Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
NotifyUs - For organisations to report privacy breaches
Notify Us
Your responsibilities
If you are concerned someone's life is in danger, please call 111, then come back to us.
Privacy breach self-assessment
This self-assessment does not ask for any information that identifies you or your organisation. No information you enter is sent to us unless at the end of the self-assessment, you elect to go on to submit a privacy breach notification to us. Nothing you enter in this self-assessment or go on to submit to us is stored on our website.
It is important to note that this self-assessment tool is only a guide. Every breach is different and we are not limited to the self-assessment result when assessing if any decision not to notify us was reasonable in the circumstances.
If you are unsure which answer value to choose when you complete the self-assessment, we encourage you to err on the side of caution.
No need to continue
This self-assessment is to help organisations that have a data breach that involves personal information to work out if the breach is likely to cause serious harm and therefore if they are legally required to notify us and any affected persons. As you have indicated that this isn’t applicable to you, you do not need to continue.
If you want to notify us about a privacy breach of your own information, or on behalf of someone about a breach of their personal information, please make a privacy complaint.
If you have received someone else's information or you want to alert us to a privacy breach by an organisation but you are not reporting it on their behalf, please contact us on 0800 803 909 or use our online enquiries form.
If you want to report or get guidance about a cyber security breach, you can contact CERT NZ.
Privacy breach self-assessment
This self-assessment has 6 questions and should take no more than 5 minutes.
Privacy breach self-assessment
Result of self-assessment
Unlikely to result in serious harm
Based on your responses at this time, your organisation’s privacy breach looks unlikely to cause serious harm to any affected persons.
Please note the self-assessment result is a guide to assist you. Every breach is different and the Office of the Privacy Commissioner is not limited to the self-assessment result when assessing if your decision not to notify us was reasonable in the circumstances.
We encourage you to report to us whether or not you have to. If you report a breach to us that may be unlikely to cause serious harm, we will use the information to inform how we can better assist organisations with their privacy obligations.
If you choose to report
If you click on "Report privacy breach" below, the responses you just completed in the self-assessment will be automatically pulled through into the report form so you do not have to enter them again.
You are not able to save a report to complete it later. You can see what information is required for a report here. If there is information your organisation does not yet have, you can choose to provide it later as an update to your report.
We use end-to-end encryption to ensure your submission is secure. Nothing you report is stored on our website.
All fields are required unless indicated otherwise.
Likely to result in serious harm
Based on your responses, your organisation's privacy breach looks likely to cause serious harm to affected persons. Under the Privacy Act 2020, you are legally required to report a privacy breach to us and notify any affected persons if it is likely to cause serious harm. Not reporting to us a privacy breach that may cause serious harm is an offence and may result in a fine of up to $10,000.
We encourage you to report to us ahead of the legislation taking effect on 1 December 2020. We may be able to provide you with support and advice. You can also check out our online guidance on privacy breaches and how to respond to them.
Report this notifiable privacy breach to us now
If you click on "Report privacy breach" below, the responses you just completed in the self-assessment will be automatically pulled through into the report form so you do not have to enter them again.
You are not able to save a report to complete it later. You can see what information is required for a report here. If there is information your organisation does not yet have, you can provide it later as an update to your report.
We use end-to-end encryption to ensure your submission is secure. Nothing you report is stored on our website.
All fields are required unless indicated to the contrary.
Summary
You have responded as follows:
If you would like to retain a copy of this evaluation, you can print it directly from this page.
Not sure about the results?
If you think some of your answers were not quite correct, you can start the assessment again.
Privacy breach notification form
Privacy breach notification form
Summary of your report update
Please review your responses before you submit your update. You will be able to print a copy of your update after you submit it.
Contact details
About the organisation
Organisation name
NZBN number
Sector
Industry classification
Your contact details
First name
Last name
Job title
Email
Phone number
Are you acting as an agent for the organisation?
Name of agent organisation
Timeline
Is the problem that caused this breach ongoing?
Date of breach
Date the breach was identified by your organisation
About the breach
Number of people affected
Type of personal information involved in the breach
Type of breach
Tell us what happened
Tell us what happened
Tell us what happened
Do you know where the information has gone?
Where has the information gone?
Likely harm
How sensitive is the information that is involved in the breach?
Who has obtained or may obtain the information?
What types of harm may be caused to people affected by the breach?
Discriminatory harm
Emotional harm
Employment harm
Financial harm
Identity theft
Loss of access to information
Loss of opportunity
Physical harm
Reputational harm
Threats of harm
Other:
How likely is it that someone will be harmed because of this breach?
What steps have been taken to reduce the risk of harm or further harm from this breach?
Are there security measures in place that protect the information from being accessed?
Please explain in detail the security measures in place and how they protect the information from being accessed
Is someone's physical safety in immediate danger?
Is someone's psychological safety at immediate risk?
Is someone at immediate risk of serious financial harm?
Notifying Affected People
If the breach is likely to cause serious harm to affected people, have you notified them?
What have you done to notify the people affected?
Why have you not notified the people affected?
What permitted exception(s) are you relying on to not notify the people affected at this time?
Please explain why you are relying on the exception(s) you have indicated.
Why, and for how long, are you delaying notifying the people affected?
Are you relying on giving public notice to notify the people affected?
Why are you relying on giving public notice to notify the people affected?
Other Organisations
Were any other organisations affected by the breach?
Please name the other affected organisations and explain how they were affected.
Has the breach been reported to other authorities?
What authorities has the breach been reported to?
Have you contacted any organisations that might be able to provide support to your organisation or people affected by the breach?
What other organisations have you contacted for support with the breach?
Almost done
Please provide any other information you think may be relevant to the breach, or steps you have taken or intend to take in response. (This is an optional field.)
You can upload any attachments here (e.g. copy of any public notice if applicable). The total size limit is 7MB. (This is an optional field.)
