Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulatory and enforcement matters - Civil liability - Defences

92: Defence for contraventions due to technical fault

You could also call this:

“What happens if a technical problem causes a company to break data rules?”

This part of the proposed law explains when a data holder can defend themselves if they break certain rules because of a technical problem.

The law would say that if you’re a data holder and you break one of the listed rules, you can defend yourself if you can prove three things:

Firstly, you broke the rule because there was a technical problem with your electronic system.

Secondly, you took reasonable steps to try to avoid breaking the rule.

Thirdly, you’re following the rules about keeping your system reliable and available.

The rules this defence applies to are about providing data, doing certain actions, confirming authorisation, and checking the identity of people who make requests.

Remember, this is not the current law, but a proposed change to the law that might happen in the future.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS944564.

Previous

91: General defences for person in contravention, or

“Ways to defend yourself if you're accused of breaking a rule in the Customer and Product Data Bill”

Next

93: Jurisdiction of High Court, or

“The High Court can make decisions and review appeals about this new law”

Part 4 Regulatory and enforcement matters
Civil liability: Defences

92Defence for contraventions due to technical fault

  1. In any proceeding under this subpart against a data holder (A) for a contravention of any of the provisions listed in subsection (2), it is a defence if A proves that—

  2. A’s contravention was due to a technical fault in its electronic system referred to in section 27; and
    1. A took reasonable precautions and exercised due diligence to avoid the contravention; and
      1. A is in compliance with section 27 and the CPD reliability and availability requirements (see section 91(4)).

        1. The provisions are as follows:

        2. sections 14, 15, 18, 19, and 22 (duties for data holder to provide data or perform actions):
          1. section 38(2) (duty for data holder to confirm authorisation):
            1. section 44(2) (duty for data holder to verify identity of person who makes a request).