Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Regulatory and enforcement matters - Civil liability - Defences

89: General defences for person in contravention

You could also call this:

“Ways to defend yourself if you accidentally break a rule in this law”

If you break a rule in this law, you might not get in trouble if you can prove certain things. You can defend yourself if you show that you trusted information given to you by someone else, and it was reasonable for you to trust them. You can also defend yourself if you can show two things: first, that you broke the rule because of something someone else did, or because of an accident, or because of something you couldn’t control. Second, you need to show that you tried hard to follow the rules and took sensible steps to avoid breaking them.

When we talk about ‘someone else’ in these defences, we don’t mean your boss, your workers, or anyone acting for you. They still count as part of you.

There’s a special case where you can’t use the second defence. This is when you break rules about keeping data reliable and available. These are rules set out in section 27 and section 28 of this law.

The law also explains that ‘CPD reliability and availability requirement’ means any rules about keeping data reliable and available that are written in the regulations or standards for this law.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS944562.

Topics:
Money and consumer rights > Consumer protection Business > Industry rules Business > Fair trading Rights and equality > Privacy
Previous

88: No pecuniary penalty and criminal penalty for same conduct, or

"You won't be fined and put in jail for the same mistake"

Next

90: Defence for contraventions due to technical fault, or

"You can defend yourself if a computer problem causes you to break data rules"

Part 4 Regulatory and enforcement matters
Civil liability: Defences

89General defences for person in contravention

  1. In any proceeding under this subpart against a person (A) for a contravention of a civil liability provision, it is a defence if A proves that—

  2. A’s contravention was due to reasonable reliance on information supplied by another person; or
    1. both of the following apply:
      1. A’s contravention was due to the act or default of another person, or to an accident or to some other cause beyond A’s control; and
        1. A took reasonable precautions and exercised due diligence to avoid the contravention.

        2. For the purposes of subsection (1)(a) and (b), another person does not include a director, an employee, or an agent of A.

        3. Subsection (1)(b) does not apply to a contravention of—

        4. section 27; or
          1. section 28 to the extent that it requires a data holder to comply with a CPD reliability and availability requirement.

            1. In this section and section 90, CPD reliability and availability requirement means a requirement that is prescribed by the regulations or standards in connection with reliability or availability (or both) and that is specified by those regulations or standards for the purposes of this section.