Plain language law

New Zealand law explained for everyone

Privacy Act 2020

Notifiable privacy breaches and compliance notices - Notifiable privacy breaches

119: Section 211 does not apply to processes and proceedings relating to failure to notify notifiable privacy breach

You could also call this:

“Organisations, not individuals, are responsible for failing to report privacy breaches”

When an organisation fails to notify someone about a privacy breach that should have been reported, special rules apply. Section 211 of the Privacy Act 2020 usually makes employers, bosses, and agencies responsible for what their workers do. But this rule doesn’t apply when it comes to privacy breach notifications. If there’s a problem with notifying people about a privacy breach, the organisation itself, not the boss or employer, is responsible. This applies to the processes and proceedings related to the requirements in sections 114 and 115 of the Act, which talk about notifying privacy breaches.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS288540.

Topics:

Rights and equality > Privacy

118: Offence to fail to notify Commissioner, or

“You can be fined for not reporting a serious privacy breach to the Commissioner”

120: Liability for actions of officers, employees, agents, and members of agencies, or

“Organisations are responsible for privacy breaches by their staff or agents”

Part 6 Notifiable privacy breaches and compliance notices
Notifiable privacy breaches

119Section 211 does not apply to processes and proceedings relating to failure to notify notifiable privacy breach

Section 211 (which refers to the liability of employers, principals, and agencies) does not apply to processes or proceedings under this Act relating to the obligations under section 114 or 115.