Privacy Bill

  • enacted

Part 6 Notifiable privacy breaches and compliance notices

Subpart 1—Notifiable privacy breaches

117 Interpretation


In this subpart,—

affected individual, in relation to personal information that is the subject of a privacy breach,—


means the individual to whom the information relates; and


includes an individual inside or outside New Zealand; and


despite the definition of individual in section 6(1), includes a deceased person—


if a sector-specific code of practice issued under section 35 specifies that the code applies to information about deceased persons; and


to the extent that the code of practice applies 1 or more IPPs to that information

notifiable privacy breach


means a privacy breach that it is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so (see section 117A for factors that must be considered by an agency when assessing whether a privacy breach is likely to cause serious harm); but


does not include a privacy breach if the personal information that is the subject of the breach is held by an agency who is an individual and the information is held solely for the purposes of, or in connection with, the individual’s personal or domestic affairs

privacy breach, in relation to personal information held by an agency,—




unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, the personal information; or


an action that prevents the agency from accessing the information on either a temporary or permanent basis; and


includes any of the things listed in paragraph (a)(i) or an action under paragraph (a)(ii), whether or not it—


was caused by a person inside or outside the agency; or


is attributable in whole or in part to any action by the agency; or


is ongoing.


For the purposes of this subpart, the meanings of access, disclosure, and loss are not limited by the use of those words or the meanings ascribed to them elsewhere in this Act.

Compare: 1956 No 65 s 22B