Overarching statement

This transparency statement explains how we collect, use, and share information gathered from industry participants or other entities (directly or indirectly) for the purpose of detecting or investigating potential:

  • regulatory non-compliance
  • threats to the physical security of staff, or the security of information or places.

We take care to exercise our information gathering powers appropriately and meet our obligations under the Privacy Act 1993, the New Zealand Bill of Rights Act 1989, the State Sector Code of Conduct, the Information Gathering Model Standards, and relevant Authority policies and procedures at all times.

Any such information gathering must be approved according to our internal authorisation processes. Those processes, and the related activities, are regularly reviewed to ensure compliance with the law, with our internal policies, and with our risk management requirements.

This statement applies to information gathered by us, our contractors, or any other third parties engaged by us.

What information is covered by this statement, and why do we collect it?

This section explains how we collect, use, and share information when we are carrying out our functions such as maintaining the register of industry participants, making and administering the Electricity Industry Participation Code 2010 (Code), monitoring compliance with the Electricity Industry Act 2010 (Act) and the Code, and investigating and enforcing compliance under the Act and the Code.

Our legislation empowers us to require industry participants to provide the information we need to give effect to that legislation and ensure compliance, as well as carry out investigations where we believe participants may be in breach.

We are also required to protect that information and only disclose what we consider is necessary to give effect to our legislated responsibilities.

Most of the information we collect is provided directly by participants as a requirement to fulfil statutory obligations and according to our powers as a regulator.

However, if we require information that is relevant to us considering and investigating compliance breaches or complaints with the Rulings Panel, we may gather information from participants using our statutory powers.

We may also collect publicly available information – such as media reports – where this is relevant to carry out our compliance functions.

What do we do with it? Do we share it?

How we use it

To carry out our compliance functions, we may use the information we hold for audit or monitoring purposes. Where we identify the need to use the information further to consider or investigate compliance breaches and complaints with the Rulings Panel, we will only do so if required or permitted by law, or with your authorisation.

When we share it

We may share information where necessary to properly carry out our legislated functions. This information will be shared in accordance with our statutory powers and in compliance with the relevant legislation and any information sharing agreements, MOUs or similar with the other agency. This may include when we are considering and investigating compliance breaches or complaints with the Rulings Panel. We will take all practicable steps to verify information provided to third parties.

We may, for example, share information with:

  • another regulator, the Ministry of Business, Innovation and Employment (as the monitoring agency) or the Rulings Panel
  • the other party to an investigation or complaint with the Rulings Panel, for the purpose of investigating and resolving the investigation or complaint
  • the Police or another government agency, if required by law (eg, to assist with the investigation of a criminal offence), or to report significant misconduct or breach of duty or where there is a serious threat to health or safety. If our staff are threatened or abused, we may refer this to the Police.

How will we protect it?

Information is stored and retained in accordance with our Privacy Policy and Information Security Policy, and in compliance with the Privacy Act 1993 and the Public Records Act 2005.

Complaints about the Authority