Skip to content
Get in touch
Privacy breach New Zealand

Privacy Breaches

What It Is

A privacy breach occurs when an employer, manager, or coworker collects, uses, or discloses your personal or employment information without lawful reason or consent. This includes sharing private details about your health, complaints, or disciplinary matters; accessing confidential emails or records; or failing to secure sensitive data. Privacy breaches can cause serious harm to your reputation, mental health, and dignity.

Under New Zealand law, employees are protected by both employment and privacy legislation, giving rise to claims before the Employment Relations Authority (ERA) or the Human Rights Review Tribunal (HRRT).

Your Rights and the Law

  • ERA 2000 s 4(1A)(b) — Employers must act in good faith and communicate openly, including respecting confidentiality.
  • ERA 2000 s 103(1)(b) — You can raise a personal grievance if a privacy breach causes an unjustified disadvantage.
  • Privacy Act 2020 s 22–24 — Sets out the Information Privacy Principles (IPPs) regulating how personal information is collected, stored, and disclosed.
  • Privacy Act 2020 s 75 — Individuals may complain to the Privacy Commissioner and, if unresolved, to the HRRT.
  • Hammond v Credit Union Baywide [2015] NZHRRT 6 — Landmark case confirming employees’ rights to privacy and awarding record compensation for emotional harm.
  • Vice-Chancellor of Lincoln University v Stewart [2022] NZEmpC 166 — Employer breached confidentiality by mishandling disciplinary material.

Process (How a Case Generally Proceeds)

  1. Identify the Breach – Note what information was shared, by whom, when, and to whom.
  2. Request Internal Investigation – Ask your employer to review or correct the breach under its privacy policy.
  3. Raise a Personal Grievance – If the breach caused disadvantage, raise under ERA s 103(1)(b) within 90 days.
  4. Parallel Complain to the Privacy Commissioner – If unresolved within a reasonable time (Privacy Act s 75).
  5. Mediation – The Ministry of Business, Innovation & Employment (MBIE) provides free mediation to seek early resolution. The process is voluntary and both parties must agree to attend. Most cases reach resolution at Mediation.
  1. ERA or HRRT – If unresolved, we can file to the ERA or HRRT. The Authority can award compensation for disadvantage; the Tribunal can order damages for emotional harm and reputational loss.

Potential Outcomes / Remedies

  • Compensation for humiliation, loss of dignity, or injury to feelings (ERA s 123(1)(c); Privacy Act s 88).
  • Declarations that the privacy breach occurred.
  • Orders for correction, apology, or deletion of data.
  • Penalties for deliberate or malicious disclosure.
  • Non-publication orders protecting the victim’s identity.

Take Action Today

If your private information has been shared, accessed, or misused by your employer or colleagues, you have the right to act. Get in touch with us to arrange a no-obligation consultation about your situation. We’ll assess your case, explain your options, help gather evidence, request your employment file, and help you pursue the justice and compensation you deserve. We can liaise with the Privacy Commissioner if needed, and represent you in mediation, the ERA, or the Human Rights Review Tribunal to secure accountability and compensation.