This is an HTML version of an attachment to the Official Information request 'Obligation set out by the ACC for Fairway to disclose Personal Client Information in any requested Form'.

19 May 2022 
Anthony Jordan 
[FYI request #19265 email] 
Kia ora Anthony, 
Your Official Information Act request, reference: GOV-018085 
Thank you for your email of 3 May 2022, asking for the following information under the Official Information 
Act 1982 (the Act): 
Please supply the following in the form of a PDF copy or Attachment of the contract agreed to by the 
ACC and Fairway 
1.  Obligation set out by the ACC for Fairway to disclose Personal Client Information in hard copy form 
when Authorised by ACC Client/claimant  
2.  Obligation set out by the ACC for Fairway to disclose Personal Client Information in Digital form 
when Authorised by ACC Client/claimant  
3.  Obligation set out by the ACC for Fairway to disclose Personal Client Information in E Mail form 
when Authorised by ACC Client/claimant 
The contract between ACC and Fairway does not specify what format personal information should be 
However, the agreement between ACC and Fairway stipulates that Fairway must abide by the provisions of 
the Privacy Act 2020. Please refer to the extract below from the current contract between ACC and 
1. Privacy Act 
Due to the Privacy Act 1993 being updated in 2020, Clause 7.2.3, 36.2.11 and 37.1 are each deleted and 
replaced with the following clause with the corresponding clause number: 
7.2.3      comply with all relevant Laws including the AC Act, Privacy Act 2020, Employment Relations Act 
2000 and the Health and Safety at Work Act 2015. 
36.2.11 in accordance with a separate research agreement that has been approved by ACC including by 
the relevant ethics committee; but, in each case, any such disclosure shall be subject to the 
provisions of the Privacy Act 2020. 
37.1      The Supplier will comply with the Health Information Privacy Code 2020 (where applicable), the 
Privacy Act 2020 and any other Laws relating to privacy and protection of personal information 
and the Supplier will: 
37.1.1   ensure that any personal or health information a Supplier holds about an ACC customer is 
protected by reasonable security safeguards against loss or unauthorised access, use, 
modification or disclosure; 
37.1.2   only access, collect, use, disclose, store, process, transfer or otherwise handle any information 
about ACC customers as instructed by ACC and as necessary to perform the Services, and for no 
other purpose; 
37.1.3   appoint a privacy officer; 
37.1.4   have a privacy policy that:   includes what to do if there is a privacy breach (including procedures to promptly advise 
ACC); and   complies with any reasonable ACC policy provided by ACC to the Supplier; and 
GOV-018085   Page 1 of 2 

37.1.5   comply with all reasonable directions of ACC relating to collecting, using, disclosing, deleting 
and otherwise managing personal information in the course of the Services, including:   using appropriate procedures to privacy check information before sending it;   using couriers for delivery of physical documentation; and   transferring data electronically using a “secure file transfer” protocol approved by ACC. 
Section 56 of the Privacy Act 2020 states that information may be made available in a requestor’s preferred 
If you have any questions about this response, please get in touch 
You can email me at [email address].  
If you are not happy with this response, you can also contact the Ombudsman via 
[email address] or by phoning 0800 802 602. Information about how to make a complaint 
is available at  
Ngā mihi, 
Sara Freitag 
Acting Manager Official Information Act Services 
Government Engagement & Support 
GOV-018085   Page 2 of 2