Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

New Zealand: Overview and potential impact of the new whistleblower bill

The Protected Disclosures Act 2000 ('the Act') was passed by the New Zealand Parliament ('Parliament') more than 20 years ago to strengthen whistleblower protection within the private sector. Since then, the nature of wrongdoing within the workplace has changed considerably and other laws dealing with similar subject matter, including the Privacy Act 2020, have emerged. Following extensive inquiries by the New Zealand Government, the long-awaited Protected Disclosures (Protection of Whistleblowers) Bill 2020 ('the Bill') was introduced in June 2020, with the view of resolving shortcomings in the Act. OneTrust DataGuidance considers the impact of the Bill, highlighting key provisions and its progress thus far.

Besjunior / Essentials collection /


The proposed Bill aims to improve the current provisions and principles of the Act, while simultaneously making the process for whistleblowing more accessible and easier to understand. The Bill also works to address some of the perceived problems with the Act.

Currently, the Act sets out procedures to follow when disclosing serious wrongdoing at work and the protections that are available to whistleblowers.  Further to this, the Act covers all workplaces but has a strong public-sector focus. In order to be protected, as per the current Act, a disclosure made by a whistleblower must relate to serious wrongdoing in the workplace. More specifically, the Act covers unlawful, corrupt, or irregular use of public money or resources, conduct posing a serious risk to public health, safety, the environment, or the maintenance of the law, any criminal offence gross negligence, or mismanagement by public officials.

Furthermore, in its Regulatory Impact Statement, the State Services Commission highlighted four issues with the current Act which current guidance and standards can only partly mitigate. These are as follows:

  • both organisations and disclosers are confused about when to use the Act;
  • disclosers are unclear about how to make a disclosure internally (similarly, some organisations are also unclear about how to respond);
  • it is hard for disclosers to navigate the system for reporting concerns externally; and
  • disclosers fear 'speaking up' because they lack the confidence in the protections available to them; consultations with appropriate authorities showed that very few disclosures were made, and some of these authorities lacked a robust data collection for such disclosures.

The proposed Bill clarifies the definition of serious wrongdoing, enables people to report serious wrongdoing directly to an appropriate authority at any time, strengthens protections for disclosers, clarifies the internal procedure requirements for public sector organisations and the potential forms of adverse conduct disclosers may face.

Key provisions of the proposed Bill

Definitions and scope

Section 9 is intended to clarify the test for protected disclosures, providing that a disclosure is a protected disclosure if the discloser:

  • believes on reasonable grounds that there is, or has been, serious wrongdoing in or by the discloser's organisation;

  • discloses information about that in accordance with the bill; and
  • does not disclose it in bad faith.

The Bill also aims to clarify the definition of serious wrongdoing. Section 3 of the Act currently defines serious wrongdoing as meaning (among other things) unlawful, corrupt or irregular use of funds or resources of a public sector organisation. Section 10 widens the definition which is intended to capture private sector use of public funds or resources. The Bill's definition also widens to include acts, omissions, or a course of conduct that is oppressive, improperly discriminatory, grossly negligent, or that is gross mismanagement by those performing a statutory function or statutory duty or exercising a statutory power. Currently, only public officials are accountable. The explanatory note to the Bill elaborates on this, explaining that this is to include private sector bodies who are fulfilling public functions, duties, or powers.

Process for handling reports

Further to this, Sections 11 to 15 of the Bill set out the process for disclosers and receivers. These sections are intended to clarify and set out the process, which was in some cases only implicit in the Act. In particular:

  • Section 11 outlines the process for what a discloser should do to disclose serious wrongdoing and when protection is available. Section 11(3) is intended to reflect the new policy. It provides that a discloser is entitled to protection for a protected disclosure made to an appropriate authority at any time;

  • Section 12 sets out in detail what a receiver of a protected disclosure should do;
  • Section 13 provides that a discloser has the option of disclosing to a Minister or the Ombudsmen (unless the disclosure is or includes intelligence and security information or international relations information) if they feel the receiver has not acted as it should or dealt with the matter so as to address the serious wrongdoing; and
  • Section 15 provides that a receiver that is in the organisation concerned may refer the disclosure to an appropriate authority and that a receiver who is an appropriate authority can refer the disclosure to the organisation concerned or another appropriate authority. Unlike the Act, Section 15(3) provides that before referring a protected disclosure, the receiver must consult the discloser and the intended recipient of the referral. Further, the Bill provides that if an appropriate authority refers a disclosure to the organisation concerned, the organisation concerned must inform the authority about what has been done to deal with the matter.

Although the Bill does not mandate private organisations to set up internal reporting procedures, as seen in other jurisdictions including Australia and the EU, Section 12 of the Bill does set out, in detail, what the receiver should do when a protected disclosure is made to them. Further to this, the Bill provides for a number of protections which, while revisions have been made in the Bill as compared to similar provisions in the Act, indicate that there is no intended change in legal effect), for example:

  • Section 16 provides that the receiver of a protected disclosure must use their best endeavours to keep confidential information that might identify the discloser (there are specified circumstances in which the receiver need not keep a discloser's identity confidential and there is a new requirement that a receiver who believes it is essential to release the identifying information must consult with the discloser);
  • Section 17 stipulates that protecting the confidentiality of a discloser of a protected disclosure by allowing a receiver to refuse a request for information under the Official Information Act 1982 / Local Government Official Information and Meetings Act 1987; and
  • Section 19 states that an employer must not retaliate against an employee because the employee intends to make or has made a protected disclosure. The explanatory note to the Bill explains that Section 19(4) is intended to clarify the potential forms of retaliation that are prohibited.

Special rules and the role of the Ombudsman

In addition, the Bill goes on to clarify the authorities, special rules for certain organisations, and the Ombudsmen's role. Section 23 is intended to clarify who is an appropriate authority and Schedule 2 of the Bill contains some examples. The definition includes a number of meanings, such as the head of any public sector organisation, and includes any officer of Parliament. Notably, an appropriate authority does not include a Minister or a Member of Parliament.

In regard to special rules for intelligence, security, and international relations information, Section 25 of the Bill provides that a person may only disclose intelligence and security information to someone who holds an appropriate security clearance and is authorised to have access to that information. Further detail is provided in Section 25, for example, about to whom a person must not disclose intelligence and security information. Furthermore, Section 26 provides, among other things, that an international relations agency must have internal procedures that reflect that the only Minister a discloser may disclose international relations information to is the Prime Minister or the Minister responsible for foreign affairs or trade. Moreover, Section 27 states that every public sector organisation must have appropriate internal procedures, among other things. In particular, unlike the Act, the Bill provides that public sector organisations must provide a description of how the organisation will provide practical assistance and advice for disclosers.

Another key aspect of the Bill is the role of the Ombudsman. Section 28 provides that an Ombudsman must provide information and guidance to any person on any matter about this Bill. This does not apply to a disclosure of intelligence and security information, as Section 25 would apply instead. The Ombudsman can also, among other things:

  • request information from an organisation about internal procedures (Section 29);
  • escalate protected disclosures to a Minister or investigate a disclosure (Section 30);
  • take over some investigations or investigate together with public sector organisations (Section 31); and
  • review and guide investigations by public sector organisations (Section 32).

Moving beyond the Act and further

While the Bill is expected to replace the Act, both pieces of legislation pursue similar purposes. However, as identified in reviews conducted by the State Services Commission in 2017 and 2018, there are several weaknesses in the current regime. For example, owing in part to the Act's lack of clarity, the Commission noted that individuals are generally not confident in the Act's provisions and are therefore reluctant to disclose critical information, whether internally or externally. Likewise, organisations vary significantly in their ability to handle disclosures.

As such, key changes put forward in the Bill include:

  • extending the coverage of serious wrongdoing to include misuse of public funds or resources, whether in a public or private organisation;
  • allowing whistleblowers to report directly to an external authority and identifying appropriate authorities to which whistleblowers may report;
  • providing guidance on what organisations should do when they receive a report;
  • clarifying internal procedural requirements for public sector organisations; and
  • setting out a list of the ways in which retaliation against a whistleblower may occur.

Overall, the Bill simplifies the process of disclosing information, in particular by making it easier for individuals to report to external authorities and by encouraging organisations to take certain actions where a report is received.

Unlike the Act, the Bill also clarifies that the release of information, which might identify the whistleblower, is a breach of privacy under the Privacy Act 2020. Further recourse against retaliation is also explicitly envisaged by the Bill under the Employment Relations Act 2000 and the Human Rights Act 1993.

What's next?

The Bill was due to enter into force on 1 July 2021. However, a second reading of the Bill is yet to take place, and there have been no updates since March 2021.

It is unclear whether the Bill will continue as drafted or whether further amendments will be made to fully align the Bill with the modern workplace and the expectations and interests of individuals, organisations, and the general public. Compared to legislation in the EU and recent reforms in Australia, for example, the Bill does not contain concrete legal obligations for organisations in acting on reports. Indeed, in March 2021, the Education and Workforce Committee published its report on the Bill. Although the Committee recommended the Bill to be passed, it also proposed a number of amendments to be incorporated, including strengthening the meaning of 'serious wrongdoing' and clarifying the application of the Bill on both public and private organisations.

As such, further policy consideration will likely be needed as the Bill progresses. As highlighted by the Committee, this includes providing more specific examples of wrongful behaviour towards individuals and risks that whistleblowers might face in coming forward.

Chanelle Nazareth Privacy Analyst
Karan Chao Privacy Analyst