Biometrica Compliance with New Zealand Privacy Laws (March 2025)

Overview

New Zealand regulates privacy primarily through the Privacy Act 2020 and the Information Privacy Principles (IPPs). The Act governs the collection, use, and disclosure of personal information by agencies in New Zealand, including private organizations. Biometrica’s commitment to privacy-by-design, absence of biometric retention, and human-in-the-loop verification ensure strong alignment with New Zealand’s privacy and public safety frameworks.

New Zealand: Privacy Act 2020 & Information Privacy Principles (IPPs)

Applicability

  • The Privacy Act 2020 applies to any organization that collects or holds personal information about identifiable individuals in New Zealand.
  • The definition of personal information includes biometric information when used for identification.
  • There are lawful exceptions for security, law enforcement, and public safety purposes.

Biometrica Compliance

  • Biometrica’s systems do not access, retain, transmit, or store biometric identifiers, faceprints, other biometric templates, or associated metadata.
  • The system only processes and stores law enforcement-sourced public safety data (arrests, warrants, missing persons, etc.).
  • Any biometric comparisons are performed solely by an independent, NIST-approved third-party provider operating in an isolated black box environment.
  • The third-party provider only has access to images and has no access to any associated data to an image. It returns only a case number to Biometrica in case of a match, which Biometrica’s systems then correlate to a record for an individual. 
  • Human-in-the-loop validation ensures compliance with IPPs requiring accuracy, accountability, and proportionality.
  • The systems do not engage in mass surveillance or indiscriminate facial recognition.
  • Privacy Impact Assessments (PIAs) are conducted as part of New Zealand deployments following Office of the Privacy Commissioner (OPC) guidance.

Law Enforcement & Security Provisions

  • Section 22 of the Privacy Act permits information collection and processing for law enforcement purposes where reasonably necessary to maintain the law.
  • Biometrica’s role is strictly as a security and public safety partner, not as a commercial biometric database operator.
  • UMbRA data is exclusively law enforcement-sourced and used only for safety or investigatory alerts.

Compliance Highlights

  • Data Minimization: Images without a relevant match are deleted immediately.
  • Proportionality: Alerts are strictly relevance-based and subject to human validation.
  • Transparency & Accountability: Full audit trails and immutable logs are maintained.
  • Public Safety Focus: Biometrica’s deployment is limited to public safety, criminal investigations, and security applications.