Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Protections - Privacy Act 2020

53: Certain contraventions relating to storage and security treated as breaching information privacy principle 5

You could also call this:

“Breaking rules for keeping personal information safe is treated as a privacy breach”

This proposed law says that if you hold personal information about someone else, you need to be extra careful with it. If you don’t follow the rules about keeping this information safe and secure, it will be treated as if you’ve broken an important privacy rule.

The law talks about something called “CPD storage and security requirements”. These are special rules about how to look after people’s information. They include things like:

  • Making sure the information doesn’t get lost
  • Making sure only the right people can see, use, or change the information
  • Protecting the information from being misused in any other way

If you don’t follow these rules, it’s the same as breaking Privacy Principle 5. This is a rule in another law called the Privacy Act 2020. Breaking this rule can get you into trouble.

Remember, this is just a proposed law right now. It’s not the actual law yet, but it might become law in the future.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS851540.

Previous

52: Access request not IPP 6 request but contravention is interference with privacy, or

“Breaking the rules when giving you your data can be treated like a privacy problem”

Next

54: Chief executive may require person to supply information or produce documents, or

“The boss can ask you for information or papers to help with their job”

Part 3 Protections
Privacy Act 2020

53Certain contraventions relating to storage and security treated as breaching information privacy principle 5

  1. If, in relation to any personal information, a data holder contravenes a CPD storage and security requirement, the data holder must be treated as breaching information privacy principle 5 set out in section 22 of the Privacy Act 2020 for the purposes of Parts 5 and 6 of that Act.

  2. In this section, CPD storage and security requirement means any of the following:

  3. section 38(3) or 44(2):
    1. a requirement that is imposed under this Act in connection with 1 or more of the following and that is specified by the regulations for the purposes of this section:
      1. protecting data against loss:
        1. protecting data against access, use, modification, or disclosure that is not authorised by the data holder or an accredited requestor:
          1. protecting data against other misuse.