Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
New Zealand: OPC advises organizations on breach notification obligations
On September 26, 2024, the Office of the Privacy Commissioner of New Zealand (OPC) advised agencies that it is better to notify its office about a privacy breach early, even if they are not sure that the breach occurred or do not have all the details. Additionally, the OPC referenced its Decision No. PBN23505 [2024] NZPrivCmr1, as issued on September 24, 2024, in which it found Ultimate Care Group Ltd. in violation of its breach notification requirements after a data subject requested information from the Ultimate Care Group pursuant to Section 22(F) of the Health Act.
Furthermore, the OPC mentioned that the Ultimate Care Group did not identify the breach to be notifiable as required under the Health Act and that, despite prompts by the Health Board, it continued to fail to notify the breach to the OPC until recommended by the Health and Disability Commissioner (HDC).
You can read the press release here and access the Decision here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
