections between this freedom of information legislation and the Privacy Act in subject matter, administration, and jurisprudence, so much so that the three enactments may be viewed, in relation to access to information, as complementary components of one overall statutory scheme. The Office of the Ombudsman supervises enforcement. The Ombudsman hears around 1,100 complaints each year under the Official Information Act and 170 each year under the Local Government Official Information and Meetings Act. The Privacy Commissioner and the Ombudsmen work closely together where Official Information Act requests involve privacy issues.
The Public Records Act 2005 came into force on April 20, 2005. The purposes of the legislation are to hold the Government accountable for: ensuring that full and accurate records of the affairs of central and local government are created and maintained; providing for the preservation of, and public access to, records of long-term value; and for enhancing public confidence in the integrity of public records and local authority records.
New Zealand is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
The Privacy Act does not apply to self-governing territories associated with New Zealand, the Cook Islands and Niue, nor does it apply to the soon-to-be self-governing territory of Tokelau.
 Bill of
Rights Act, 1990, Chapter 4, Section 21, available at
 Tim McBride, "Recent New Zealand Case Law on Privacy: Part I: Privacy Act and the Bill of Rights Act," Privacy Law & Reporter, January 2000, at 107.
 Privacy Act
1993, available at
 See Paul Roth, "What is 'Personal Information'?," 20(1) New Zealand Universities Law Review 40 (2002).
 See Re Application by L – Information stored in person's memory (1997) 3 HRNZ 716 (Complaints Review Tribunal).
at <http://www.privacy.org.nz/privacy-act/>. The Privacy Commissioner may
issue codes of practice that modify the Information Privacy Principles set out
in the Privacy Act to take into account the special characteristics of specific
industries, agencies or types of personal information. These provisions may be
more stringent or less stringent than the
 Available at <http://www.privacy.org.nz/privacy-act/codes-of-practice/>.
Broadcasting Act 1989, s.4, available at
 See, e.g., Tim McBride, "Recent New Zealand Case Law on Privacy: Part II: the Broadcasting Standards Authority, the Media and Employment," Privacy Law & Reporter, February 2000, at 133. See also the Broadcasting Standards Authority’s Quarterly Newsletter, available at <http://www.bsa.govt.nz>.
 "DNA Test Matches Father and Son on TV," The Dominion (Wellington), March 30, 1999. See also “Children and Privacy,” Broadcasting Standards Authority’s Quarterly Newsletter, Number 34, May 2007, available at <http://www.bsa.govt.nz>.
 BSA Privacy Principles, available at <http://www.bsa.govt.nz/codesstandards-privacy.php>.
(Intimate Covert Filming) Amendment Act 2006, available at
 Study Paper 15, Intimate Covert Filming, Wellington, June 2004.
 New Zealand
Privacy Commission, Annual Report for the Year Ended 30 June 2006, available at
 The Director of Human Rights Proceedings is an official appointed under the Human Rights Act of 1993.
 This limit can be raised by application to the High Court.
 New Zealand Privacy Commission Statement of Intent, available at <http://www.privacy.org.nz/library/office-of-the-privacy-commissioner-statement-of-intent-2006-07>.
 NZ Amalgamated Engineering Printing and Manufacturing Union Inc v. Air New Zealand Ltd.,  AC 22/04.
 Hosking v Runting,  1 NZLR 1, paras. 117, 118-128.
 Mafart and
Prieur v Television New Zealand Limited,  CA
 Mafart and Prieur v Television New Zealand Limited,  NZSC 78.
New Zealand Limited v Rogers,  1 NZLR 156,  CA
 Rogers v Television New Zealand Limited,  NZSC 87.
 Andrews v Television New Zealand Limited,  CIV 2004-404-3536.
 "Police DNA
Drive," The Evening Post (Wellington), March 21,
 New Zealand Police Annual Report 2006, available at <http://www.police.govt.nz/resources/2006/annual-report/police-annual-report-2006.html>.
 New Zealand Police Annual Report 2004, available at <http://www.police.govt.nz/resources/2004/annual-report/annual-report.pdf>.
 "DNA Laboratory to Be Ready in May," The Dominion (Wellington), February 23, 2002.
 ESR website, <http://www.esr.cri.nz/competencies/forensicscience/dna/DNAdatabank.htm>.
 Memorandum of Understanding between the Ministry of Health and the New Zealand Police relating to the disclosure of newborn blood spot samples and related information, available at <http://www.moh.govt.nz/moh.nsf/0/58182C57A54ECF4DCC257138001500CE/$File/memorandum-of-understanding.pdf>.
 New Zealand Privacy Commission, “Health Information Privacy Code 1994 Amendment No. 6,” April 2007, available at <http://www.privacy.org.nz/filestore/docfiles/27577694.pdf>.
 Part XIA, Crimes Act 1961 and Misuse of Drugs Act 1978, available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.
 New Zealand Police Annual Report 2006, supra.
 New Zealand
Security Intelligence Service Act of 1969, available at
 Report of the New Zealand Security Intelligence Service to the House of Representatives for the year ended 30 June 2006, available at <http://www.nzsis.govt.nz/publications/ar06/nzsis-ar06.pdf>.
 New Zealand Security Intelligence Service Amendment Act 1999, available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.
 New Zealand Security Intelligence Service Amendment (No. 2) Act 1999, available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.
 Report of the New Zealand Security Intelligence Service supra.
Hager, Secret Power: New Zealand's Role in the International Spy Network
(Nelson, NZ: Craig Potton 1996).
 Crimes (Exemption of Listening Device) Order 1997 (SR 1997/145).
 Centre for Critical Infrastructure Protection website, <http://www.ccip.govt.nz/index.html>.
Press, "NZ Police Get Tech Crime Powers," AustralianIT, July 4,
 Crimes Act of 1961 (as amended), available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.
Telecommunications (Interception Capabilities) Act 2004, available at
 Id., section 8.
 Phil Goff,
"NZ Now Party to All 12 UN Terrorism Conventions," December 23, 2003, available
 Terrorism Suppression Amendment Act 2005, available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.
Electronic Messages Act 2007, available at
 Id., at section 3.
 Stop Spam
 See The Spam Code of Practice, Stop Spam website, available at <http://www.stopspam.net.nz/nzlegislation.htm>.
 Available on the Telecommunications Carriers Forum website: <http://www.tcf.org.nz/outputs/>.
 A statutes
amendment bill is a procedure designed for the introduction of non-controversial
 Office of the Privacy Commissioner, Press Release, "Proposed Amendments to the Privacy Act Addressing the Questions of Adequacy under the EU Data Protection Directive, December 15, 2000, available at <http://www.privacy.org.nz/media/prppaam.html>.
 Memorandum of Understanding, available at <http://www.privacy.org.nz/filestore/docfiles/2072970.doc>.
Information Act 1982, available at
 Local Government Official Information and Meetings Act 1987, available at <http://www.ombudsmen.govt.nz/local.htm>.
 Richard Worth, "Bill Boosts Secrecy Powers," The National Business Review (New Zealand), May 21, 2004, at 32.
 Public Records Act 2005, available at <http://www.legislation.govt.nz/browse_vw.asp?content-set=pal_statutes>.