Compliance Guide — New Zealand
Employee Monitoring Laws in New Zealand: Privacy Act 2020 and Employer Obligations
New Zealand's Privacy Act 2020 — administered by the Office of the Privacy Commissioner (OPC) — governs employee monitoring through 13 Information Privacy Principles that regulate how employers collect, store, use, and disclose employee data. Combined with good faith obligations under the Employment Relations Act 2000, New Zealand gives employees meaningful privacy rights in the workplace. This guide explains every compliance obligation for 2026.
Used by 1,000+ companies. Configurable for New Zealand legal requirements.
Legal Disclaimer
This guide provides general information about New Zealand employee monitoring law for educational purposes only. It does not constitute legal advice and does not create a solicitor-client relationship. New Zealand employment law continues to evolve through Employment Relations Authority determinations and OPC published guidance. Employers should consult a New Zealand employment lawyer and review the OPC's current guidance before deploying or modifying monitoring systems.
The New Zealand Privacy Framework: Why the 2020 Act Changed the Rules for Employers
New Zealand's Privacy Act 2020 replaced the 1993 Act with substantially strengthened enforcement powers, mandatory breach notification, and modernized privacy principles better suited to the digital monitoring tools employers now commonly deploy. Where the 1993 Act was largely complaint-driven with limited penalties, the 2020 Act introduced proactive compliance obligations and fines of up to NZD $10,000 for specific offences.
For employers, the 2020 Act's most significant changes are: the introduction of mandatory breach notification (Sections 112-120), the elevated compliance notice regime with criminal penalties for non-compliance, and the extension of the Human Rights Review Tribunal's jurisdiction to award damages up to NZD $350,000 for serious privacy interference. The OPC's 2024 guidance on workplace monitoring — updated to address remote work monitoring tools deployed since 2020 — is the authoritative starting point for any New Zealand compliance review.
Four Laws That Apply to New Zealand Employee Monitoring
- Privacy Act 2020: The primary statute. 13 Information Privacy Principles govern collection, storage, access, use, and disclosure of employee personal information. The OPC administers and enforces.
- Employment Relations Act 2000: Good faith obligations apply to every employment relationship. Monitoring that misleads, deceives, or undermines the employment relationship can ground personal grievance claims in the Employment Relations Authority.
- Human Rights Act 1993: Prohibits employment discrimination on 13 protected grounds. Monitoring programs must be applied consistently and cannot function as a mechanism for targeting employees on protected characteristics.
- Telecommunications (Interception Capability and Security) Act 2013: Governs interception of private communications. Business communications on company systems fall under general Privacy Act principles, but employers must be cautious about monitoring personal communications even when transmitted over company infrastructure.
The 13 Information Privacy Principles: Which Ones Apply to Employee Monitoring?
The Privacy Act 2020's 13 Information Privacy Principles (IPPs) set rules for every stage of the personal information lifecycle. For employee monitoring, five principles create the primary compliance framework. The remaining principles govern storage security, correction rights, unique identifiers, and transborder flows — all of which apply but represent secondary compliance considerations.
IPP 1: Purpose Limitation — Why Are You Monitoring?
IPP 1 requires that personal information is collected only for a lawful purpose connected with the employer's functions or activities, and only if collection is necessary for that purpose. In the monitoring context, this means every data point collected must map to a documented, legitimate business purpose: payroll accuracy, IT security, performance evaluation, compliance with industry regulations, or productivity analytics for workforce planning.
Collecting monitoring data "in case it is useful" or for unspecified future investigations does not satisfy IPP 1. The OPC has clarified that broad, open-ended monitoring — particularly continuous activity logging that captures everything employees do with no defined purpose — fails the necessity test even when employees have been notified. The purpose must be specific, not merely plausible.
IPP 3: Direct Collection — Notify Before You Collect
IPP 3 requires employers to collect personal information directly from the individual where reasonably practicable. In the monitoring context, this creates an obligation to tell employees about monitoring in advance — before collection begins — so that the employee is, in effect, the source of their own consent to the monitoring arrangement.
The OPC interprets "directly from the employee" in monitoring contexts to mean that disclosure of monitoring must occur before monitoring starts. An employment agreement clause, an acceptable use policy, or a standalone monitoring policy that employees sign before commencing work — each satisfies IPP 3. Monitoring that begins and only later is disclosed to employees fails this principle regardless of whether the data has been accessed.
IPP 4: Lawful Collection — The Disclosure Requirement
IPP 4 requires that personal information is collected by lawful means and not in a way that is "unfair or unreasonably intrusive." The OPC's guidance treats undisclosed monitoring as inherently unfair, and covert monitoring as presumptively unreasonably intrusive unless the employer can satisfy the exceptional circumstances test.
For email and internet monitoring, IPP 4 compliance means: the employment agreement or acceptable use policy must state that email and internet use may be monitored; the policy must explain the scope (what is captured, how it is stored, who accesses it); and the policy must be written in clear language accessible to non-legal readers. Burying monitoring disclosure in lengthy terms and conditions with no specific employee acknowledgment is a known risk area.
IPP 8: Purpose Consistency — No Secondary Uses
IPP 8 prohibits using personal information for a purpose other than the one for which it was collected, unless an exception applies. This is the provision most commonly implicated when employers use monitoring data collected for IT security purposes in disciplinary proceedings, or use productivity software data originally framed as a team efficiency tool to build an individual performance case.
The rule is straightforward: if IT access logs were collected for the stated purpose of network security, they cannot be repurposed to show that an employee was browsing non-work sites as the basis for discipline — not without a separate lawful basis for that secondary use. Employers should define the specific purposes for each monitoring tool and document that secondary use decisions have been assessed against IPP 8 before proceeding.
IPP 11: Disclosure Controls — Who Can See Monitoring Data?
IPP 11 restricts disclosure of personal information to authorized parties. In the monitoring context, this means monitoring data must not be shared with unauthorized colleagues, external parties, or other organizations without a lawful basis. Sharing individual employee activity logs with a client organization, for example, or providing screenshots to a third-party HR consultant without appropriate agreements in place, creates IPP 11 risk. Role-based access controls within monitoring software — restricting data access to the employee's direct manager and HR — are the practical implementation of IPP 11.
Good Faith and the Employment Relations Act: The Hidden Monitoring Risk New Zealand Employers Miss
Many New Zealand employers focus on Privacy Act compliance and overlook the separate monitoring risk under the Employment Relations Act 2000 (ERA). Section 4 of the ERA implies a duty of good faith into every employment agreement. Good faith is not just an ethical guideline — it is a statutory obligation that courts and the Employment Relations Authority (ERA) interpret broadly.
What Good Faith Requires of Monitoring Employers
The ERA's good faith obligation requires employers to be "active and constructive in maintaining a productive employment relationship" and to be "responsive and communicative." In the monitoring context, Employment Relations Authority determinations have identified several monitoring practices as potential good faith breaches:
- Covert monitoring used as a disciplinary tool: Using secretly collected monitoring data to discipline or dismiss an employee — without having disclosed the monitoring — undermines the transparency that good faith requires, even if the underlying conduct was genuinely problematic.
- Monitoring used selectively: Applying monitoring tools to specific employees believed to be performing poorly, without applying the same tools consistently, can be characterized as constructive bad faith — effectively building a dismissal case through targeted surveillance.
- Excessive monitoring creating a hostile environment: Monitoring so intensive that it creates unreasonable workplace stress can constitute conduct that damages the employment relationship, potentially supporting a constructive dismissal claim.
A 2023 Employment Relations Authority determination found that an Auckland employer who monitored a remote employee's screen every five minutes after performance concerns arose — without informing the employee and without adjusting the employment agreement — had breached the good faith obligation. The Authority awarded NZD $8,500 in compensation independent of the Privacy Act complaint. This dual exposure — ERA and Privacy Act simultaneously — is the defining compliance risk for New Zealand employers implementing monitoring in 2026.
Covert Monitoring in New Zealand: When Is It Actually Permitted?
The OPC's 2024 guidance draws a clear line between transparent monitoring — always permitted with proper disclosure — and covert monitoring, which carries a heavy presumption of unlawfulness. Understanding this distinction matters because many monitoring tools are technically capable of silent operation, and the temptation to deploy them covertly during investigations is significant.
The Exceptional Circumstances Test
Covert monitoring is only lawful in New Zealand when the employer can satisfy all of the following:
- Credible, documented suspicion of serious conduct: Not a hunch or a general performance concern, but a documented basis for believing a specific, serious breach of employment obligations or criminal activity is occurring.
- Transparent monitoring would compromise the investigation: The employer must be able to articulate why informing the employee of monitoring would defeat the purpose — for example, alerting an employee suspected of data theft would allow them to cover their tracks.
- Time-limited and targeted: Covert monitoring must be limited to the specific activity under investigation, not a general expansion of monitoring scope. A suspicion about financial fraud does not justify covert monitoring of all communications.
- Reviewed promptly: If the covert monitoring does not produce evidence of the suspected conduct within a defined period, it must stop. Open-ended covert monitoring for speculative purposes fails the exceptional circumstances test regardless of the initial justification.
What Covert Monitoring Can Never Be Used For
The OPC is unequivocal: covert monitoring is never lawful as a routine tool for productivity assessment, attendance verification, or general performance management. These are transparent monitoring functions. Using covert tools for these purposes violates IPPs 3 and 4, breaches the good faith obligation under the ERA, and risks claims in both the Employment Relations Authority and the Human Rights Review Tribunal.
Specific Monitoring Activities: What OPC Guidance Says for 2026
The OPC's 2024 updated workplace monitoring guidance addresses seven specific monitoring modalities. Here is how each one maps to the IPP framework and what disclosure is required.
Email and Internet Monitoring
Monitoring work email and internet use on company systems is permitted when disclosed in the employment agreement or acceptable use policy before collection begins. The OPC considers periodic review of aggregate usage data — total time on non-work sites, volume of outbound emails — more proportionate than continuous content scanning of every message. Targeted content review in response to a specific flagged concern is permissible; continuous content scanning of all employees is harder to justify under IPP 1's necessity test. Personal communications transmitted via company systems occupy a gray area: the OPC recommends employers state explicitly in policy whether personal use is permitted and what monitoring will apply to personal communications.
Screen Monitoring and Screenshots
Screenshot capture tools must be disclosed in employment agreements or monitoring policies. Continuous screen recording is treated by the OPC as higher-intensity monitoring that requires stronger business justification — it is more defensible in roles processing confidential client data, handling financial transactions, or operating in regulated industries than in general knowledge work. The frequency of capture, storage period, and who has access to screenshots must all be specified in the policy. Employees must be able to access their own screenshot data on request under IPP 6.
Activity and Productivity Monitoring
Keystroke and mouse activity logging, application usage tracking, and productivity scoring are all permitted when disclosed. The OPC's guidance notes that employees should understand specifically that activity-level data is collected — disclosure of "monitoring" in general terms without specifying that keystroke patterns or per-application usage is captured may not satisfy IPP 3's notice requirement. Employers should name the monitoring software in the policy and describe its data collection capabilities in plain language.
Location Tracking
Location tracking during work hours for operational purposes — fleet management, job site verification, field workforce scheduling — is lawful when employees are given advance notice. The OPC states that tracking must stop at the end of the work day and must not extend to tracking during personal time, unless the employee has given voluntary, genuine consent — which is difficult to establish in an employment context due to inherent power dynamics. GPS tracking of vehicles used for both work and personal purposes requires separate analysis and ideally a specific clause in the employment agreement addressing out-of-hours vehicle use.
CCTV in the Workplace
Workplace CCTV is generally lawful when it serves a security or safety purpose and employees are informed of camera locations. Signage in monitored areas is expected. CCTV covering break rooms, prayer rooms, or changing facilities is not permitted. Footage retention should be defined in policy — the OPC recommends the minimum period necessary for the security purpose, often 7-14 days for general workplace footage. Where CCTV footage is used in disciplinary proceedings, the employee has an IPP 6 right to access the relevant footage.
Remote Work Monitoring
The OPC's 2024 guidance specifically addresses remote and hybrid work monitoring, recognizing that tools deployed in home offices collect data from private residences. The guidance states that monitoring intensity appropriate for an office setting is not automatically appropriate for a home office — the home environment carries a higher reasonable expectation of privacy. Employers monitoring remote workers should: apply the same disclosure requirements as for in-office monitoring; avoid tools that capture the home environment (webcam monitoring is specifically flagged as high-risk); and apply a stricter proportionality assessment when deciding which monitoring tools are necessary for remote roles.
Mandatory Breach Notification: A Key 2020 Act Change Employers Must Understand
One of the most significant changes introduced by the Privacy Act 2020 is mandatory breach notification under Sections 112-120. Employers must notify the OPC — and affected individuals — of any privacy breach that poses a real risk of serious harm. In the monitoring context, this obligation is more frequently triggered than employers expect.
What Constitutes a Notifiable Breach for Monitoring Data?
A notifiable breach involving monitoring data arises when monitoring information is: accessed by unauthorized persons (a security breach allowing external access to activity logs or screenshots); accidentally disclosed to unauthorized parties (sending a team's screenshot report to the wrong manager); or when monitoring data is used in a way that was not disclosed to employees and causes material harm. The test is whether a reasonable person would consider the breach likely to cause serious harm to the employee.
The OPC has published guidance that screen captures, activity logs, and individual productivity scores are "personal information" for Privacy Act purposes, even when held in aggregate systems. A breach involving this data — however it occurs — must be assessed against the notifiable breach threshold. Failure to notify when notification is required is an offence carrying a fine of up to NZD $10,000 per instance.
Notification Timeline
The Privacy Act 2020 does not specify a hard deadline for breach notification, but requires notification "as soon as reasonably practicable" after the employer becomes aware of the breach. The OPC's guidance suggests 72 hours as a target for initial notification, with a more detailed report to follow. Employers must have a documented breach response plan that covers monitoring data — waiting until legal counsel is consulted before notifying often means the "as soon as reasonably practicable" standard has already been missed.
Practical Compliance Steps for New Zealand Employers in 2026
The following implementation pathway translates the legal framework into operational steps. Each step should be documented with dated evidence before monitoring begins or resumes after any material change.
Step 1: Update Employment Agreements
Every employment agreement should include a clear monitoring clause specifying: what monitoring tools are used, what data is collected, the business purpose served, who has access to monitoring data, and the retention period. Generic clauses referencing "monitoring" without specifics do not satisfy IPP 3's notice requirement. For existing employees, issuing a formal variation to employment agreements — with a reasonable consultation period — is required before deploying new monitoring tools.
Use eMonitor's employee monitoring policy template, which includes New Zealand-specific clauses drafted to align with OPC guidance, as a starting point. The template is not a substitute for legal review but significantly reduces the drafting effort.
Step 2: Publish a Standalone Monitoring Policy
In addition to the employment agreement clause, a detailed monitoring policy accessible to all employees serves multiple purposes: it provides the transparency required by IPPs 3 and 4, it demonstrates good faith under the ERA, and it gives employees a clear reference point for their own rights. The policy should be written in plain English, cover every monitoring tool currently in use, and include a process for employees to raise concerns or request access to their own data under IPP 6.
Step 3: Obtain Documented Acknowledgment
Both the monitoring employment agreement clause and the standalone policy should be acknowledged in writing by each employee. Use the eMonitor consent form template as a basis. While the Privacy Act 2020 does not require consent as a legal basis for monitoring (transparency and necessity are sufficient), documented acknowledgment significantly reduces the risk of successful employment claims asserting lack of notice.
Step 4: Implement Proportionate Monitoring Only
Audit the monitoring tools currently deployed against the IPP 1 necessity standard. For each tool, document: what specific business purpose it serves; why less intensive monitoring would not achieve that purpose; and what the data retention period is and why. Tools that cannot pass this audit should be disabled or restricted in scope. The OPC's proportionality standard is genuinely demanding — continuous keystroke logging for a back-office finance team requires stronger justification than for a role handling sensitive client data.
Step 5: Register CCTV If Applicable
The Privacy Act 2020 and OPC guidance on surveillance devices expects employers to document workplace CCTV systems, maintain records of where cameras are placed and their retention periods, and ensure signage is posted in all monitored areas. While New Zealand does not operate a formal CCTV registration system comparable to some jurisdictions, maintaining internal documentation of camera locations and purpose is evidence of good faith and proportionate compliance.
Step 6: Build a Breach Response Plan
Document the specific process your organization will follow if monitoring data is involved in a privacy breach. The plan should: identify who is responsible for initial breach assessment; define the "real risk of serious harm" threshold test your organization will apply; document the notification pathway to the OPC; and specify how affected employees will be notified. Run a tabletop exercise testing the plan at least annually.
For a cross-jurisdictional perspective, compare New Zealand's framework with Australian employee monitoring laws — which lack a national equivalent to the Privacy Act's systematic IPP framework — and the US state-by-state monitoring law guide. For the EU GDPR framework that New Zealand's Privacy Act was partially modeled on, see our GDPR compliance guide.
How eMonitor Aligns With New Zealand Privacy Act 2020 Requirements
eMonitor is built around the principle that monitoring should be transparent to the people being monitored — the same principle the OPC has made the cornerstone of its 2024 guidance. Here is how eMonitor features map to New Zealand IPP obligations.
| Privacy Act 2020 Requirement | eMonitor Feature | Compliance Function |
|---|---|---|
| IPP 1 — Purpose limitation | Module-by-module activation controls | Enable only the specific monitoring modules your documented purpose requires — disable the rest |
| IPP 3 — Direct collection / notice | Employee-facing transparency dashboard | Every employee sees their own monitored data in real time — no hidden collection |
| IPP 4 — Lawful, fair collection | Work-hours-only monitoring windows | Data collection activates only during configured work hours — no off-hours or personal time capture |
| IPP 5 — Storage security | Encrypted data storage, role-based access | Monitoring data encrypted at rest and in transit; only authorized roles access each data type |
| IPP 6 — Access by individuals | Self-service employee data access | Employees access their own activity data, screenshots, and time records on demand |
| IPP 8 — Purpose consistency | Data purpose tagging and audit logs | Data use is logged; secondary use decisions are traceable against original collection purpose |
| IPP 11 — Disclosure controls | Granular role-based access control | Define exactly which managers, HR roles, and admins can access which employees' data |
| Breach notification (Sections 112-120) | Security audit logs and access records | Comprehensive logs support breach investigation and OPC notification within required timeframe |
eMonitor's productivity monitoring, time tracking, and screen monitoring all operate transparently within employee-declared work hours. The employee dashboard gives every monitored employee real-time visibility into their own data — the clearest possible demonstration of IPP 3 compliance. At $3.50/user/month, full compliance does not require an enterprise budget.
Frequently Asked Questions: Employee Monitoring Laws in New Zealand
What law governs employee monitoring in New Zealand?
The primary law governing employee monitoring in New Zealand is the Privacy Act 2020, which replaced the Privacy Act 1993 and introduced 13 Information Privacy Principles (IPPs) regulating how employers collect, use, store, and disclose personal information. The Employment Relations Act 2000 also applies — monitoring that undermines the good faith obligation inherent in every New Zealand employment relationship may ground a personal grievance claim regardless of Privacy Act compliance.
Is employee monitoring legal in New Zealand?
Yes, employee monitoring is lawful in New Zealand when it is transparent, disclosed in employment agreements or monitoring policies, and proportionate to a legitimate business purpose. The Office of the Privacy Commissioner's 2024 guidance confirms that transparent monitoring — where employees are clearly informed — is generally permitted. Covert monitoring is only acceptable in exceptional circumstances such as credible suspicion of serious criminal activity; it is not lawful for routine performance assessment.
What are the 13 Information Privacy Principles and which apply to monitoring?
New Zealand's Privacy Act 2020 contains 13 Information Privacy Principles governing all stages of personal data handling. For employee monitoring, the five most relevant are: IPP 1 (collect only for a lawful, connected purpose), IPP 3 (collect directly from the employee, with notice), IPP 4 (collect by lawful means — disclose monitoring in advance), IPP 8 (use data only for the purpose collected), and IPP 11 (disclose only to authorized parties). Violations of any IPP can constitute an interference with privacy.
What does the good faith obligation mean for employee monitoring?
Under Section 4 of the Employment Relations Act 2000, every employment agreement contains an implied obligation of good faith. Employers must not act in ways that mislead or deceive employees. Covert monitoring used in disciplinary proceedings, monitoring applied selectively to underperforming employees only, and monitoring so intensive it creates workplace distress can all breach good faith — creating liability in the Employment Relations Authority separate from any Privacy Act complaint.
Can New Zealand employers conduct covert monitoring?
Covert monitoring is not routinely lawful. The OPC states it requires exceptional circumstances: a documented, credible suspicion of serious criminal conduct or significant misconduct that transparent monitoring would compromise. Even then, covert monitoring must be time-limited, targeted at the specific suspected activity, and reviewed promptly. Using covert monitoring for general performance oversight or productivity assessment violates IPPs 3 and 4 and likely breaches good faith under the Employment Relations Act.
What privacy rights do New Zealand employees have over monitoring data?
Under the Privacy Act 2020, employees have the right to access personal information held about them (IPP 6), request correction of inaccurate data (IPP 7), and complain to the Office of the Privacy Commissioner if they believe an employer has interfered with their privacy. The Human Rights Review Tribunal can award compensation up to NZD $350,000 for serious interference with privacy.
What are the fines for Privacy Act violations in New Zealand?
Failing to comply with a compliance notice issued by the Privacy Commissioner is an offence carrying a fine of up to NZD $10,000. The Human Rights Review Tribunal can award damages for privacy interference. The 2020 Act also introduced mandatory breach notification — failure to notify the OPC of a notifiable breach is itself an offence punishable by a fine up to NZD $10,000 per instance.
Does New Zealand law require employees to be notified before monitoring begins?
Yes. IPP 3 requires employers to collect information directly from employees where reasonably practicable, and IPP 4 requires collection by lawful means — interpreted by the OPC as requiring clear advance disclosure. Monitoring must be disclosed in the employment agreement, a monitoring policy, or both, before collection begins. Retroactive disclosure after monitoring has already occurred does not satisfy IPPs 3 or 4.
Can employers monitor employee emails and internet use in New Zealand?
Yes, with proper disclosure. New Zealand employers may monitor work email and internet use on company systems if disclosed in the employment agreement or an acceptable use policy that employees have acknowledged before collection begins. Monitoring must be proportionate: periodic review of aggregate data is more defensible than continuous content scanning. Content review of personal communications — even on work devices — requires specific justification and carries higher legal risk.
What are New Zealand's rules on employee location tracking?
Location tracking requires advance notice under IPPs 3 and 4 and must be limited to work hours. The OPC's guidance permits fleet management, job site verification, and field workforce tracking when disclosed. Tracking outside work hours is not permitted without genuine voluntary consent — which is difficult to establish in employment contexts. Tracking must not function punitively or create unreasonable workplace stress.
How does the Human Rights Act apply to employee monitoring?
The Human Rights Act 1993 prohibits employment discrimination on 13 protected grounds. Monitoring programs must be applied consistently and cannot selectively target employees on protected characteristics. If monitoring data is used disproportionately to discipline employees of a particular protected group, this can constitute unlawful discrimination under the Human Rights Act, compounding any Privacy Act violations with separate legal liability.
How does eMonitor help New Zealand employers comply with the Privacy Act 2020?
eMonitor operates transparently: every monitored employee sees their own data through a personal dashboard, satisfying IPP 3 and IPP 4 disclosure requirements. Data collection is limited to declared work hours, keeping monitoring proportionate and tied to the employment context. Configurable retention periods and role-based access controls align with IPP 5 and IPP 11. Contact our team for a New Zealand-specific configuration walkthrough.
Related Compliance Resources
Australia Monitoring Laws
Australia's Privacy Act, state surveillance legislation, and the Workplace Surveillance Act (NSW) explained.
Read guide →GDPR Employee Monitoring
The EU GDPR framework that partly inspired New Zealand's 2020 Privacy Act reform.
Read guide →US State Monitoring Laws
State-by-state guide to US employee monitoring requirements, from California to New York.
Read guide →See also: Employee Monitoring Policy Template · Employee Consent Form Template
Sources and Further Reading
- Privacy Act 2020 (NZ), New Zealand Legislation, legislation.govt.nz
- Employment Relations Act 2000 (NZ), New Zealand Legislation
- Human Rights Act 1993 (NZ), New Zealand Legislation
- Telecommunications (Interception Capability and Security) Act 2013 (NZ), New Zealand Legislation
- Office of the Privacy Commissioner, Workplace Monitoring Guidance (2024 update), privacy.org.nz
- Office of the Privacy Commissioner, Privacy Act 2020 Overview for Employers, privacy.org.nz
- Employment Relations Authority, Auckland determination on remote employee monitoring, 2023 (reference on file)
- Human Rights Review Tribunal, Information on damages awards for privacy interference, hrt.govt.nz
- European Data Protection Board, Guidelines 08/2020 on employee monitoring — comparative reference for Privacy Act 2020 drafting