Close this search box.

We are creating some awesome events for you. Kindly bear with us.

New Zealand to increase data privacy breach notification threshold

New Zealand’s Members of Parliament (MP) have revised the Privacy Bill regarding the required mandatory notifications to the Privacy Commissioner and affected individuals during a breach.

As reported, the Parliament’s justice select committee has increased the threshold from “harm” to “serious harm” in order to avoid a risk of ‘notification fatigue’, which may lead to “data breach complacency”.

Why increase the threshold?

Maintaining the threshold at “harm” may cause over-notification as this will force the holders of data to advise the public even if the data breaches are minor.

When data breach complacency is reached, such notices may eventually lose their effectiveness.

The revised bill has set out a range of factors that will determine if the breach is considered as “serious harm”. This includes:

  1. The actions the holder of data has taken to reduce the harm
  2. The sensitivity of the information
  3. The nature of the harm
  4. Those to whom the information might be disclosed
  5. Whether the information is protected by security measures

The new threshold would be similar to that which is operating in Australia, although the overall framework for Australia is slightly more complex.

With the revision, delay on the notification of a breach is allowed if it is determined that the holder of the data’s systems remains vulnerable, and making it known can accentuate any harm.

The new bill is more specific and clear, providing a much better framework to enable New Zealand businesses to protect the privacy of individuals as well as harness technology and data.

Other changes

The select committee also proposed to extend the law to cover any actions of a New Zealand entity, which occurred whether they were inside or outside of the country.

The legislation will apply to all personal information collected or held by New Zealand entities, regardless of where the information was collected and where the person to whom the information relates, resides.

Plus, it will also apply to an overseas entity conducting business in the country, whether or not it had a bricks-and-mortar presence in New Zealand, or charged for goods or services, or made a profit from its business.

Entities with the intention of transferring information outside the country are required to consider proactively what privacy laws or safeguards apply to the organisation receiving the data.

New Zealand businesses need to ensure that their contracts with suppliers spelled out the circumstances of transferring data outside the country.

Exemptions to the Rule

Moreover, the select committee recommended that exemptions from the Privacy Act for news media be extended to include bloggers and investigative journalism that is published in book form.

State-owned broadcasters, such as TBNZ and RNZ, will also be granted the exemption for their news activities.

However, the exemption would be limited to those media that are subject to a regulator such as the Broadcasting Standards Authority or the country’s Media Council.

The Privacy Commissioner John Edwards said that the select committee had listened to submitters and its proposed bill would ensure the law addressed “some of the most pressing aspects of the modern digital economy”.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit