Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Regulatory and enforcement matters - Civil liability - Defences

91: Defence for providing data in compliance or purported compliance with this Act

You could also call this:

“Protection for sharing customer information when you think you're following the law”

If someone sues you for sharing customer information, you have a way to defend yourself. This applies if you’re a data holder and someone claims you’ve broken their trust, breached a contract, or violated their privacy by sharing their data.

You can defend yourself if you can prove two things. First, you shared the data because you thought you had to follow sections 14 or 15 of this law. Second, you acted in good faith when you shared the data.

If you thought you had to share the data but actually didn’t need to, you need to show that you took reasonable care to avoid breaking the law.

This defence doesn’t protect you from other consequences if you break sections 14 or 15 or any other part of this law. It only helps you if someone sues you for sharing their data.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS1001709.

Topics:
Rights and equality > Privacy Money and consumer rights > Consumer protection
Previous

90: Defence for contraventions due to technical fault, or

"You can defend yourself if a computer problem causes you to break data rules"

Next

92: Jurisdiction of High Court, or

"The High Court can make important decisions and review appeals about this law"

Part 4 Regulatory and enforcement matters
Civil liability: Defences

91Defence for providing data in compliance or purported compliance with this Act

  1. This section applies to a claim against a data holder (A) at common law or in equity, or under subpart 3 of Part 5 of the Privacy Act 2020, that is based on A providing customer data to any other person (for example, a claim for breach of confidence, a breach of a contract, or a breach of trust).

  2. It is a defence if A proves that—

  3. A provided the customer data in compliance, or purported compliance, with section 14 or 15; and
    1. in providing the customer data,—
      1. A was acting in good faith; and
        1. if this subparagraph applies, A took reasonable precautions and exercised due diligence to avoid a contravention of this Act.

        2. Subsection (2)(b)(ii) applies if—

        3. A provided the customer data in purported compliance with section 14 or 15; but
          1. A did not have a duty to provide the customer data under either of those sections.

            1. This section does not limit any liability, or other consequences, under this Act for a contravention of section 14 or 15 or any other provision of this Act.