1 July 2025
Ophelia Vrenna
[FYI request #30889 email]
Tēnā koe Ophelia
I write in response to your request to Kāinga Ora – Homes and Communities dated 2 May 2025,
for information under the Of icial Information Act (1982):
1. Any documentation relating to the consideration, proposal, or rationale for making any
changes or proposed or potential future changes to the existing privacy function in your
organisation in the period 2024 to 2026
2. This includes any documentation relating to how your organisation wil ensure
compliance with the privacy act after any proposed changes to your organisation’s
privacy function are implemented
3. Any documentation relating to your current privacy function’s reporting to your
organisation’s senior leadership team for the period 2020 to today
4. In particular (but not limited to this point) I am asking for any risks that have been raised
by your organisation’s privacy team during this period
5. An outline of your current privacy function’s role, reporting lines, job description, pay
band, and resourcing (by FTE)
I wil respond to each of your questions in turn below.
1. Any documentation relating to the consideration, proposal, or rationale for making any
changes or proposed or potential future changes to the existing privacy function in your
organisation in the period 2024 to 2026 and
2. This includes any documentation relating
to how your organisation wil ensure compliance with the privacy act after any proposed
changes to your organisation’s privacy function are implemented
As at the date of your information request, Kāinga Ora is undergoing an organisational restructure,
and the Privacy function is affected by this. Kainga Ora consulted with its employees on the
redesign between 3 April and 22 April 2025. Decisions were announced in late May 2025.
The new Kāinga Ora structure will be stood up on 1 July 2025. This will be followed by a proactive
release of relevant documentation relating to the decisions made. You may choose to refer to our
website in early August to view details about how the organisational reset affected the Privacy
function.
These parts are refused under section 18(d) of the Act, in that the information requested will soon
be publicly available.
3. Any documentation relating to your current privacy function’s reporting to your
organisation’s senior leadership team for the period 2020 to today
Your request for copies of reporting to our senior leadership about our Privacy Act performance,
from 2020 to the date of your request, is refused under section18(f) of the Act in
‘that the
information requested cannot be made available without substantial collation or research’. We
have also considered whether charging or extending further the timeframe for responding to your
request would help, as required by section 18A of the Act. However, we do not consider that either
of these approaches would reduce the administrative burden on Kāinga Ora of locating this
information.
4. In particular (but not limited to this point) I am asking for any risks that have been raised
by your organisation’s privacy team during this period
Kāinga Ora takes its responsibilities under the Privacy Act seriously. The work that it does around
ensuring that staff and tenant privacy is maintained is reported quarterly to senior leadership, and a
monthly newsletter is produced for all staff. The policies in place require all potential and actual
privacy breaches to be reported centrally, with follow-on actions monitored and implemented,
We have interpreted your phrase
‘this period’ to relate to stemming from 2020 to the date of your
request. Your request is refused under section 18(f) of the Act in
‘that the information requested
cannot be made available without substantial collation or research.’ We have also considered
whether charging or extending further the timeframe for responding to your request would help, as
required by section 18A of the Act. However, we do not consider that either of these approaches
would reduce the administrative burden on Kāinga Ora of locating this information.
5. An outline of your current privacy function’s role, reporting lines, job description, pay
band, and resourcing (by FTE)
The role of the Privacy Team as at the date of this information request is to:
o continue the privacy maturity uplift by delivering the Kāinga Ora Privacy Strategy
o maintaining privacy policies and guidelines
o providing advice/guidance to the business to ensure we meet our legislative settings
o deliver training and tools
o undertake Privacy Impact Assessments
o manage privacy breaches, and
o provide continued support and guidance to the Privacy Champions network.
Privacy Team salary bands as at 2 May 2025
Position Title
Manager Position Title
Pay rate level Pay rate
FTE
Manager - Privacy
Director - Risk Oversight
S3
$183,249
1.00
Principal Advisor - Privacy
Manager - Privacy
S2
$156,839
1.00
Senior Advisor - Privacy
Manager - Privacy
17
$131,727
1.00
Advisor - Privacy
Manager - Privacy
16
$112,375
1.00
Enclosed with my letter as Appendix A are copies of the job descriptions for the above-mentioned
roles.
You have the right to seek an investigation and review by the Ombudsman of this decision. There
is Information about how to make a complaint at
https://www.ombudsman.parliament.nz or by
freephone
on 0800 802 602.
2
Please note that Kāinga Ora proactively releases our responses to official information requests
where possible. Our response to your request may be published at
https:/ kaingaora.govt.nz/publications/official-information-requests/ with your personal information
removed.
Nāku iti noa, nā
Tracey Taylor
General Manager People, Governance and Capability
Enc:
Appendix A
•
Job Description - Manager – Privacy
•
Job Description - Principal Advisor – Privacy
•
Job Description - Senior Advisor – Privacy
•
Job Description - Advisor - Privacy
3
