About us

Secondary legislation

Mana Mokopuna - Children and Young People's Commission Information Rules

This page contains our secondary legislation, the Mana Mokopuna, Children and Young People’s Commission Information Rules, in text form.

You can download this document as a Word or PDF file here.

[Text in square brackets like this is simply to explain the provisions of the rules.]

Background

  1. Under the Children and Young People’s Commission Act 2022 (the Act), the Children and Young People’s Commission has a number of roles relating to promoting and advancing the interests, wellbeing, rights, and participation of children and young people.
  2. When exercising its functions, duties, and powers, the Commission needs to have regard to a number of matters set out in the Act. These matters include the need to hear from, and be informed by, children and young people.
  3. The Act contains provisions that reflect the Crown’s responsibility to give effect to te Tiriti o Waitangi, including provisions requiring the Commission’s board to build and maintain relationships with hapū, iwi, and Māori organisations. This is expected to involve the sharing of information.
  4. The Commission has duties under the Oversight of Oranga Tamariki System Act 2022 when its work relates to children or young people receiving services or support through the Oranga Tamariki System. These duties are common to the Commission, the Monitor, and the Ombudsman, who are authorised to share information with one other for certain purposes.
  5. When conducting an inquiry, the Commission has special powers under its Act to call for information or documents if certain conditions are met. At the same time, in recognition of the sensitivity of the information the Commission may obtain, the Commission and its staff are under a duty to maintain the secrecy of matters that come to their knowledge during an inquiry.
  6. Section 31 of the Act requires the Commission to make rules relating to the Commission’s collection, use, and disclosure of information. The purpose of such rules is to protect the privacy of people’s Personal Information and the confidentiality of other information. The rules need to support the Commission’s inquiry function and protect the privacy of children, young people, and their families, and whānau.
  7. These Information Rules are the rules required by the Act. They apply to both Personal Information and Non-Personal Information. This reflects the approach to the information provisions in the Act. The Rules distinguish between Personal Information and Non-Personal Information where it’s necessary or desirable to do so.
  8. When making these Information Rules, the Commission made reasonable efforts to consult interested or affected agencies, including hapū, iwi, and Māori organisations, and consulted the Privacy Commissioner, as required by section 31(3) of the Act. The Data Protection and Use Policy and the Algorithm Charter for Aotearoa New Zealand were also taken into account.

1. Application, definitions, and interpretation

1.1 Application

These rules apply to the Commission’s handing of information in connection with its functions, duties, and powers under the Act and, to the extent relevant, the Oversight Act. They do not apply to the Commission’s functions, duties, and powers as a National Preventive Mechanism under the Crimes of Torture Act 1989.

1.2 Defined terms

[The following terms have the following meanings:]

Act means the Children and Young People’s Commission Act 2022;

Algorithm Charter for Aotearoa New Zealand means the charter by that name available at https://data.govt.nz/ or successor URL, or any replacement of that charter;

Code of Ethics means the code of ethics that section 26 of the Act requires the Commission to have;

Commission means the Children and Young People’s Commission;

Data Protection and Use Policy means the policy by that name available at https://www.digital.govt.nz/ or successor URL, or any replacement of that policy;

Identifying Information means personal identifiers, such as name and address, from which an individual can be or is likely to be able to be identified;

Information Rules means these information rules;

IPP means an information privacy principle in the Privacy Act 2020;

Monitor means the Independent Monitor of the Oranga Tamariki System established under section 12 of the Oversight Act;

Oranga Tamariki System has the meaning in section 9 of the Oversight Act;

Oversight Act means the Oversight of Oranga Tamariki System Act 2022;

Non-Personal Information means any information that is not Personal Information;

Personal Information has the same meaning as in section 7(1) of the Privacy Act;

Privacy Act means the Privacy Act 2020;

Public Record has the meaning in section 4 of the Public Records Act 2005;

Staff includes employees, officers, contractors, and service providers; and

Third Party Source, in relation to the collection of Personal Information, means:

(a) an individual other than the individual to whom the information relates; or

(b) another agency or organisation.

1.3 Interpretation

[These provisions help people to interpret the rules.]

(a) In these Information Rules, unless the context indicates otherwise:

(i) references to “agency” are references to any agency as defined in section 8(1) of the Oversight Act, that is, any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector, including an individual delivering services or support to children and young people through the Oranga Tamariki system independently of any other agency (but excluding the entities listed in section 8(1)(d));

(ii) references to an “individual” are to a natural person;

(iii) references to the “Commission” include Staff of the Commission when acting for or on behalf of the Commission or performing functions or duties of the Commission;

(iv) references to “rules” are to rules in these Information Rules;

(v) references to sections are to sections of the Act;

(vi) references to the relationship between certain provisions of the Act and certain IPPs in the Privacy Act are intended to declare the existing position under the Act; and

(vii) terms defined in the Act have the same meaning when used in these rules.

(b) If there is any inconsistency between the Act and these rules, the Act will prevail to the extent of the inconsistency.

2. Collection of information

[The Commission may collect information for the purposes stated here and the purpose(s) of collecting information in particular situations must be documented.]

2.1 Purpose

The Commission may collect information (whether Non-Personal Information or Personal Information) for the purposes of performing its functions and exercising its powers and duties under:

(a) the Act, including in accordance with sections 27 (Special powers to call for information or documents) and 33 (Sharing of information with Monitor and Ombudsman);

(b) the Oversight of the Oranga Tamariki System Act; and

(c) any other applicable law.

2.2 Source of information

[The Commission may collect information from various sources as long as it complies with rules relating to each source.]

(a) The Commission may collect information from individuals, as long as:

(i) when collecting Personal Information from individuals to whom the Personal Information relates, the Commission complies with rule 2.3 or 2.4 (as applicable) and rules 2.6, 2.7 (if applicable) and 2.8;

(ii) when collecting Personal Information from individuals that is about other individuals, the Commission complies with rule 2.3 or 2.4 (as applicable) and rules 2.6, 2.7 (if applicable) and 2.8; and

(iii) when collecting Non-Personal Information from individuals, the Commission complies with rules 2.7 (if applicable) and 2.8; and

(b) The Commission may collect information from Third Party Sources, as long as:

(i) when collecting Personal Information, the Commission complies with rule 2.3 or 2.4 or 2.5 (as applicable) and rules 2.6, 2.7 (if applicable) and 2.8; and

(ii) when collecting Non-Personal Information, the Commission complies with rules 2.7 (if applicable) and 2.8.

(c) To avoid doubt, this rule 2.2 does not restrict the Commission’s ability to:

(i) undertake research;

(ii) receive unsolicited information; or

(iii) obtain by lawful means information from any other source not referred to in rule 2.2(a)-(b).

2.3 Collection of Personal Information other than under section 27 or 33 – necessity, identifiers, and source

[If the Commission is not relying on a statutory power of collection, it needs to comply with IPP1.]

(a) If the Commission is proposing to collect Personal Information other than under section 27 or 33 of the Act, it must first consider, in accordance with IPP1(1), whether collection would be reasonably necessary for a lawful purpose connected with a function or activity of the Commission (the Necessity Test).

(b) If the proposed collection does meet the Necessity Test, the Commission may collect the Personal Information.

[If the Commission does not need identifying information, the Commission should not collect it.]

(c) However, if the Commission’s purpose of collection does not require collection of an individual’s Identifying Information, the Commission must not seek to require or otherwise collect the individual’s Identifying Information (as per IPP1(2)). In this situation, the Commission may only collect Personal Information to the extent it does not include Identifying Information.

[If the Commission is collecting information about individuals directly from those individuals, it needs to comply with IPP3.]

(d) If the Commission is proposing to collect Personal Information other than under section 27 or 33 of the Act and the collection is from an individual to whom the information relates, the Commission must comply with IPP3.

[If the Commission is collecting information about individuals from a Third Party Source, it needs to provide certain information to the Third Party Source.]

(e) If the Commission is proposing to collect Personal Information other than under section 27 or 33 of the Act and the collection is from a Third Party Source, the Commission must comply with IPP2, and inform the Third Party Source of:

(i) the purpose(s) for which the Commission wishes to collect the information;

(ii) the date by which, and the manner by which, the Commission would like the information to be provided;

(iii) whether the Third Party Source’s provision of the information is mandatory or voluntary (if the Commission is not relying on a statutory power of collection that requires provision of the information, provision of the information will be voluntary);

(iv) if provision of the information is mandatory, the consequences of not providing the information; and

(v) who, other than the Commission (if anyone and bearing mind the secrecy obligation in section 29), is likely to receive the information (to the extent the Commission is able to determine this at the time of collection).

[The Commission can still collect and record unique identifiers and other identifiers that a Third Party Source has associated with individuals.]

(f) This rule 2.3 does not limit the Commission’s ability to collect and record unique identifiers or other alpha-numeric identifiers that another agency, person or body has assigned to or associated with individuals to whom the Personal Information that the Commission is collecting relates.

2.4 Collection of Personal Information under section 27 – identifiers

[If the Commission does not need identifying information, the Commission should not collect it.]

(a) Where the Commission exercises its power under section 27 of the Act to call for information or documents, the Commission must not require any Personal Information to be provided unless permitted by section 27(3), that is to say, unless it can be provided in a form in which:

(i) Identifying Information has been removed; and

(ii) the individual concerned cannot otherwise reasonably be identified.

[The Commission needs to consider whether requested information or documents are likely to contain identifying information and, if so, request that it be removed.]

(b) If the Commission requests information or documents in reliance on its powers in section 27, it must:

(i) consider whether the information or documents requested are likely to contain Personal Information; and

(ii) if they are likely to do so, the Commission must request the person specified in the notice under section 27(1) to take the steps described in rule 2.4(c) before providing the information or documents to the Commission.

(c) The steps referred to in rule 2.40 are removal, from the information or documents that the person has been requested to provide to the Commission, of:

(i) individuals’ personal identifiers such as name and address; and

(ii) any other words, sections or parts from which the Commission would readily be able to identify those individuals.

[The Commission may still need to comply with IPP3 when requesting information or documents from an individual.]

(d) If the Commission requests information or documents from an individual in reliance on its powers in section 27 of the Act and, despite complying with section 27(3), the request entails collection of Personal Information about the individual, the Commission must comply with IPP3.

[If collecting from a Third Party Source, IPP2 does not apply and section 27 prevails over IPP1.]

(e) If the Commission requests information or documents from a Third Party Source in reliance on its powers in section 27 of the Act, the Commission does not need to comply with the Privacy Act’s IPP2 and, to the extent there is any inconsistency between IPP1 and section 27, section 27 prevails.

2.5 Collection of Personal Information under section 33 – identifiers

[When requesting information from the Monitor or an Ombudsman, the Commission needs to consider whether it needs any identifying information.]

Where the Commission is proposing to make a request under section 33 of the Act to the Monitor or an Ombudsman for the sharing of information with the Commission:

(a) the Commission must:

(i) consider whether there is any need for the information to include Identifying Information for either or both of the purposes described in section 33(1); and

(ii) if there is no such need, consider whether the request should state that the Commission is not requesting, and does not wish to receive, any Identifying Information; and

(b) the Commission does not need to comply with IPP2 and, to the extent there is any inconsistency between IPP1 and section 33, section 33 prevails.

[IPP2 does not apply, and section 33 prevails over IPP1.]

2.6 Personal Information – additional considerations

[When considering the purposes of collection and how much personal information to collect, the Commission needs to consider the matters listed here.]

(a) When the Commission is considering the purposes for collecting Personal Information and how much Personal Information to collect, the Commission must take reasonable steps in the circumstances (if any) to consider:

(i) the outcomes to which the collection of the Personal Information is intended to contribute;

(ii) how the Commission will use or process the information;

(iii) the sensitivity of the Personal Information that will be collected; and

(iv) where the collection will be from a Third Party Source that collected the Personal Information from the individuals concerned, the potential impact (if any) on the trust relationships between the Third Party Source and those individuals, taking into account the likely purposes for which the Personal Information was originally collected.

2.7 Collection of information from children and young people

[Collections of information from children and young people must be in accordance with any consent or similar requirements in the Commission’s Code of Ethics.]

(a) When collecting information from a child or young person (whether Personal Information or Non-Personal Information), the Commission must comply with applicable consent or related requirements set out in its Code of Ethics (as updated from time to time).

[The Commission stills needs to comply with the Privacy Act’s IPP3.]

(b) Neither this rule 2.7 nor the Code of Ethics limits the Commission’s obligation to comply with the Privacy Act’s IPP3 (Collection of information from subject) when collecting Personal Information from individuals to whom the Personal Information relates.

2.8 Methods of collection

[Information needs to be collected in a manner that complies with IPP4 (if applicable) and the Commission’s Code of Ethics.]

(a) The method(s) by which the Commission collects information must:

(i) in relation to Personal Information, comply with the Privacy Act’s IPP4 (Manner of collection of Personal Information); and

(ii) be in accordance with the Commission’s Code of Ethics, if the Code applies in the circumstances.

[The Commission may collect information by various means: in writing or verbally, and either remotely or in person.]

(b) Without limiting rule 2.8(a), the Commission may collect information by or through:

(i) written or oral requests for information to be provided orally or in writing or other documentary form (including by electronic means);

(ii) discussions between the Commission and individuals or Third Party Sources;

(iii) the Commission making visits to sites controlled by agencies or persons or their contracted partners or subcontractors; and

(iv) any other lawful means.

[When deciding on how to collect information, the Commission needs to consider security and the sensitivity of the information.]

(c) When deciding upon a method of collection of information, the Commission must, to the extent relevant:

(i) take reasonable steps to ensure that the collection will be effected by secure means; and

(ii) consider the sensitivity of the information to be collected.

2.9 Provision of information to Commission following request

[If the Commission requests information under its statutory power of collection, the information must be provided unless it would be privileged in the courts.]

(a) Where the Commission requires information from a person under section 27 of the Act, section 28 obliges the person to comply with the requirement stated in the notice in the manner and within a period (being not less than 20 working days after the notice is given to the person) specified in the notice, except as stated otherwise in the section. Under section 28(2), information and documents that would be privileged in a court of law do not need to be provided or produced.

[If the Commission requests information without relying on a statutory power of collection, the recipient of the request can decide whether to provide it.]

(b) Where the Commission requests information from an individual, agency or other person and the request is not made under or in reliance on:

(i) section 27; or

(ii) another statutory power that mandates provision of information to the Commission,

the individual, agency or person may decide whether to provide the information requested and is responsible for determining whether it is permitted to do so.

3. Security and storage of information

[The Commission needs to look after the information it holds.]

3.1 Security

The Commission must take reasonable steps to safeguard the information it collects, accesses, generates and is provided, from unauthorised access or use.

3.2 Storage and access

(a) Without limiting rule 0, the Commission will store the information it collects or is provided in secured systems that are accessible only by authorised Staff of the Commission who require access to carry out their functions or services for or on behalf of the Commission.

(b) The Commission must take reasonable steps to ensure that the information it collects and holds is not shared with or accessible by Staff of the Commission who do not need to see it to perform their roles or services for the Commission.

4. Use of information

[The Commission can only use information it holds for the purposes stated here.]

4.1 Purpose

The Commission may:

(a) only use the Personal Information it collects and holds for the purposes for which it was collected or as otherwise permitted or required by the Act or any other applicable law; and

(b) use Non-Personal Information it collects and holds for any lawful purpose (excluding uses that would be contrary to confidentiality obligations or other restrictions on use arising in contract, equity or tort, or under the Act, or under any other applicable law or court order).

4.2 Use only by approved Staff

[The Commission must limit access to the information it holds.]

The Commission must take reasonable steps to ensure that information it holds relating to children, young persons, their whānau, their caregivers or, where relevant, alleged perpetrators of abuse or neglect, is:

(a) used by authorised Staff only; and

(b) only in accordance with rule 0.

5. Accuracy and completeness

[The Commission may need to take steps to check the accuracy of information it uses and may consider various sources of information when doing that.]

5.1 Commission to take reasonable steps to check accuracy

The Commission must not use information it holds without taking steps that are, in the circumstances, reasonable (if any) to ensure that the information is accurate, up to date, complete, relevant, and not misleading. When considering whether any steps are required, the Commission may take into account (without limitation) the nature of the information, and the need to enable children and young people to have their say freely and without fear of persecution or adult intervention.

5.2 Assessing accuracy and completeness

In assessing the accuracy and completeness of information on which it relies, the Commission:

(a) may, in the context of an inquiry, request information under section 27 of the Act (if all conditions of the section are met) to verify or refute information obtained from another source; and

(b) may engage with individuals, agencies, organisations and other persons and bodies, and take into account various information sources, provided that, in doing so, it complies with the Act, regulations under the Act, these Information Rules, and any other applicable law, including IPPs in the Privacy Act to the extent they apply.

5.3 Commission to inform agency of inaccuracy

[If the Commission thinks information obtained from an agency is inaccurate, it will take steps to inform the agency.]

If the Commission discovers or considers that information it obtains from another agency is inaccurate, out of date, incomplete or misleading, the Commission will take reasonable steps to inform the agency of the respects in which the information is inaccurate, out of date, incomplete or misleading.

5.4 No limitation to IPPs 7 and 8

To avoid doubt, nothing in this rule 5 limits IPP7 or IPP8 of the Privacy Act.

6. Sharing information

[The Commission may share information to the extent specified here.]

6.1 Permitted sharing

Subject to rule 6.2, the Commission may share information it holds or obtains under or in connection with the performance of its functions and the exercise of its duties and powers under the Act, with other agencies, organisations, and individuals:

(a) to the extent contemplated by and to give effect to its functions in sections 20-22 of the Act;

(b) to the extent permitted or required by the Act or its regulations, including without limitation:

(i) section 33 (Sharing of information with Monitor and Ombudsman);

(ii) section 34 (Commission may report interference or non-compliance); and

(iii) section 35 (Referrals); and

(c) to the extent otherwise permitted, authorised, or required by law.

6.2 Limitations on sharing

(a) The Commission’s ability to share information it holds or obtains under or in connection with the performance of its functions, duties and powers under the Act is subject:

(i) to the duty in section 29 to maintain secrecy in respect of all matters that come to the knowledge of the Commission or an employee of the Commission in the course of any inquiry (except as stated otherwise in section 29(2)-(3));

(ii) when making a report or statement under the Act, to the requirement in section 25 not to make any comment that is adverse to an individual or agency if the Commission has not given the individual or agency a reasonable opportunity to be heard;

(iii) in the case of Personal Information, to the limitations on disclosure in IPP11 and IPP12 of the Privacy Act (except to the extent they are overridden by the Children and Young People’s Commission Act or another law); and

(iv) to confidentiality obligations or other restrictions on disclosure arising in contract, equity or tort, or under the Act, or under any other applicable law or court order.

(b) To avoid doubt, nothing in these Information Rules prevents the Commission from using appropriately secured information and communications technology and infrastructure provided by another public sector agency or third party (to which, in any case, rule 3 (Security and storage of information) applies).

6.3 Secure sharing

[When sensitive information is shared, it needs to be shared by secure means, such as encrypted email, an encrypted data exchange or using encrypted devices.]

Where the Commission shares Personal Information or other classified or confidential information with an individual, agency or organisation, the Commission must take reasonable steps to ensure that it does so by reasonably secure means.

6.4 Sharing of information with hapū, iwi, and Māori organisations

[The Commission may share certain information with hapū, iwi, and Māori organisations. The Commission needs to engage with hapū, iwi, and Māori organisations to inform its approach, and ensure that arrangements governing such sharing contain appropriate protections.]

(a) This rule 6.4 applies in relation to the exchange of information between the Commission and hapū, iwi, and Māori organisations for the purposes of facilitating, among other things:

(i) the duties of the board of the Commission in section 17(1)(a) of the Act to build and maintain relationships with hapū, iwi, and Māori organisations;

(ii) the duties of the board in section 17(1)(b) of the Act to set strategic priorities and work programmes that support improved outcomes for Māori children and young people within the context of their whānau, hapū, and iwi; and

(iii) the Commission's function in section 20(f) to promote the interests and wellbeing of children and young people by undertaking and promoting research into any matter that relates to the rights, interests, or wellbeing of children and young people, while giving special attention to te ao Māori.

(b) Without limitation to applicable sections of the Act, the Commission will use reasonable efforts to engage with representative hapū, iwi, and Māori organisations to:

(i) better understand the context, from their perspective, in which information may be exchanged between the Commission, and hapū, iwi, and Māori organisations, for the purposes of the matters referred to in rule 6.4(a), including any concerns they may have in relation to the protection of such information;

(ii) identify opportunities for involving hapū, iwi, and Māori organisations in the collection and/or interpretation of information that may yield insights that are beneficial to their local communities; and

(iii) ascertain the kinds of information that they and the Commission would find helpful.

(c) The Commission will also use reasonable efforts to:

(i) make it clear during the engagement referred to in clause 6.4(b) that the Commission will not be disclosing Personal Information to hapū, iwi, or Māori organisations, unless permitted, authorised or required by law to do so, and then only at the Commission’s discretion;

(ii) ensure where relevant that the information it shares is fully de-identified, or confidentialised, with the aim of preventing particular individuals being identifiable from the information (either alone or in conjunction with other information); and

(iii) keep in contact with the hapū, iwi, and Māori organisations with whom the Commission is sharing information to verify that the sharing is of value to them and to identify any learnings from them that may be relevant to ongoing performance of the Commission’s functions and the future sharing of information with them.

6.5 No publication of identifying information

[Except as permitted by the Act, no personally identifying information is to be published.]

The Commission must not publish any information that is reasonably capable of identifying an individual (either alone or in conjunction with other readily accessible information), unless the Commission has obtained informed consent (in accordance with its Code of Ethics) from the relevant individual (or individuals) to include their personal information in the report with full knowledge that it will be made public.

6.6 Minimising risk of self-identification

[The Commission needs to consider the risk of people identifying themselves from apparently de-identified information that is to be published.]

The Commission must take reasonable steps:

(a) to minimise the risk of individuals identifying themselves from apparently fully de-identified information that is to be published in a report or other material; and

(b) if a significant risk remains, to obtain the individuals’ consent before including the information in the report or other material.

7. Data analytics, algorithms, and predictive modelling

[If the Commission uses data analytics techniques, their uses must be ethical.]

7.1 To the extent that the Commission uses data analytics techniques to identify trends or metrics, or suggestions for reform or interventions, the Commission will take reasonable steps to ensure that:

(a) the uses of techniques are ethical; and

(b) the input data and the techniques being used are fit for purpose and will not produce biased or discriminatory results.

[The Commission will not use algorithms or predictive modelling unless it consults, and complies with the Algorithm Charter.]

7.2 The Commission will not implement any algorithm (other than for the purpose of de-identifying information) or predictive modelling in connection with the performance of its functions without:

(a) first consulting representative agencies and organisations with an interest in, or who could be affected by, the use of the algorithm or modelling; and

(b) complying with the Algorithm Charter for Aotearoa New Zealand.

7.3 The consultees referred to in rule 7.2(a):

(a) must include the Office of the Privacy Commissioner, Te Arawhiti, StatsNZ, Oranga Tamariki, the Monitor, and the Data Ethics Advisory Group convened by the Government Chief Data Steward; and

(b) may include such other individuals, agencies and organisations as the Commission considers appropriate (including representatives of, for example, communities, cultural groups or children or young persons).

8. Retention and disposal of information

[The Commission needs to retain records in accordance with the Public Records Act but otherwise must not keep personal information longer than required.]

8.1 The Commission:

(a) must retain the Public Records it creates or receives in accordance with the Public Records Act 2005;

(b) may dispose of such Public Records if authorised to do so by a disposal authority given under that Act; and

(c) when Public Records in the possession of the Commission:

(i) contain Personal Information; and

(ii) can be disposed of under such a disposal authority,

the Public Records or at least the Personal Information they contain must be disposed of, in accordance with the Privacy Act’s IPP9, once the Personal Information is no longer required for the purposes for which the information may lawfully be used.

8.2 To the extent that the Commission obtains Personal Information that does not comprise or form part of a Public Record, the Commission must not keep that information for longer than is required for the purposes for which the information may lawfully be used.

8.3 To avoid doubt, if the Commission needs to retain information for periodic audit purposes, it may do so but, where rule 8.1(c) or 8.2 applies, only for as long as it is required for those purposes.

This secondary legislation is made at Wellington on 24 June 2024. (signed)

Dr Claire Achmad

Chief Children’s Commissioner

Mana Mokopuna - Children and Young People’s Commission

MetaData Table

This is secondary legislation issued under the authority of the Children and Young People’s Commission Act (2020)

Title: Mana Mokopuna - Children and Young People's Commission Information Rules, 2024.

Empowering Act: Children and Young People’s Commission Act (2022)
Empowering Provision: Section 31 Information rules:

(1) The Commission must make rules (information rules) relating to the collection, use, and disclosure of information by the Commission to ensure protection of the privacy of persons to whom personal information relates, and the confidentiality of other information.

(2) The information rules must support the performance of the Commission’s inquiry function under section 20(i) and protect the privacy of children, young people, their families, and whānau.

(3) When making information rules, the Commission must—

(a) make reasonable efforts to consult interested or affected agencies, including hapū, iwi, and Māori organisations; and

(b) consult the Privacy Commissioner.

(4) Information rules made under this section are secondary legislation (see Part 3 of the Legislation Act 2019 for publication requirements).

Maker Name: Mana Mokopuna - Children and Young People’s Commission

Administering Agency: Mana Mokopuna, Children and Young People’s Commission
(contact: children@manamokopuna.org.nz)

Date made: 24 June 2024

Publication date: 26 June 2024

Notification date: (not notified)

Commencement date: 30 June 2024

End Date: N/A