Plain language law

New Zealand law explained for everyone

118: Offence to fail to notify Commissioner
or “You can be fined for not reporting a serious privacy breach to the Commissioner”

You could also call this:

“Organisations, not individuals, are responsible for failing to report privacy breaches”

When an organisation fails to notify someone about a privacy breach that should have been reported, special rules apply. Section 211 of the Privacy Act 2020 usually makes employers, bosses, and agencies responsible for what their workers do. But this rule doesn’t apply when it comes to privacy breach notifications. If there’s a problem with notifying people about a privacy breach, the organisation itself, not the boss or employer, is responsible. This applies to the processes and proceedings related to the requirements in sections 114 and 115 of the Act, which talk about notifying privacy breaches.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

Next up: 120: Liability for actions of officers, employees, agents, and members of agencies

or “Organisations are responsible for privacy breaches by their staff or agents”

Home
Privacy Act 2020
Notifiable privacy breaches and compliance notices
119: Section 211 does not apply to processes and proceedings relating to failure to notify notifiable privacy breach

Part 6 Notifiable privacy breaches and compliance notices
Notifiable privacy breaches

119Section 211 does not apply to processes and proceedings relating to failure to notify notifiable privacy breach

Section 211 (which refers to the liability of employers, principals, and agencies) does not apply to processes or proceedings under this Act relating to the obligations under section 114 or 115.