If you’re an agency, you need to tell the Privacy Commissioner right away when you find out about a big privacy problem. This is called a notifiable privacy breach. You should let the Commissioner know as soon as you can after you realise it has happened.
This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.
View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23503.
113: Assessment of likelihood of serious harm being caused by privacy breach, or
“Deciding if a privacy breach is serious enough to report”
115: Agency to notify affected individual or give public notice of notifiable privacy breach, or
“Organisations must inform people or publicly announce serious privacy breaches”
An agency must notify the Commissioner as soon as practicable after becoming aware that a notifiable privacy breach has occurred.
