New Zealand · OIA & Privacy
Official information and privacy for New Zealand, in one platform
AccessPoint manages Official Information Act 1982 requests and Privacy Act 2020 obligations — the 20-working-day clock, IPP 6 access and IPP 7 correction, and the notifiable privacy breach scheme — pre-configured for New Zealand and running inside your own Microsoft 365 tenant.
New Zealand at a glance
- Response deadline
- As soon as reasonably practicable, and no later than 20 working days (OIA and IPP 6)
- Extensions
- A reasonable extension for large or consultation-heavy requests (OIA s 15A)
- Fees
- No fixed application fee; agencies may make a reasonable charge for supplying official information
- Privacy data-subject rights
- IPP 6 access and IPP 7 correction, on the same 20-working-day clock
- Breach notification
- Notify the Privacy Commissioner and affected individuals of a breach likely to cause serious harm
- Oversight
- The Ombudsman (official information) and the Privacy Commissioner (privacy)
Built for New Zealand
One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.
OIA request lifecycle
Intake to decision on the 20-working-day clock — with section 15A extensions, transfers, the Act's withholding grounds, charge estimates, and Ombudsman-ready records, all built on Microsoft 365.
Central and local government
Run central-government requests under the OIA and local-government requests under the parallel LGOIMA — the same 20-working-day rule and the same Ombudsman oversight — on one platform.
Privacy Act requests and PIAs
Handle IPP 6 access and IPP 7 correction requests on the same 20-working-day clock, and run Privacy Impact Assessments, on a guided questionnaire engine with screeners, an embedded risk register, and a regulator-ready export.
Notifiable privacy breaches
Log a privacy breach, assess it against the serious-harm test, and get a live checklist of what the Privacy Act requires — notice to the Privacy Commissioner and to affected individuals as soon as practicable.
Ombudsman and Commissioner reviews
Track Ombudsman complaints about OIA decisions and Privacy Commissioner complaints and access directions — each with its own clock, an investigation workspace, and a guided path to disposition.
In your own tenant
Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.
Two regimes, two regulators
Official information answers to the Ombudsman. Privacy answers to the Commissioner. AccessPoint runs both.
New Zealand splits its information rights across two laws and two watchdogs. The Official Information Act sends access requests and their complaints to the Ombudsman, whose recommendations agencies have a statutory duty to observe. The Privacy Act 2020 gives people access and correction rights over their own information, a notifiable-breach duty, and a Privacy Commissioner who can issue compliance notices and binding access directions. Most offices run one side well. AccessPoint operates both — OIA requests, IPP 6 and IPP 7 requests, and breach notification — on one platform, in your own tenant, so a single team meets both regimes from a single system.
Configured out of the box
Installing the nz-oia-privacy configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.
Related guide: FOI Workflow Quick Check- The OIA (and LGOIMA) and the Privacy Act 2020 as the legal-authority spine
- New Zealand public-holiday calendar and 20-working-day due-date rules
- The OIA withholding grounds, colour-coded for redaction
- Section 15A extension reasons and section 14 transfer rules
- Charging categories aligned to the Ombudsman's charging guidance
- Ombudsman complaint grounds and Privacy Commissioner complaint and access-direction dispositions
- Privacy Act notifiable-breach rules on the serious-harm test
- Correspondence templates with OIA and Privacy Act wording
New Zealand Questions
Does AccessPoint cover both the OIA and the Privacy Act 2020?
Does it handle local government under LGOIMA?
How does it handle a notifiable privacy breach?
Where does New Zealand data reside?
Run the OIA and the Privacy Act in One Platform
Try AccessPoint free for 30 days, pre-configured for New Zealand. No credit card required.
Start Free Trial