Breach Of Duty Of Care In New Zealand: Business Essentials

If you run a business, you’re probably used to juggling a lot at once - customers, staff, suppliers, deadlines, and the day-to-day realities of keeping things moving.

But there’s one legal concept that quietly sits behind many of the most expensive (and stressful) disputes businesses face: a breach of duty of care.

Whether you operate a café, a trade business, a retail store, an online service, or a professional practice, a duty of care is one of those obligations you can’t afford to treat as an afterthought. The good news is that once you understand what it means (and where it shows up), you can put practical systems in place to reduce your risk and protect your business from day one.

What Is A Duty Of Care (And When Does It Apply To Your Business)?

In simple terms, a duty of care is a legal responsibility to take reasonable care to avoid causing harm to others.

In a business context, this can apply in a few common ways:

• To customers and the public (for example, keeping premises reasonably safe and warnings clear).
• To clients (especially where you provide professional or specialised services and people rely on your advice or work).
• To your workers (particularly around workplace health and safety).
• To other businesses (for example, when your work affects a client’s property, their customers, or downstream users of what you deliver).

Duty of care doesn’t mean you have to guarantee nobody will ever be harmed. It usually means you have to take reasonable steps to prevent foreseeable harm.

What’s “reasonable” depends on the circumstances, including:

• How likely the harm was to occur
• How serious the harm could be
• What a reasonable business in your industry would do
• How practical and costly it is to take precautions
• What the person affected did (for example, whether they ignored clear warnings)

This is why duty of care issues can look very different across industries - what’s reasonable for a daycare, for example, is not the same as what’s reasonable for a consulting business.

What Counts As A Breach Of Duty Of Care?

A breach of duty of care happens when your business owes a duty of care and doesn’t meet the required standard of care - and that failure causes someone harm (or loss).

In practice, breach arguments often come down to the question: Did the business take reasonable care in the circumstances?

Some examples (kept general, because the details always matter):

• Unsafe premises: You don’t repair a known hazard, don’t put up signage, or don’t have reasonable cleaning/check procedures.
• Poorly performed services: Your work is done without reasonable skill and care, causing damage or loss.
• Inadequate warnings or instructions: A product or service has risks you should reasonably warn about, but you don’t.
• Failures in supervision or process: Your staff aren’t trained, policies aren’t followed, or there’s no system to catch obvious risks.

To be clear, a mistake isn’t automatically a breach. The legal test is usually about whether your conduct fell below the standard expected in that situation.

If you want your business to be set up properly from the start, it can help to put your legal foundations in place early - for example, having tailored Business Terms that set out responsibilities, limitations (where appropriate), and how issues are handled.

Where Small Businesses Commonly Get Exposed (Customers, Workers, And Data)

When we see duty of care issues become disputes, it’s often because the business owner didn’t realise how many “touch points” create legal risk. Here are the big ones for small businesses.

1) Customers And The Public (Premises, Products, Services)

If people come onto your premises - even briefly - you should assume you have responsibilities around keeping the space reasonably safe.

Practical examples include:

• slips, trips and falls
• poor lighting or broken flooring
• unsafe storage (for example, heavy items stacked precariously)
• lack of warning signage for known temporary hazards

If you sell products, a duty of care can also overlap with consumer protection obligations. If a product is unsafe, you could be dealing with more than one legal risk at once (including reputational damage).

2) Workers And Contractors (Health And Safety Duties)

For many businesses, the most significant duty of care-style obligations arise in the workplace.

In New Zealand, workplace safety duties primarily come from statute (including the Health and Safety at Work Act 2015). These are enforced by regulators like WorkSafe, and issues can lead to investigations, improvement notices, prosecutions, and penalties - not just civil claims for damages.

This is where documenting expectations and roles helps. For example, if you engage people as contractors, you’ll usually want agreements in place that clearly set expectations about responsibilities, scope, and safety processes, such as a tailored Contractors Agreement.

3) Handling Customer Data (Privacy And Confidentiality Risk)

Duty of care doesn’t only show up in physical injury scenarios. If you collect personal information - names, addresses, health details, payment details, or even “notes” about a customer - you need to think about privacy and information security.

Under the Privacy Act 2020, businesses must handle personal information fairly and securely. If you suffer a data breach because you didn’t take reasonable steps to protect information, that can create real legal risk (and can lead to complaints and investigations).

In many cases, having a clear Privacy Policy is a basic starting point (alongside internal practices like access controls, secure storage, and staff training).

What Does Someone Need To Prove In A Breach Of Duty Of Care Claim?

If a claim is made against your business for breach of duty of care, the person complaining generally needs to establish a few key elements.

While the details depend on the situation, the usual building blocks are:

• Duty: Your business owed them a duty of care.
• Breach: Your business failed to meet the required standard of care.
• Causation: That breach caused the harm or loss (not just that something bad happened).
• Loss or harm: They suffered damage (physical injury, property damage, financial loss, etc).

One important New Zealand-specific point: if the “harm” is a personal injury, the ACC scheme generally limits (and often bars) suing for compensatory damages in negligence. That doesn’t mean you’re risk-free - ACC doesn’t prevent regulatory action (for example, under health and safety law), and businesses can still face claims in other areas (like property damage, economic loss, or in rare cases exemplary damages), depending on the facts.

Causation is often where disputes get complicated. For example, a customer might have been injured, but the question becomes whether the harm was actually caused by something your business did (or failed to do), and whether it was reasonably foreseeable.

This is also why good record-keeping matters. If you can show you had a system in place (cleaning logs, training records, maintenance reports, incident reports), you’re in a much stronger position to defend a claim or negotiate a sensible outcome.

How Can Businesses Reduce The Risk Of Breach Of Duty Of Care?

Most duty of care risk management is about doing a few fundamentals really well and consistently - and documenting what you do.

Here are practical steps that can make a big difference.

1) Identify Your “Risk Hotspots”

Start with the areas where something could realistically go wrong:

• your premises (front of house, back rooms, storage, bathrooms, car parks)
• your service delivery (quality control, supervision, rework and sign-off processes)
• customer interactions (complaints handling, refunds/returns process, warnings)
• equipment, tools and vehicles
• information security (devices, passwords, cloud systems, staff access)

If you’re scaling, introducing a new offering, or changing how you operate (for example, adding delivery services or moving into a new space), it’s worth reassessing these hotspots.

2) Put Clear Procedures In Place (And Actually Use Them)

Courts and regulators tend to look for evidence of a real system - not a policy that sits in a folder and nobody follows.

Depending on your business, that might include:

• cleaning and maintenance schedules
• checklists and sign-off processes for work
• incident reporting and escalation processes
• staff induction and refresher training
• customer complaint handling steps

Even simple systems can help show that you took reasonable care.

3) Use Contracts To Clarify Responsibilities (Customers, Suppliers, And Contractors)

Contracts won’t magically eliminate a duty of care - and you can’t always contract out of legal responsibility - but strong, tailored agreements can reduce confusion and disputes, and can allocate risk in a commercial way.

Depending on how you operate, that might include:

• customer-facing terms (scope, limitations, timelines, exclusions where lawful, dispute process)
• supplier terms (quality standards, warranties, delivery risk, recalls, indemnities)
• contractor terms (scope of work, safety compliance, reporting and insurance)

For example, if you provide ongoing services, it can be helpful to have a tailored Service Agreement that clearly sets expectations and reduces scope creep (which is a surprisingly common contributor to negligence-style disputes).

4) Train Your Team And Set Expectations Early

A lot of duty of care problems happen because the business owner assumes “common sense” will fill the gaps.

Training doesn’t have to be complex, but it should be clear on:

• how to do tasks safely
• what to do if something looks unsafe
• how to handle customer complaints or incidents
• when to escalate issues to a manager

It also helps to have your key employment expectations properly documented. If you’re hiring, having a fit-for-purpose Employment Contract is a strong foundation (and can help manage performance and conduct issues before they become larger risks).

5) Get Insurance Advice, But Don’t Treat Insurance As The Strategy

Insurance can be crucial (public liability, professional indemnity, cyber insurance, etc), but it’s not a substitute for good systems.

From a practical perspective, insurers may also expect you to take reasonable precautions. If you don’t, you can end up with coverage disputes - which is the last thing you want when you’re already dealing with a claim.

What Should You Do If Someone Alleges A Breach Of Duty Of Care?

Even well-run businesses can face allegations. If it happens, the key is to respond calmly and strategically.

Here’s a practical approach:

1) Don’t Admit Liability Too Early

It’s completely normal to want to smooth things over quickly, especially with valued customers.

But an early “we’re at fault” message can create real legal exposure (and complicate insurance). You can acknowledge the issue and say you’re investigating without making admissions.

2) Secure The Evidence And Document What Happened

Gather and preserve:

• photos (if relevant)
• CCTV footage (if you have it)
• incident reports
• maintenance logs / training records
• emails and messages between your staff and the affected person

If you don’t already have an incident report process, this is a good time to implement one going forward.

3) Check Your Contracts And Policies

If the allegation relates to a customer relationship, supplier relationship, or contractor work, review the relevant terms and scope.

This is where clear documentation can save you a lot of time and cost, particularly around:

• what you agreed to do
• any limitations or exclusions (where lawful)
• complaints and dispute resolution procedures

4) Notify Your Insurer Early (If Appropriate)

If you have insurance that might respond, check your policy requirements and timeframes. Some policies require prompt notification.

5) Get Legal Advice Before You Respond Substantively

Many disputes escalate because of a poorly worded email, an unclear offer of settlement, or a misstep in communication.

Getting advice early can help you:

• assess whether you actually owe a duty of care in this scenario
• understand how strong the breach allegation is
• respond in a way that protects your position
• avoid unnecessary escalation

If a dispute looks like it might turn into a serious claim, it’s also worth considering whether you need a formal settlement document (particularly where payments or ongoing obligations are involved).

Key Takeaways

• Breach of duty of care is a common legal risk for small businesses, and it generally means failing to take reasonable care where harm was foreseeable.
• Duty of care can arise in many settings, including customer safety, quality of services, workplace health and safety, and the handling of customer data.
• In New Zealand, ACC usually limits civil claims for compensatory damages for personal injury, but businesses can still face significant risk through regulatory enforcement (for example, WorkSafe) and other types of claims (like property damage or economic loss).
• Whether something is a “breach” depends on what a reasonable business would have done in the same circumstances, not on whether harm was intended.
• Practical systems like maintenance checks, staff training, incident reporting, and good record-keeping can significantly reduce your exposure.
• Tailored legal documents (like customer terms, contractor agreements, and service agreements) can help clarify responsibilities and reduce disputes before they start.
• If someone alleges a breach, avoid early admissions, preserve evidence, notify insurers where relevant, and get legal advice before making a substantive response.

If you’d like help strengthening your contracts, reviewing your risk areas, or responding to a potential breach of duty of care claim, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.