Office of the Privacy Commissioner launches privacy breach reporting tool

19 Oct 2020, 09:00

The Office of the Privacy Commissioner (OPC) has today launched NotifyUs—a new online tool enabling businesses and organisations to easily assess whether a privacy breach is notifiable.

Under the Privacy Act 2020—which comes into effect on 1 December—it will be mandatory for organisations to notify OPC if a privacy breach has caused, or is likely to cause, serious harm. Businesses and organisations which fail to report a notifiable privacy breach to OPC may receive fines of up to $10,000.

Privacy Commissioner John Edwards says NotifyUs will help organisations determine whether a breach has caused, or could cause, serious harm, and guide them through the reporting process.

“We want the privacy breach pre-assessment and reporting process to be straightforward,” says Mr Edwards. “NotifyUs has undergone extensive testing ahead of today’s launch to ensure the guidance is clear and easy to follow. I encourage people to use it in advance of the new legislation taking effect on 1 December.”

Visit NotifyUs.

Explore OPC’s new resources on privacy breach reporting, including a short e-learning module and breach reporting brochure.

What is serious harm?

The unwanted sharing, exposure or loss of access to people’s personal information may cause individuals or groups serious harm. Some information is more sensitive than others and therefore more likely to cause people serious harm.

Examples of serious harm include:

  • Physical harm or intimidation 
  • Financial fraud including unauthorised credit card transactions or credit fraud 
  • Family violence
  • Psychological, or emotional harm

Find out more about serious harm.

For further information please contact:
privacy@nzbt.co.nz