{"id":209783,"date":"2021-09-01T14:10:32","date_gmt":"2021-09-01T01:10:32","guid":{"rendered":"https:\/\/legalvision.co.nz\/?p=209783"},"modified":"2025-05-30T17:52:36","modified_gmt":"2025-05-30T04:52:36","slug":"data-breach-response-plan","status":"publish","type":"post","link":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/","title":{"rendered":"What is a Data Breach Response Plan in NZ?"},"content":{"rendered":"\n<p><a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/reduce-risk-data\/\"><span style=\"font-weight: 400\">Digitally storing your information<\/span><\/a><span style=\"font-weight: 400\"> has numerous benefits, including reduced physical space and ease of access. You can share your business\u2019 information more efficiently and reach more customers faster. However, there are various security risks associated with operating online, and you need to accommodate those risks. If your business suffers a <\/span><a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/business-suspects-data-breach\/\"><span style=\"font-weight: 400\">data breach<\/span><\/a><span style=\"font-weight: 400\">, this can have disastrous consequences. Likewise, you may lose more than just information. With a data breach response plan, you can reduce some of the fallout. Therefore, this article will explain what a data breach response plan is and why your business may need one.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What Is a Data Breach?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The scope of a data breach can be quite broad, but generally, it can refer to a compromise in your business\u2019 digital data, such as:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">unauthorised access to or misuse of your information systems;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">something preventing you from accessing your digital databases;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">accidental deletion or loss of your data;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">the release of your sensitive information into an unsecured area, such as the general internet; or<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">unauthorised sharing of your business\u2019 information.<\/span><\/li>\n<\/ul>\n\n\n\n<div class=\"box box--icon box--info\">\n<p><span style=\"font-weight: 400\">For example, suppose you send sensitive business information to the wrong person over email or an unauthorised third party gains access to the information in your cloud services. These scenarios can both qualify as data breaches.<\/span><\/p>\n<\/div>\n\n\n\n<p><span style=\"font-weight: 400\">The risk of data breaches at your business will vary according to your unique situation. Still, it is worthwhile to do a cyber security assessment to determine what risks you need to take into account. This task can also help you formulate a plan that meets your business\u2019 needs.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What Is a Data Breach Response Plan?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">As the name suggests, a data breach response plan details a plan for what you and your employees should do if a data breach does occur within your business. Your data breach response plan should reflect the security reality of your business. Likewise, it should be flexible enough to accommodate different kinds of data breaches.<\/span><\/p>\n\n\n\n<div class=\"box box--icon box--info\">\n<p><span style=\"font-weight: 400\">Your breach response will depend on the kind of \u2018data\u2019 the breach concerns. For example, your data breach response for lost digital data, such as online databases or passwords, will be somewhat different to your response to lost physical information, such as physical files or logbooks.<\/span><\/p>\n<\/div>\n\n\n\n<p><span style=\"font-weight: 400\">You should develop your data breach response plan with your business\u2019:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/privacy-officer-nz-business\/\"><span style=\"font-weight: 400\">privacy officer<\/span><\/a><span style=\"font-weight: 400\">;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">IT expert; or<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">other security officers within your business.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">If you are unsure what your data breach response needs to be effective, consider engaging the help of an outside expert.<\/span><\/p>\n\n\n    <div class=\"my-7 lg:my-10 border-y-2 border-gray-100 py-7 lg:py-10 flex flex-col sm:flex-row items-start gap-10\">\n                    <img decoding=\"async\" class=\"w-52 mx-auto my-0! rounded\" src=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2023\/05\/22210201\/guide-to-resolve-business-disputes-560x792-1.jpg\" alt=\"Front page of publication\"\n                 loading=\"lazy\" width=\"208\" height=\"298\">\n                <section>\n            <div class=\"text-2xl font-bold\">Guide to Resolving NZ Business Disputes<\/div>\n            <div class=\"body-text\">\n                <p>Commercial disputes are costly, stressful and can damage your business reputation. LegalVision\u2019s free Guide to Resolving NZ Business Disputes can help.<\/p>\n            <\/div>\n            \n\n<a href=\"https:\/\/go.legalvision.co.nz\/guide-resolving-nz-business-disputes.html\" class=\" block px-5 py-3.5 max-w-fit bg-orange button__hover transition rounded text-white font-bold text-lg no-underline uppercase leading-tight text-center\" target=\"\" rel=\"\">Download Now<\/a>        <\/section>\n    <\/div>\n\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+64800005570\" class=\"not-prose\">0800 005 570<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2452' style='display:none'><div id='gf_2452' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2452' id='gform_2452' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/209783#gf_2452' data-formid='2452' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2452' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2452_15\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_15'>URL<\/label><div class='ginput_container'><input name='input_15' id='input_2452_15' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2452_15'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2452_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2452_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2452_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2452_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2452_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2452_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2452_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2452_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2452_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2452_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' ><\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2452_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2452_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2452_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2452_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.nz\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2452_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2452_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.nz\/api\/wp\/v2\/posts\/209783' \/><\/div><\/div><div id=\"field_2452_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2452_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2452\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2452&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=8d907caff460821c366ed2411b0c45b3' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2452' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2452' id='gform_theme_2452' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2452' id='gform_style_settings_2452' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2452' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2452' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='AUD' value='z\/mqvdaxLIqcaRxsDA7SUiaivundRIa7DwWUrbOs4xzTYUjlJhn7s4qyMemHKZ9WpyRoLXtAxH9GgIyGU7GzvqiSLzwudb4X5EWjzY4LR8zqEGE=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2452' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2452' id='gform_target_page_number_2452' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2452' id='gform_source_page_number_2452' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2452' id='gform_ajax_frame_2452' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2452, 'https:\/\/legalvision.co.nz\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2452').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2452');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2452').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2452').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2452').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2452').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2452').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2452').val();gformInitSpinner( 2452, 'https:\/\/legalvision.co.nz\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2452, current_page]);window['gf_submitting_2452'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2452').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2452').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2452]);window['gf_submitting_2452'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2452').text());}else{jQuery('#gform_2452').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2452\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2452\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2452\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2452\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2452, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Does My Business Need a Data Breach Response Plan?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">Dealing with the aftermath of a data breach is always easier if you have an identifiable plan for these situations. Ideally, you should have enough preventative measures to reduce the likelihood and impact of a data breach. Indeed, your response plan should take this into account. Any business can be the victim of a data breach, and preparing beforehand can help you in the long run.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Furthermore, the effects of a data breach can be devastating, depending on the kind of sensitive information that it has compromised. This data can include:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">sensitive business information, such as account data;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">personal health information;<\/span><\/li>\n\n\n\n<li><a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/personal-information-nz\/\"><span style=\"font-weight: 400\">personal information<\/span><\/a><span style=\"font-weight: 400\"> of customers and employees;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">intellectual property, such as trade secrets; or<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">reputation-damaging information.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">When dealing with sensitive information like this, you likely will have various legal obligations attached to how you handle it. This fact is crucial for both personal information and any information subject to contracts with business partners. As a result, you may have both privacy and contractual obligations you need to meet. Therefore, having a data breach response plan to show your care for these obligations when something goes wrong is vital.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What Should a Data Response Include?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The exact contents of your data response plan are up to you and will depend on the nature of your business. Importantly, ensure that it suits your business and includes solutions that you and your employees can realistically implement.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Some aspects to cover include plans or processes to:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">identify a potential data breach;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">determine an appropriate response;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">immediately contain and stop the spread of a breach;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">evaluate the effects of a breach;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">discover the cause of a breach;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">notify affected individuals; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">improve security after a breach.<\/span><\/li>\n<\/ul>\n\n\n\n<div class=\"box box--icon box--info\">\n<p><span style=\"font-weight: 400\">For example, suppose a data breach involves personal information and is likely to cause serious harm to individuals. In this case, the law requires that you notify those individuals and the <\/span><a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/notify-privacy-breach-privacy-commission-new-zealand\/\"><span style=\"font-weight: 400\">Privacy Commission<\/span><\/a><span style=\"font-weight: 400\">. Your data breach response plan should set out the process for doing this and whose responsibility it is.<\/span><\/p>\n<\/div>\n\n\n\n<p><span style=\"font-weight: 400\">Importantly, ensure that your data breach response plan is easy for you and your staff to understand and access.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Key Takeaways<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">A data breach response plan sets out the steps you and your employees will take if your business is the victim of a data breach. You should cater your plan to the security realities of your business and ensure you meet any necessary legal obligations along the way. <\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you need assistance with data breaches, our experienced <a href=\"https:\/\/legalvision.co.nz\/it-lawyers-lp\">data, privacy and IT lawyers<\/a>&nbsp;can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on&nbsp;<a class=\"AVANSERnumber dynamic-number\" href=\"tel:+64800447119\">0800 447 119<\/a>&nbsp;or visit our&nbsp;<a href=\"https:\/\/legalvision.co.nz\/membership\/\">membership page<\/a>.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Frequently Asked Questions<\/span><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1630458187374\"><strong class=\"schema-faq-question\"><strong>What is a data breach response plan?<\/strong><\/strong> <p class=\"schema-faq-answer\">A data breach response plan is a document or policy that details what you and your employees should do if your business suffers a data breach. Its exact nature should reflect your business\u2019 security needs.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1630458255152\"><strong class=\"schema-faq-question\"><strong>Do I need to tell anyone if my business has a data breach?<\/strong><\/strong> <p class=\"schema-faq-answer\">If your business deals with personal information, you may need to inform the Privacy Commission if the data breach is likely to cause serious harm. You may also need to inform business partners as part of your contractual obligations.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"ed19fd34f0\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/209783\" \/>            <input value=\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"What is a Data Breach Response Plan in NZ?\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Digitally storing your information has numerous benefits, including reduced physical space and ease of access. You can share your business\u2019 information more efficiently and reach more customers faster. However, there are various security risks associated with operating online, and you need to accommodate those risks. If your business suffers a data breach, this can have<a href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\">Continue reading <span class=\"sr-only\">&#8220;What is a Data Breach Response Plan in NZ?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13343,"featured_media":201730,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"206194,214262,210160,213942,209787,207871","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[28],"tags":[25,54,268,585,1080,1081],"class_list":["post-209783","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-medium-business","tag-data-storage","tag-personal-informatoin","tag-data-breach-control-plan","tag-data-breach"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is a Data Breach Response Plan in NZ? | LegalVision New Zealand<\/title>\n<meta name=\"description\" content=\"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is a Data Breach Response Plan in NZ? | LegalVision New Zealand\" \/>\n<meta property=\"og:description\" content=\"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision New Zealand\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-01T01:10:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-30T04:52:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1331\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Kim\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@teresa.nurdi@legalvision.com.au\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Kim\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\"},\"author\":{\"name\":\"Dan Kim\",\"@id\":\"https:\/\/legalvision.co.nz\/#\/schema\/person\/b89810daadfe7a3cfa040758e317e34e\"},\"headline\":\"What is a Data Breach Response Plan in NZ?\",\"datePublished\":\"2021-09-01T01:10:32+00:00\",\"dateModified\":\"2025-05-30T04:52:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\"},\"wordCount\":986,\"publisher\":{\"@id\":\"https:\/\/legalvision.co.nz\/#organization\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg\",\"keywords\":[\"small business\",\"medium business\",\"data storage\",\"personal informatoin\",\"data breach control plan\",\"data breach\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-NZ\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\",\"url\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\",\"name\":\"What is a Data Breach Response Plan in NZ? | LegalVision New Zealand\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.nz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg\",\"datePublished\":\"2021-09-01T01:10:32+00:00\",\"dateModified\":\"2025-05-30T04:52:36+00:00\",\"description\":\"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458187374\"},{\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458255152\"}],\"inLanguage\":\"en-NZ\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-NZ\",\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg\",\"width\":2000,\"height\":1331,\"caption\":\"What Measures can my NZ Business Undertake to Comply with GDPR? | LegalVision New Zealand\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.nz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Articles\",\"item\":\"https:\/\/legalvision.co.nz\/articles\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.nz\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"What is a Data Breach Response Plan in NZ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.nz\/#website\",\"url\":\"https:\/\/legalvision.co.nz\/\",\"name\":\"LegalVision New Zealand\",\"description\":\"LegalVision is a commercial law firm in NZ with a commitment to innovation\",\"publisher\":{\"@id\":\"https:\/\/legalvision.co.nz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.nz\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-NZ\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/legalvision.co.nz\/#organization\",\"name\":\"LegalVision New Zealand\",\"url\":\"https:\/\/legalvision.co.nz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-NZ\",\"@id\":\"https:\/\/legalvision.co.nz\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/legalvision.co.nz\/wp-content\/uploads\/sites\/2\/2020\/11\/LegalVision_square_logo.png\",\"contentUrl\":\"https:\/\/legalvision.co.nz\/wp-content\/uploads\/sites\/2\/2020\/11\/LegalVision_square_logo.png\",\"width\":400,\"height\":400,\"caption\":\"LegalVision New Zealand\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.nz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/LegalVision\",\"https:\/\/x.com\/LegalVision_law\",\"https:\/\/www.linkedin.com\/company\/legalvision-group\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.nz\/#\/schema\/person\/b89810daadfe7a3cfa040758e317e34e\",\"name\":\"Dan Kim\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-NZ\",\"@id\":\"https:\/\/legalvision.co.nz\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ad516503a11cd5ca435acc9bb6523536?s=96\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ad516503a11cd5ca435acc9bb6523536?s=96\",\"caption\":\"Dan Kim\"},\"description\":\"Dan is a Law Graduate in LegalVision's New Zealand Commercial and Corporate team. He graduated from the University of Auckland where he obtained his Bachelor of Laws.\",\"sameAs\":[\"https:\/\/x.com\/teresa.nurdi@legalvision.com.au\"],\"url\":\"https:\/\/legalvision.co.nz\/author\/dankim\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458187374\",\"name\":\"What is a data breach response plan?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A data breach response plan is a document or policy that details what you and your employees should do if your business suffers a data breach. Its exact nature should reflect your business\u2019 security needs.\",\"inLanguage\":\"en-NZ\"},\"inLanguage\":\"en-NZ\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458255152\",\"name\":\"Do I need to tell anyone if my business has a data breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"If your business deals with personal information, you may need to inform the Privacy Commission if the data breach is likely to cause serious harm. You may also need to inform business partners as part of your contractual obligations.\",\"inLanguage\":\"en-NZ\"},\"inLanguage\":\"en-NZ\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is a Data Breach Response Plan in NZ? | LegalVision New Zealand","description":"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/","og_locale":"en_US","og_type":"article","og_title":"What is a Data Breach Response Plan in NZ? | LegalVision New Zealand","og_description":"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.","og_url":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/","og_site_name":"LegalVision New Zealand","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2021-09-01T01:10:32+00:00","article_modified_time":"2025-05-30T04:52:36+00:00","og_image":[{"width":2000,"height":1331,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg","type":"image\/jpeg"}],"author":"Dan Kim","twitter_card":"summary_large_image","twitter_creator":"@teresa.nurdi@legalvision.com.au","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Dan Kim","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/"},"author":{"name":"Dan Kim","@id":"https:\/\/legalvision.co.nz\/#\/schema\/person\/b89810daadfe7a3cfa040758e317e34e"},"headline":"What is a Data Breach Response Plan in NZ?","datePublished":"2021-09-01T01:10:32+00:00","dateModified":"2025-05-30T04:52:36+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/"},"wordCount":986,"publisher":{"@id":"https:\/\/legalvision.co.nz\/#organization"},"image":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg","keywords":["small business","medium business","data storage","personal informatoin","data breach control plan","data breach"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-NZ"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/","url":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/","name":"What is a Data Breach Response Plan in NZ? | LegalVision New Zealand","isPartOf":{"@id":"https:\/\/legalvision.co.nz\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg","datePublished":"2021-09-01T01:10:32+00:00","dateModified":"2025-05-30T04:52:36+00:00","description":"The impacts of a data breach can be disastrous. We explain what a data breach response plan is and why your business may need one in NZ.","breadcrumb":{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458187374"},{"@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458255152"}],"inLanguage":"en-NZ","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/"]}]},{"@type":"ImageObject","inLanguage":"en-NZ","@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/2\/2021\/01\/11151220\/christopher-gower-m_HRfLhgABo-unsplash.jpg","width":2000,"height":1331,"caption":"What Measures can my NZ Business Undertake to Comply with GDPR? | LegalVision New Zealand"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.nz\/"},{"@type":"ListItem","position":2,"name":"Articles","item":"https:\/\/legalvision.co.nz\/articles\/"},{"@type":"ListItem","position":3,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.nz\/category\/data-privacy-it\/"},{"@type":"ListItem","position":4,"name":"What is a Data Breach Response Plan in NZ?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.nz\/#website","url":"https:\/\/legalvision.co.nz\/","name":"LegalVision New Zealand","description":"LegalVision is a commercial law firm in NZ with a commitment to innovation","publisher":{"@id":"https:\/\/legalvision.co.nz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.nz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-NZ"},{"@type":"Organization","@id":"https:\/\/legalvision.co.nz\/#organization","name":"LegalVision New Zealand","url":"https:\/\/legalvision.co.nz\/","logo":{"@type":"ImageObject","inLanguage":"en-NZ","@id":"https:\/\/legalvision.co.nz\/#\/schema\/logo\/image\/","url":"https:\/\/legalvision.co.nz\/wp-content\/uploads\/sites\/2\/2020\/11\/LegalVision_square_logo.png","contentUrl":"https:\/\/legalvision.co.nz\/wp-content\/uploads\/sites\/2\/2020\/11\/LegalVision_square_logo.png","width":400,"height":400,"caption":"LegalVision New Zealand"},"image":{"@id":"https:\/\/legalvision.co.nz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/LegalVision","https:\/\/x.com\/LegalVision_law","https:\/\/www.linkedin.com\/company\/legalvision-group"]},{"@type":"Person","@id":"https:\/\/legalvision.co.nz\/#\/schema\/person\/b89810daadfe7a3cfa040758e317e34e","name":"Dan Kim","image":{"@type":"ImageObject","inLanguage":"en-NZ","@id":"https:\/\/legalvision.co.nz\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ad516503a11cd5ca435acc9bb6523536?s=96","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ad516503a11cd5ca435acc9bb6523536?s=96","caption":"Dan Kim"},"description":"Dan is a Law Graduate in LegalVision's New Zealand Commercial and Corporate team. He graduated from the University of Auckland where he obtained his Bachelor of Laws.","sameAs":["https:\/\/x.com\/teresa.nurdi@legalvision.com.au"],"url":"https:\/\/legalvision.co.nz\/author\/dankim\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458187374","name":"What is a data breach response plan?","acceptedAnswer":{"@type":"Answer","text":"A data breach response plan is a document or policy that details what you and your employees should do if your business suffers a data breach. Its exact nature should reflect your business\u2019 security needs.","inLanguage":"en-NZ"},"inLanguage":"en-NZ"},{"@type":"Question","@id":"https:\/\/legalvision.co.nz\/data-privacy-it\/data-breach-response-plan\/#faq-question-1630458255152","name":"Do I need to tell anyone if my business has a data breach?","acceptedAnswer":{"@type":"Answer","text":"If your business deals with personal information, you may need to inform the Privacy Commission if the data breach is likely to cause serious harm. You may also need to inform business partners as part of your contractual obligations.","inLanguage":"en-NZ"},"inLanguage":"en-NZ"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/posts\/209783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/users\/13343"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/comments?post=209783"}],"version-history":[{"count":9,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/posts\/209783\/revisions"}],"predecessor-version":[{"id":229070,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/posts\/209783\/revisions\/229070"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/media\/201730"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/media?parent=209783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/categories?post=209783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.nz\/api\/wp\/v2\/tags?post=209783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}