Privacy Breaches

Understanding New Zealand’s Privacy Act, the privacy principles and how to make a complaint about a breach of privacy

letterpress looking binoculars on pink

It can be very upsetting to find a privacy breach and someone has shared your information. If this personal information was shared online, there are two main organisations that may be able to assist you under the law. Read on to find out more about the Acts and which organisation may better fit your situation if your privacy has been breached.   

Understanding the privacy breach laws

New Zealand is committed to protecting the privacy of individuals. It recognises both the Universal Declaration of Human Rights and International Covenant on Civil and Political Rights that each protect a person’s right to privacy. As people increasingly submit more of their data – most likely without thinking – everyday there are two laws that may apply to you if your privacy has been breached. They are the Privacy Act and the Harmful Digital Communications Act.

The Privacy Act and the Office of the Privacy Commissioner

The Privacy Act governs how ‘agencies’ handle your personal information. There are 13 Privacy Principles that guide agencies on how to best handle information. In December 2020, the Act was updated to ensure organisations are protecting our privacy and better reflects the ways information is collected and stored. 

The Privacy Act does not cover personal information that is solely used for ‘personal or domestic affairs’ – except if the collection, use, or disclosure of the personal information would be highly offensive to a reasonable person. This meant that the privacy principles didn’t apply to people who were in a relationship, were members of the same family or shared a house.

The Office of the Privacy Commissioner (OPC) is an independent Crown Entity – it is funded by but separate from the Government – and has the responsibility to investigate complaints about privacy breaches. If an agency has breached one of the privacy principles, and they are unwilling to resolve the issue, you may want to contact the OPC for advice on what to do next.  

The Privacy Act 2020 introduces greater protections for individuals and some new obligations for businesses and organisations. The changes include the requirement to report serious privacy breaches to the Privacy Commissioner and to affected people. The Privacy Commissioner has new powers to help people access their own information and to require businesses and organisations to comply with the law. There are increased fines for organisations that don’t comply, and there are new rules when sending personal information overseas.

The Act often talks about an “agency” that collects information. While this can sound like a term that applies to companies or government department, an agency is in fact anyone.

“agency means any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector”

If you think that an agency isn’t playing fair with your information, you can ask the Privacy Commissioner to decide whether that agency has carried out “interference with privacy”.

If you make a complaint to the Privacy Commissioner and they decide that someone is interfering with your privacy they may take action on your behalf through the Human Rights Commission which has a number of options open to it in terms of settlement, including the award of damages of up to $200,000.

The Harmful Digital Communications Act and Netsafe 

The Harmful Digital Communications Act (HDCA) was passed in 2015 to help people dealing with serious or repeated harmful digital communications. It lays out 10 communication principles that guide how to communicate online. Two of the principles are related to privacy: 

  • Communication Principle one states: A digital communication should not disclose sensitive personal facts about an individual; and 
  • Communication Principle seven states: Contain a matter that is published in a breach of confidence

Netsafe has the responsibility to help resolve reports related to alleged breaches of the 10 communication principles. We are not an enforcement agency, but we do have a high resolution rate. 

What to do if you think your privacy has been breached?

If you think an agency has breached your privacy, you should contact them to discuss this. If that agency is a company or a government department, try contacting their Privacy Officer as a first step.  Be prepared to discuss which of the Privacy Principles you think has been breached, how you are aware of the breach, and what harm you have suffered as a result. If the agency is an individual you can try approaching them directly and ask them if they are prepared to do something to resolve the situation. Don’t threaten or abuse them.

Some of the other steps you can take include:

Photos shared on social media

If a photo or video of yourself has been shared on social media, you can also report this directly to the platform – most major social media platforms have rules against sharing photos without permission. You can contact the main platforms using the details below: 


  • Am I an “agency”? Any individual, company or department can be an agency
  • Who will investigate if someone breaches my privacy? The Office of the Privacy Commisioner can carry out investigations to see whether an agency has interfered with privacy for any individual
  • Is posting a picture of me a breach of my privacy? The quick answer is “perhaps but not necessarily.” If a picture is taken in a setting where someone could reasonably expect privacy then publishing it could be a breach of your privacy if they have not sought your permission to do so. However, if your picture is taken in a public place, like a park or on the street, then it is not likely to be seen as a breach of your privacy.

More advice and information


If you’re concerned about the immediate safety of you or someone else, please call 111. If you want help or expert incident advice, you can contact us. Our service is free, non-judgemental and available seven days a week.


Follow us on social media and sign up to our newsletter for alerts, news and tips.  
Facebook   Twitter 

Similar Posts