Privacy & Data

Businesses operate in an era where huge amounts of data are collected, created, stored, analysed and sold.

While data can be used to create powerful advantages, organisations need to understand and manage their obligations. A data or privacy breach can have a devastating effect on reputation and serious legal consequences.

Our specialist privacy and data lawyers advise private and public sector organisations on the collection, use and disclosure of personal information in accordance with privacy laws, including New Zealand’s Privacy Act 2020, and consumer protection and antispam laws.

We also guide clients on their strategies around data governance and pursuing the opportunities that data use can create, while adhering to good data ethics.

We acted in the ground-breaking case that first recognised breach of privacy as actionable under New Zealand law. Since then, we’ve acted on the leading New Zealand cases dealing with civil liability for interference with privacy and with balancing the competing values of privacy, open justice, and freedom of information.

Our services include:

  • advising New Zealand and international businesses on privacy and related data protection matters, including Privacy Act and GDPR obligations
  • advising on trans-border data flows, particularly for multi-national clients seeking to store personal information of New Zealand customers or personnel offshore
  • assisting clients to assess their privacy practices and procedures, undertake privacy impact assessments on new initiatives, and improve privacy practices
  • assisting clients to undertake Privacy Act reviews and respond to Privacy Act requests; and with compliance notices and access determinations issued by the Privacy Commissioner
  • advising and acting on privacy-related disputes in the Human Rights Review Tribunal and the Courts
  • assisting with managing data breaches and security incidents involving personal information
  • preparing privacy policies in relation to customer and employee data.


Our summary sheet provides an overview of the Privacy Act 2020.

Our notifiable privacy breaches flowchart will help you work out whether a breach is notifiable and provides an overview of the notice requirements.

Work Highlights

Waikato District Health Board

We acted for Waikato District Health Board in a landmark proceeding for breach of confidence against Radio New Zealand (RNZ) and others preventing further publication of information published on the dark web as the result of a cyber-attack.


We advised on the privacy implications of using GPS and driving behaviour tracking software for delivery drivers in their personal vehicles.

Watercare Services Limited

We advised on privacy considerations for its “My Account” service and for the launch of the Watercare mobile application including development of appropriate terms of use and a privacy policy for customers.

The New Zealand Health Group

We advised on the updating of its privacy policies and procedures (both internal and external) for compliance with the Privacy Act 2020 and the Health Information Privacy Code, and development of a breach management and response procedure.


We reviewed and helped develop privacy policies, including a breach reporting framework and process.

Various clients

We have advised New Zealand and international businesses on privacy and related data protection matters, including the application of the Privacy Act and GDPR obligations.

Insights & News