Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Notify Us

Your responsibilities

Contact details

About the organisation

This is an optional field.

Your contact details

Timeline
About the breach

Select all that apply. Click the down arrow again to select another value.

Select all that apply

Please explain in detail and include the identity of anyone that you have reason to believe may be in possession of personal information as a result of the privacy breach (if known).

Likely harm

Sensitive information can be, for example, about someone's health, political or religious beliefs, or financial information. Context is important. Information that is not sensitive in one situation might be very sensitive in another

Select all that apply

Select all that apply

For each type of harm you identified, please rate the likely impact you think it will have on any affected persons.

No harm selected yet

Select all that apply

If this is a case of employee browsing, please select "No" as the answer. Please also select "No" if the information was encrypted but the encryption key to unlock the information was not secure.

If anyone's life is in immediate danger, please contact the Police.

Notifying Affected People

Please provide as much detail as you can about how and when you notified the people affected by the privacy breach. For example include if you notified them by email, phone, post and/or in person, and what response, if any, you have received.

Select all that apply

You must still notify if circumstances change and the exception(s) no longer apply but the risk of serious harm remains. If you are not notifying an individual because notifying would likely be harmful to them, you must consider if you should notify a representative instead.

You may delay notifying only if you have reason to believe that notifying may risk for the time being the security of the personal information you hold.

Please provide as much detail as you can about why, when, how and in what medium you gave, or intend to give, public notice. Use the attachment field at the end of this form to upload a copy of your notice(s).

Other Organisations

Please list any other privacy or data protection authorities, law enforcement or regulatory bodies that you have reported this data breach to. Provide as much detail as you can about why, when, how and by whom (e.g. by your organisation or an affected person).

Select all that apply

Almost done

Do not provide us with copies of the information involved in the breach.

Summary of your notification form

Please review your responses before you submit your report. You will be able to print a copy of your report after you submit it.

Contact details
About the organisation
Organisation name
NZBN number
Sector
Industry classification
Your contact details
First name
Last name
Job title
Email
Phone number
Are you acting as an agent for the organisation?
Name of agent organisation
Timeline
Is the problem that caused this breach ongoing?
Date of breach
Date the breach was identified by your organisation
About the breach
Number of people affected
Type of personal information involved in the breach
Type of breach
Tell us what happened
Tell us what happened
Tell us what happened
Do you know where the information has gone?
Where has the information gone?
Likely harm
How sensitive is the information that is involved in the breach?
Who has obtained or may obtain the information?
What types of harm may be caused to people affected by the breach?
Discriminatory harm
Emotional harm
Employment harm
Financial harm
Identity theft
Loss of access to information
Loss of opportunity
Physical harm
Reputational harm
Threats of harm
Other:
How likely is it that someone will be harmed because of this breach?
What steps have been taken to reduce the risk of harm or further harm from this breach?
Are there security measures in place that protect the information from being accessed?
Please explain in detail the security measures in place and how they protect the information from being accessed
Is someone's physical safety in immediate danger?
Is someone's psychological safety at immediate risk?
Is someone at immediate risk of serious financial harm?
Notifying Affected People
If the breach is likely to cause serious harm to affected people, have you notified them?
What have you done to notify the people affected?
Why have you not notified the people affected?
What permitted exception(s) are you relying on to not notify the people affected at this time?
Please explain why you are relying on the exception(s) you have indicated.
Why, and for how long, are you delaying notifying the people affected?
Are you relying on giving public notice to notify the people affected?
Why are you relying on giving public notice to notify the people affected?
Other Organisations
Were any other organisations affected by the breach?
Please name the other affected organisations and explain how they were affected.
Has the breach been reported to other authorities?
What authorities has the breach been reported to?
Have you contacted any organisations that might be able to provide support to your organisation or people affected by the breach?
What other organisations have you contacted for support with the breach?
Almost done
Please provide any other information you think may be relevant to the breach, or steps you have taken or intend to take in response. (This is an optional field.)
You can upload any attachments here (e.g. copy of any public notice if applicable). The total size limit is 7MB. (This is an optional field.)