Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Notifiable privacy breaches and compliance notices - Compliance notices

123: Compliance notices

You could also call this:

“The Privacy Commissioner can issue notices if they believe you've breached privacy rules”

The Commissioner can give you a compliance notice if they think you might have broken the Privacy Act or done something that goes against privacy rules. This can include things like breaching the Act, doing something that’s considered a breach of privacy principles, or breaking a code of practice.

The Commissioner doesn’t have to check if anyone was harmed before giving you a notice. They also don’t have to try other ways to deal with the problem first. They can give you a notice at any time, even while they’re using other methods to address the issue.

For example, the Commissioner might give you a compliance notice while they’re also looking into a complaint about the same problem. This means they can use multiple ways to handle a privacy breach at the same time.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS23511.

Topics:
Rights and equality > Privacy
Previous

122: Publication of identity of agencies in certain circumstances, or

“Sharing agency names for serious privacy breaches”

Next

124: Issuing compliance notice, or

“Commissioner's process for issuing a compliance notice to agencies”

Part 6 Notifiable privacy breaches and compliance notices
Compliance notices

123Compliance notices

  1. The Commissioner may issue a compliance notice to an agency if the Commissioner considers that 1 or more of the following may have occurred:

  2. a breach of this Act, including an action listed in section 69(2)(a):
    1. an action that is to be treated as a breach of an IPP or an interference with the privacy of an individual under another Act:
      1. a breach of a code of practice issued under this Act or a code of conduct (or similar) issued under another Act (if a complaint about a breach of the code can be the subject of a complaint under Part 5 of this Act).

        1. Before issuing a compliance notice, the Commissioner may, but is not required to,—

        2. assess whether any person has suffered harm (for example, the types of harm listed in section 69(2)(b)):
          1. use other means under this Act or another Act for dealing with the breach.

            1. A compliance notice may be issued at any time, including concurrently with the use of any other means for dealing with the breach.

              Example

              The Commissioner issues a compliance notice while dealing with the same breach as a complaint under Part 5.