Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Regulatory and enforcement matters - Civil liability - Defences

90: Defence for contraventions due to technical fault

You could also call this:

“You can defend yourself if a computer problem causes you to break data rules”

If you are a data holder, you can defend yourself if you break certain rules because of a technical problem with your computer system. To use this defence, you need to show three things. First, the mistake happened because of a technical problem with your computer system. Second, you tried hard to stop the mistake from happening. Third, you are following the rules about keeping your computer system working well and available.

This defence can be used for several different rules. These include rules about giving data or doing certain actions, confirming that someone is allowed to do something, and checking who someone is when they ask for something.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS944564.

Topics:
Money and consumer rights > Consumer protection Business > Industry rules Rights and equality > Privacy
Previous

89: General defences for person in contravention, or

"Ways to defend yourself if you accidentally break a rule in this law"

Next

91: Defence for providing data in compliance or purported compliance with this Act, or

"Protection for sharing customer information when you think you're following the law"

Part 4 Regulatory and enforcement matters
Civil liability: Defences

90Defence for contraventions due to technical fault

  1. In any proceeding under this subpart against a data holder (A) for a contravention of any of the provisions listed in subsection (2), it is a defence if A proves that—

  2. A’s contravention was due to a technical fault in its electronic system referred to in section 27; and
    1. A took reasonable precautions and exercised due diligence to avoid the contravention; and
      1. A is in compliance with section 27 and the CPD reliability and availability requirements (see section 89(4)).

        1. The provisions are as follows:

        2. sections 14, 15, 18, 19, and 22 (duties for data holder to provide data or perform actions):
          1. section 39(2) (duty for data holder to confirm authorisation):
            1. section 45(2) (duty for data holder to verify identity of person who makes a request).