Lawyer Steven Price blogs about media law and ethics in New Zealand

Search:

Steven Price

• About me
• My professional services
• Contact me
• Blog policy

Guide to NZ Media Law

• Broadcasting Standards Authority
• Press Council
• Defamation
• Privacy Act
• Invasion of Privacy
• Breach of Confidence

Official Information Act

Research User Tips

Bill of Rights Act

• BORA and the BSA

Media law resources

• Useful links

Feeds (RSS)

• Posts

Recent Posts

• A note about data breaches
• On crooks and Labour voters
• BSA bludgeons balance standard again
• Reality Check Radio weighs in on BSA jurisdiction issue
• The last word on Canadian alcohol guidelines
• Talley’s defamation decision looks strange to me
• Should I issue a correction?
• Should the Media Council issue a retraction?
• Media regulation system breaking down?
• BSA is still right

Archives

• February 2026
• January 2026
• December 2025
• October 2025
• January 2025
• May 2024
• November 2021
• July 2021
• June 2021
• May 2019
• April 2019
• November 2018
• November 2017
• September 2017
• August 2017
• June 2017
• January 2017
• December 2016
• August 2016
• February 2016
• October 2015
• September 2015
• October 2014
• September 2014
• August 2014
• July 2014
• May 2014
• April 2014
• February 2014
• December 2013
• November 2013
• October 2013
• September 2013
• August 2013
• July 2013
• May 2013
• April 2013
• March 2013
• February 2013
• January 2013
• December 2012
• November 2012
• October 2012
• September 2012
• August 2012
• July 2012
• June 2012
• May 2012
• April 2012
• March 2012
• February 2012
• January 2012
• December 2011
• November 2011
• October 2011
• September 2011
• August 2011
• July 2011
• June 2011
• May 2011
• April 2011
• March 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007

Topics

• Advertising Standards
• Breach of confidence
• Broadcasting Standards Authority
• Cameras in Court
• Censorship
• Confidential sources
• Contempt of Court
• Copyright
• Court records
• Defamation
• Department of Corrections
• Electoral speech
• Free speech theory
• Future of journalism
• General
• Harassment Act
• Hate speech
• Injunctions
• Internet issues
• Journalism and criminal law
• journalist employment issues
• Local government regulations
• Media ethics
• Name suppression
• NZ Bill of Rights Act
• Official Information Act
• Parliamentary privilege
• Press Council
• Privacy Act
• Privacy tort
• Protecting sources
• Protest speech
• Search warrants
• Suppression orders
• Trespass
• Whistle-blowing

« On crooks and Labour voters | Main

A note about data breaches

By Steven | February 9, 2026

It’s becoming a regular thing to see hackers get hold of reams of private data and threaten to leak it. (See recently: Manage My Health and Neighbourly leaks. And in recent years: Commerce Commission and Te Whata Ora.)

Courts readily grant injunctions to prevent the disclosure of such purloined information, usually on the basis of breach of confidence; sometimes privacy or copyright or a combination of these. It’s not hard to make the case that the information is confidential and the leak unauthorised. Most agencies don’t need to prove any detriment to anyone, though it’s usually obvious. There’s rarely any public interest to factor in. And injunctions against unidentified defendants are readily available now.

A couple of points though. First, you have to wonder about the utility of such orders. Criminals gonna do crime, you know? If you are resourceful, brazen and immoral enough to steal wads of private data, you’re hardly going to quaver at a court injunction. But I guess the agencies have to be seen to be doing something.

My other point is more technical. I don’t have a problem with these injunctions. But the courts routinely apply tests that are outdated, I think. They apply a general test for injunctions that asks, Is there a serious question to be tried, who does the “balance of convenience” favour, and where does the “overall justice” lie? But in the Fahey case in 1999, the Court of Appeal has said: “Any prior restraint of freedom of expression requires passing a much higher threshold than the arguable case standard.”

That case is never cited in these data cases. (To be fair, they usually involve everyone scrambling to put together evidence and submissions in a day or two. I guess it’s also easy to overlook the free speech rights of hackers who’ve ripped off sensitive data). But these cases are about free speech. That is what is being restrained, nothing else.

When privacy is alleged, the applicants also routinely overlook the passage in our leading privacy case, Hosking v Runting, that says: “The general position, then, is that usually an injunction to restrain publication in the face of an alleged interference with privacy will only be available where there is compelling evidence of most highly offensive intended publicising of private information and there is little legitimate public concern in the information. In most cases, damages will be considered an adequate remedy.” This is intended to hike the threshold in cases where the court is granting an injunction restraining someone’s speech on the basis of a necessarily preliminary and partial look at the relevant evidence.

To be clear, in almost all these cases, that higher threshold would be satisfied, so injunctions would still be granted. But I still think it’s important that they ask the right question.

Topics: General | Comments Off on A note about data breaches

Site Credits