Dead People, Living Privacy Problems

In both New Zealand and Australia, it is often assumed that privacy ends when life does. The Privacy Acts in New Zealand and Australia are both primarily concerned with information about living individuals. Once a person dies, the rights of access and correction no longer exist along with other obligations under the respective Privacy Act. But stopping the analysis there misses most of what actually matters in practice, individuals.

Information about a deceased person does not suddenly become open for public sharing. Across both jurisdictions, long-standing duties of confidentiality continue to operate after death. In healthcare, legal practice, and financial services, professionals remain bound by obligations that do not expire on the death of the individual. A doctor is still expected to keep a patient’s medical information confidential; a lawyer does not gain freedom to disclose client communications. These duties arise from common law, professional standards, and contractual relationships, and they form a significant part of the legal landscape governing post-death information.

In New Zealand, personal information covered by the Privacy Act includes information maintained by the Registrar-General of Births, Deaths and Marriages related to deceased individuals. This information is governed by the Births, Deaths, Marriages, and Relationships Registration Act 2021, which sets out controlled access to records such as death certificates. Australia takes a similar approach through its state and territory registries of births, deaths and marriages, each operating under its own legislation to regulate how death records are created and accessed. In both countries, then, official death information sits within a defined access framework rather than a privacy vacuum.

The more complicated, and more consequential issue, is that information about someone who has died is very often also information about someone else who is still alive. For example, a deceased person’s medical file may reveal hereditary conditions affecting living family members. Estate documents identify beneficiaries and disclose financial or personal details. Correspondence, reports, and case files frequently contain the names and circumstances of multiple individuals. To the extent that this information relates to identifiable living people, it remains “personal information” under both New Zealand and Australian Privacy Acts, and the relevant privacy principles continue to apply.

This overlap means organisations cannot treat “deceased information” as a single, unprotected category. Each request in relation to this information requires a careful assessment of what the information actually contains and who it is really about. Even where the subject of the record has died, disclosure may still interfere with the privacy of others. In practice, this often leads to partial releases, redactions, or refusals where necessary to protect living individuals. The consideration is not simply whether the person is deceased, but whether the information, in context, engages the privacy interests of those who are not.

What emerges across New Zealand and Australia is not a bright-line rule but a shift in emphasis. The death of an individual removes the direct application of privacy statutes to that person, but it does not strip the information of legal or ethical significance. Instead, the focus moves to the surrounding context: continuing duties of confidence, specific statutory controls over official records, and most importantly the privacy rights of living individuals whose information remains intertwined.