Plain language law

New Zealand law explained for everyone

121: Knowledge of officers, employees, agents, and members of agencies to be treated as knowledge of employers, principal agencies, and agencies
or “Organisations are responsible for privacy breaches known to their staff or agents”

You could also call this:

“Sharing agency names for serious privacy breaches”

The Commissioner can share the name of an agency that has told them about a serious privacy breach. This can happen if the agency agrees to it or if the Commissioner thinks it’s important for the public to know. Even if the Commissioner doesn’t name the agency, they can still tell people about privacy breaches without saying who was involved. This helps everyone understand how often these breaches happen and what they’re like.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

Next up: 123: Compliance notices

or “The Privacy Commissioner can issue notices if they believe you've breached privacy rules”

Home
Privacy Act 2020
Notifiable privacy breaches and compliance notices
122: Publication of identity of agencies in certain circumstances

Part 6 Notifiable privacy breaches and compliance notices
Notifiable privacy breaches

122Publication of identity of agencies in certain circumstances

The Commissioner may publish the identity of an agency that has notified the Commissioner of a notifiable privacy breach if—
the agency consents to publication; or
the Commissioner is satisfied that it is in the public interest to do so.

This section does not prevent the publication of details of any notifiable privacy breach in a form in which the agency or any affected individual is not identified and for the purpose of informing the public about the extent and nature of privacy breaches.