Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Notifiable privacy breaches and compliance notices - Notifiable privacy breaches

118: Offence to fail to notify Commissioner

You could also call this:

“You can be fined for not reporting a serious privacy breach to the Commissioner”

If you don’t tell the Privacy Commissioner about a serious privacy breach, you can get in trouble. This is called an offence. If you are found guilty, you might have to pay up to $10,000.

Even if you try to fix the privacy breach, you can still be charged with this offence. This means that just trying to solve the problem isn’t enough to avoid getting in trouble.

However, you have a way to defend yourself if you’re charged. If you honestly thought the privacy breach wasn’t serious enough to report, and it was reasonable for you to think that, you won’t be found guilty. But remember, your reason for not reporting must make sense to others.

The rules for telling the Privacy Commissioner about serious privacy breaches are explained in section 114 of this law. It’s important to follow these rules to avoid getting into trouble.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23508.

Topics:
Rights and equality > Privacy
Crime and justice > Criminal law
Previous

117: Requirements for notification, or

“How to notify the Privacy Commissioner about a privacy breach”

Next

119: Section 211 does not apply to processes and proceedings relating to failure to notify notifiable privacy breach, or

“Organisations, not individuals, are responsible for failing to report privacy breaches”

Part 6 Notifiable privacy breaches and compliance notices
Notifiable privacy breaches

118Offence to fail to notify Commissioner

  1. An agency that, without reasonable excuse, fails to notify the Commissioner of a notifiable privacy breach under section 114 commits an offence and is liable on conviction to a fine not exceeding $10,000.

  2. It is not a defence to a charge under this section that the agency has taken steps to address the privacy breach.

  3. It is a defence to a charge under this section that the agency did not consider the privacy breach to be a notifiable privacy breach, but only if it was reasonable to do so in the circumstances.