(1)
In this subpart,—
affected individual, in relation to personal information that is the subject of a privacy breach,—
means the individual to whom the information relates; and
includes an individual inside or outside New Zealand; and
despite the definition of individual in section 6(1), includes a deceased person—
if a sector-specific code of practice issued under section 35 specifies that the code applies to information about deceased persons; and
to the extent that the code of practice applies 1 or more IPPs to that information
notifiable privacy breach—
means a privacy breach that it is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so (see section 117A for factors that must be considered by an agency when assessing whether a privacy breach is likely to cause serious harm); but
does not include a privacy breach if the personal information that is the subject of the breach is held by an agency who is an individual and the information is held solely for the purposes of, or in connection with, the individual’s personal or domestic affairs
privacy breach, in relation to personal information held by an agency,—
means—
unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, the personal information; or
an action that prevents the agency from accessing the information on either a temporary or permanent basis; and
includes any of the things listed in paragraph (a)(i) or an action under paragraph (a)(ii), whether or not it—
was caused by a person inside or outside the agency; or
is attributable in whole or in part to any action by the agency; or
is ongoing.
(2)
For the purposes of this subpart, the meanings of access, disclosure, and loss are not limited by the use of those words or the meanings ascribed to them elsewhere in this Act.
Compare: 1956 No 65 s 22B