Disclaimer
This disclaimer applies to information available on, or through, the National Cyber Security Centre (NCSC) and Own Your Online websites, including information provided by the NCSC as part of the Government Communications Security Bureau (GCSB).
The material on this website is provided for general information only, and on the understanding that the NCSC is not providing professional advice on any matter. Before taking action or making decisions based on the material on this website or Own Your Online, you should get appropriate independent professional advice.
The NCSC endeavours to ensure that the information on this site and Own Your Online is reliable and accurate at the time of publishing. However:
- The NCSC, and its employees, contractors and information providers do not make any express or implied representations or warranties regarding the materials and facilities mentioned on this website or Own Your Online.
- The NCSC, its employees, contractors and information providers do not accept any liability, for any reason, for any loss or damage that may result from:
- using any content or tools,
- errors or omissions in the content or tools, or
- inaccurate information found through using this site or Own Your Online.
- The NCSC is not responsible for the content of other websites linked to or referenced on this website or Own Your Online. Including or referencing a link to another website, or a specific commercial product, process, or service — whether by trade name, trademark, manufacture or otherwise — does not mean it is endorsed, verified or recommended by this site, Own Your Online or the New Zealand Government.
- The NCSC may change, delete, add to or otherwise amend information on this website or Own Your Online without notice.
- Each page on the NCSC and Own Your Online websites must be read in conjunction with this disclaimer and any other relevant disclaimer.
Copyright
Unless stated otherwise, all material on this site is © Crown copyright.
This includes material on the National Cyber Security Centre (NCSC) and Own Your Online websites, which is protected by copyright owned by the Government Communications Security Bureau (GCSB) on behalf of the Crown.
Re-use
Crown copyright material on the NCSC and Own Your Online websites is licensed for re-use under the Creative Commons Attribution 4.0 International Licence, unless stated otherwise on this page or within the material.
This means you may copy, distribute, and adapt the material for any purpose, even commercially.
Licence terms - Attribution 4.0 International - Creative Commons External Link
Exceptions
This licence doesn’t apply to:
- logos, emblems and trademarks on the websites,
- website design elements, and
- any photography and imagery.
You must not use the New Zealand Government logo in any way that breaches the Flags, Emblems, and Names Protection Act 1981, or would do so if it were used within New Zealand.
Third-party copyright
Some material on the NCSC and Own Your Online websites belongs to third parties. This includes content on websites we link to, and images on this website that are stock photos.
We can’t give permission to re-use third-party copyright material. You’ll need to contact the original copyright holder.
If you’re unsure whether material on the NCSC and Own Your Online websites is protected by third-party copyright, contact us before reproducing it.
Privacy statement
This privacy statement outlines how the National Cyber Security Centre (NCSC) collects, uses, and discloses personal information in accordance with the Privacy Act 2020.
Scope
This privacy statement applies to personal information collected by the NCSC, which is part of the Government Communications Security Bureau (GCSB). To read the GCSB privacy statement, visit their Legal, privacy, and copyright page.
Legal, Privacy, and Copyright | GCSB External Link
Purpose
The purpose of this privacy statement is to let users of the NCSC and Own Your Online websites know when we collect personal information and how we use it. We don’t use, share or disclose personal information collected or received, except as set out in this statement.
Why do we collect personal information?
The NCSC and Own Your Online collect personal information to carry out their functions. This includes receiving cyber incident reports from individuals and organisations, then triaging, analysing, referring and responding to those incidents.
Our vision and functional areas
Collection, storage and use
Using this website
You can use the NCSC and Own Your Online websites without disclosing any personal information, except for what’s collected through cookies (see Statistical information and cookies).
Disclosing personal information voluntarily
You may choose to voluntarily provide personal information to the NCSC or Own Your Online, for example to report an incident or provide feedback.
You may also report incidents anonymously (see Collection of personal information). You aren’t required by law to provide the NCSC or Own Your Online with personal information, but it may be necessary for the NCSC to help you with an incident.
Collection of personal information
The NCSC and Own Your Online may ask you to provide personal information if you fill out an online form on our websites — for example, if you:
- use the Event Reporting Tool or a web form, or
- sign up for news or site updates.
Any personal information you choose to provide may be accessed by authorised staff, site administrators, and third-party contractors to the extent required to operate and improve the website.
If you choose not to provide personal information when reporting an incident, the NCSC and its partner agencies may not be able to take further action in relation to your incident. But the information you provide may still be used for statistical and reporting purposes — for example, collecting the incident type you report so the NCSC can better understand New Zealand’s cyber threats (see Use of personal information).
Holding of information
When you provide personal information, it will be held by the NCSC. It may be stored or accessed on behalf of NCSC by authorised third parties (such as third-party contractors) to the extent that is necessary — for example, to manage or maintain our sites and systems.
Information collected through the NCSC and Own Your Online websites is stored on secure, privately hosted servers which are domestically hosted, unless otherwise noted.
Restricted access to the NCSC’s incident management system may be provided to partner agencies where this is consistent with our ability to disclose the information to those agencies (see Disclosure of Information). We will store and keep it secure in accordance with the Privacy Act 2020. Agents will be subject to the NCSC’s information security and privacy requirements.
Your personal information may also be held by a relevant partner agency that deals with your incident (see Disclosure of information). It will be held in accordance with the Privacy Act 2020.
Disclosure of information
The NCSC may collect information about incidents that are more appropriately handled by other agencies and organisations ('partner agencies') in accordance with their statutory functions. The NCSC’s partner agencies include:
- New Zealand Police,
- Department of Internal Affairs,
- Department of Prime Minister and Cabinet, and
- Netsafe.
For more information about what our partner agencies do, visit our partners page.
We will share information (including associated personal information) about an incident with these partner agencies if you have provided consent. You will be asked for your consent when you use the NCSC Event Reporting Tool or web form.
The NCSC will not otherwise disclose personal information provided or collected unless you otherwise provide consent — for example, if we contact you to request consent to refer your incident to an appropriate agency — or as required or otherwise permitted by law.
Use of personal information
We generally only use personal information provided to us for the purpose you provided it. Examples of this might include:
- actioning or responding to the incident you reported,
- administering, evaluating and improving the site, or
- improving our services.
We may also use personal information provided to us for other reasons permitted under the Privacy Act 2020 (with your consent, for a directly related purpose, or where the law permits or requires it).
The NCSC uses information it collects about incidents, as well as information from other sources, to carry out its functions, which include situational awareness and reporting on trends and data sets. The NCSC aggregates the information it receives to analyse vulnerability and threats, and to identify and report on trends. This aggregated information is anonymised and doesn’t identify individuals. The NCSC may share aggregated, anonymised information and reports with its international counterparts.
Records and retention of personal information
The NCSC and Own Your Online will only retain personal information as long as it is required for the purposes for which the information may lawfully be used.
Public records
If any information you provide through the NCSC or Own Your Online websites is considered a public record (including personal information), it will be retained to the extent required by the Public Records Act 2005. The NCSC may also be required to disclose information:
- under the Official Information Act 1982,
- to a parliamentary select committee, or
- to parliament in response to a parliamentary question.
Call recording
As part of our commitment to providing the best possible service to our customers, we record all telephone calls answered in our contact centre. This helps us identify ways we can provide you with better service.
We record calls to:
- help train staff to improve the quality of our customer service and ensure the information we provide is consistent and accurate,
- find ways we can make our service simpler and easier for you, and
- ensure we have an accurate record of your call, which may be needed to support any transactions made over the phone and/or to help resolve any disputes.
We understand your personal information is important to you, and we are committed to protecting your privacy. We store the recordings securely for two years and destroy them after this period.
Unless we have lawful reason for withholding this information, it will be made available if you request access to a transcript of your call by emailing information@gcsb.govt.nz.
Rights of access and correction
You have the right to:
- ask if we hold personal information about you,
- access that information, and
- if applicable, request corrections to that information.
If the NCSC has a good reason for refusing a request for correction, you are entitled to request that a statement of correction be attached to the uncorrected personal information.
If you want to check personal information that we hold, please email information@gcsb.govt.nz.
For more information on the privacy laws in New Zealand and contact details for the Office of the Privacy Commissioner, please visit their website.
Privacy Commissioner External Link
Statistical information and cookies
Statistical information
We may collect statistical information about your visit to help us improve this site. This information is aggregated and anonymous. It includes:
- your IP address,
- the search terms you used,
- the pages you accessed on our site and the links you clicked on,
- the documents you downloaded from our site,
- the date and time you visited the site,
- the referring site (if any) through which you clicked through to this site,
- the device you used to access the site,
- your operating system (for example, Windows 11 or Mac OS Ventura),
- the type of web browser you use (for example, Chrome, Microsoft Edge, or Safari), and
- other incidental matters such as screen resolution and the browser language settings.
The statistical information referred to above will be accessible by site administrators and certain other staff at the NCSC. It may also be shared with other government agencies.
Cookies
Browser or web cookies are small text files that are sent by a website and stored on your computer's hard drive. Cookies are generally used to improve your experience of a website (for example, by remembering preferences you have set) and to track site usage.
We use tracking cookies with the Matomo web analytics tool to analyse non-identifiable web traffic data to improve our services.
This data is aggregated and cannot personally identify you. If you prefer, you can opt out of the Matomo tracking cookies we use without affecting your ability to use our site. Our web analytics will also respect any “do not track” setting that you might have set on your browser.
You can chose to opt out of Matomo analytics.
Opt out of Matomo External Link
Security
The NCSC and Own Your Online websites have security measures in place to prevent the loss, misuse and alteration of information under our control.
To maintain the cyber security of the NCSC systems and information, the NCSC systems are subject to ongoing monitoring (including activity logging), analysis and auditing. We may use information about your use of our websites and other IT systems to prevent unauthorised access or attacks on these systems or to resolve such events. We may use this information even if you’re not involved in such activity.
The NCSC may use services from one or more third-party suppliers to monitor or maintain the cyber security of its systems and information. These third-party suppliers will have access to monitoring and logging information as well as information processed on the NCSC and Own Your Online websites and other IT systems.
Commercially sensitive information
Disclosure of information
We may collect information through the NCSC and Own Your Online websites about incidents which should more appropriately be handled by other agencies and organisations ('partner agencies') in accordance with their statutory functions. NCSC’s partner agencies are:
- New Zealand Police
- Department of Internal Affairs
- Department of Prime Minister and Cabinet, and
- Netsafe.
For more information about what our partner agencies do, visit our partners page.
We will share information (including associated commercially sensitive information) about an incident with these partner agencies if you have provided consent. You will be asked for your consent when you use the NCSC Event Reporting Tool or web form.
The NCSC will not otherwise disclose commercially sensitive information provided or collected unless you otherwise provide consent — for example, if we contact you to request consent to refer your incident to an appropriate agency — or as required or otherwise permitted by law.
Your authorisation to disclose information
If you are reporting on behalf of an organisation, you should be authorised by the organisation to provide information to the NCSC and to authorise sharing of information (including associated commercially sensitive information) with other agencies.
Official Information Act 1982 (OIA)
You should be aware that information you submit through official processes may be subject to an OIA request and could be supplied to a requestor. If supplied, we’ll remove any details necessary to protect individual privacy, commercially sensitive information, or other details not appropriate for public release, as set out in the Act.
Official information includes anything the NCSC has created or holds, or anything held on our behalf by another organisation or person. This includes information submitted to us by our users and customers.
The purpose of the OIA is to:
- make official information more freely available,
- give people access to official information about themselves,
- protect official information when it’s in the public interest or needed to preserve personal privacy, and
- set out procedures for how official information is managed and shared.
Social media transparency
This transparency statement outlines how the National Cyber Security Centre (NCSC) uses and manages its social media accounts.
Social media use
The NCSC has a presence on:
Staff at the NCSC use our social media accounts to share our latest information, reports, insights and guidance.
Content we publish may include, but is not limited to:
We may follow or like content from a particular person or organisation relevant to the NCSC. This doesn’t mean the NCSC endorses them or their views, or guarantees the accuracy of their information.
Posts by others that tag or link to the NCSC are the responsibility of that person or organisation.
Engagement
We welcome feedback and engagement. We may interact with content, including any private or direct messages, at our discretion and in a respectful, neutral and factual way.
When staff post in an official capacity, they will identify themselves along with their position within the organisation, and state that they are representing the NCSC. At times, NCSC employees may engage on social media and other online channels in a personal capacity. Any opinions or views expressed in their personal capacity belong to the individual staff member.
Monitoring
While we appreciate differing viewpoints may be expressed, we reserve the right to moderate or remove content when appropriate. This includes content that:
We may report or block users who post such content or breach the terms of the social media platform.
Privacy
If you choose to voluntarily provide personal information through our social media accounts, this information may be seen by NCSC staff and account administrators. Any information provided to us will be collected, used, stored and kept secure in accordance with our Privacy Statement.
Copyright
The material we publish on our social media accounts is protected by Crown copyright, unless otherwise indicated. Our content may include links to other websites or information that is the copyright of third parties, and subject to restrictions regarding use or reproduction. We can’t grant you permission to use this material.
Contact us
If you have any questions or comments, send us a message on social media or email us at socialmedia@ncsc.govt.nz. We will get back to you as soon as we can.