Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

How to say sorry Lynley Cahill
13 February 2017


Here at the Office of the Privacy Commissioner, we have a statutory duty to use our best endeavours to resolve complaints. Many complaints are resolved when the respondent agency simply apologises to the complainant.

Sounds straightforward? Not always. We see a lot of apologies that leave more than a bit to be desired. Here is some practical advice on how to get an apology right.

Firstly…why apologise?

If our Office cannot assist parties to resolve a complaint, then the aggrieved party (the complainant) can initiate proceedings in the Human Rights Review Tribunal. The Tribunal has the ability to compel parties to take certain actions and can award damages of up to $200,000* to successful plaintiffs. 

Even if the action is unsuccessful, defending proceedings in the Tribunal can be very costly for agencies. Costs awards to agencies, if made at all, are usually only a small fraction of the actual money spent by the agency defending the proceedings. Therefore, it makes sense for both parties to resolve the matter so that going to the Tribunal is unnecessary.

Very often, we find that complainants who have a sense of hurt and anger due to the actions of an agency, simply want that hurt recognised, and for an apology to be issued.

In many situations, apologising is simply the right thing to do, and agencies recognise that.

“I’m sorry, not sorry”

In our experience, apology letters are best received when they are kept simple and straightforward. An apology letter is not the place to justify your actions. Nor is it the place to have a subtle dig at the complainant. A good apology should be sincere and to the point.

An apology letter that comes across as grudging, insincere or overly explanatory can actually inflame the situation, not resolve it.

Sometimes, agencies are tempted to write something along the lines of “We are sorry that you think we breached your privacy”. This is not helpful. Complainants are not silly - they can tell when the writer of the letter doesn’t accept there is anything to apologise for, and is only issuing an apology letter to make the situation go away. Part of apologising sincerely is taking ownership of the fact that something went wrong.

We also note that an apology doesn’t necessarily have to assign liability for an action. You can apologise carefully and acknowledge harm without putting your agency in a quandary. “I’m sorry this has happened to you” doesn’t mean that you have created a legal burden.

How to apologise

Don’t get us wrong - an apology letter doesn’t have to use flowery language, beg for forgiveness, or contain a handwritten pledge from the CEO that it will never happen again. 

An apology letter should ideally:

  • acknowledge the hurt caused by the agency’s actions/inactions
  • apologise
  • if appropriate, briefly explain the steps the agency has taken to prevent the issue from occurring again.

A good apology can work wonders. Thanks for reading and happy drafting.

* Since this blog was published, the amount the Human Rights Review Tribunal can award in damages is now up to $350,000.

Image credit: Sorry by Denis Yang (via Flickr)



, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.