Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulatory and enforcement matters - Civil liability - Pecuniary penalty order

74: Maximum penalty (Tier 1)

You could also call this:

“The biggest fine for breaking some important data rules”

This new law proposes to set rules about how much money someone might have to pay if they break certain parts of the Customer and Product Data Bill. These parts are about how companies handle your data and who can ask for it.

If you’re a regular person and you break these rules, you might have to pay up to $500,000. But if it’s a company or some other group that breaks the rules, they might have to pay up to $2,500,000.

The rules that this applies to are:

  1. Companies must have a computer system to provide data services.
  2. Only customers, secondary users, or accredited requestors can ask for regulated data services.
  3. Companies must check the identity of anyone who asks for data.

Remember, this is just a proposed law, so it’s not in effect yet. It’s meant to make sure everyone follows the rules about handling customer data.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS910688.

Previous

73: When High Court may make pecuniary penalty order, or

“When the court can make you pay money for breaking rules”

Next

75: Maximum penalty (Tier 2), or

“The biggest fines for breaking customer data rules”

Part 4 Regulatory and enforcement matters
Civil liability: Pecuniary penalty order

74Maximum penalty (Tier 1)

  1. This section applies to a contravention, an attempted contravention, or an involvement in a contravention of any of the following:

  2. section 27 (data holder must operate electronic system for providing regulated data services):
    1. section 42 (only customer, secondary user, or accredited requestor may request regulated data services):
      1. section 44 (verification of identity of person who makes request).

        1. The maximum amount of a pecuniary penalty is—

        2. $500,000 for a contravention, an attempted contravention, or an involvement in a contravention by an individual; or
          1. $2,500,000 in any other case.