Can You Go To Jail For Breaking An NDA In New Zealand?

If you run a business in New Zealand, chances are you’ve used an NDA at some point (or you’ve wished you had one).

Maybe you’re sharing your product roadmap with a developer, negotiating with a potential buyer, pitching to an investor, onboarding a new team member, or testing a new idea with a supplier. In all of those situations, an NDA (non-disclosure agreement) can be the difference between “confidential” and “common knowledge”.

But there’s a question we hear a lot from business owners: can you go to jail for breaking an NDA in New Zealand?

The short version is: an NDA breach is usually a civil issue (money and court orders), not a criminal one (jail). That said, the real-world consequences of a confidentiality breach can still be serious for your business - and in some cases, the behaviour around the breach can overlap with criminal offences (for example, theft, fraud, unauthorised access to computer systems, or unlawful handling of personal information).

Let’s break it down in plain English, from the perspective of protecting your business.

What Does “Breaking An NDA” Actually Mean?

An NDA is a contract where one (or both) parties agree to keep certain information confidential and only use it for a defined purpose.

So, breaking an NDA generally means the other party has done something the contract says they must not do, such as:

• disclosing confidential information to someone else (e.g. telling a competitor, posting it online, sharing it internally with people who shouldn’t see it);
• using confidential information for an unauthorised purpose (e.g. using your customer list to start a competing business);
• failing to protect confidential information as required (e.g. careless handling that leads to a leak);
• copying or extracting confidential material (e.g. taking documents, screenshots, code, or files when they have no right to); or
• refusing to return or destroy confidential information when the agreement requires it.

One important point: “confidential information” isn’t always obvious in practice. It usually includes more than “trade secrets”. It can cover:

• pricing, margins, costs and supplier terms;
• business plans, pitch decks, internal strategies and roadmaps;
• client lists and purchasing behaviour;
• marketing plans and campaign data;
• product designs, formulas, processes and prototypes;
• software code, system architecture and internal documentation; and
• operational documents (templates, workflows, manuals).

This is why it’s so important your NDA is drafted clearly - what counts as “confidential”, what’s excluded, and what the receiving party can and can’t do with it should be unambiguous.

Can You Go To Jail For Breaking An NDA In New Zealand?

In most situations, no - an NDA breach doesn’t automatically mean jail.

That’s because an NDA is a contract. Contract disputes are usually handled under civil law, where the remedies are things like:

• compensation (damages);
• court orders to stop using or sharing the information (injunctions);
• orders to return/destroy confidential information;
• account of profits (handing over profit made from the misuse); and
• sometimes legal costs.

It’s also worth knowing that, in New Zealand, you may have protections even without an NDA. Depending on the facts, a business can sometimes bring a breach of confidence claim (an equitable claim) where confidential information was shared in circumstances importing an obligation of confidence and then misused. In practice, NDAs help a lot because they reduce arguments about what was confidential, what the permitted purpose was, and what steps the recipient had to take to protect it.

However, there are situations where the conduct involved in breaking an NDA overlaps with criminal offences. For example:

• Theft: taking physical items or property that doesn’t belong to them (e.g. hard drives, documents, devices).
• Dishonesty or fraud-type behaviour: intentionally deceiving to obtain a benefit or cause loss.
• Unauthorised access to systems: accessing company systems without permission, or after access has been removed (for example, conduct that can fall within New Zealand’s computer access offences under the Crimes Act 1961).
• Privacy breaches: mishandling personal information (especially if it’s customer or employee data), which can also trigger regulatory consequences under the Privacy Act 2020 (for example, complaints to the Office of the Privacy Commissioner and, in some cases, proceedings in the Human Rights Review Tribunal).

So, while the NDA breach itself is usually civil, it’s not the whole story. If you’re dealing with a serious leak, it’s worth getting legal advice early so you can understand which pathways (civil and/or criminal) are realistically available based on the facts.

What Happens If Someone Breaks Your NDA? (Real Consequences For NZ Businesses)

Even if jail isn’t the typical outcome, an NDA breach can still be expensive, disruptive, and damaging - especially for small businesses where your edge might be your know-how, your client base, or your pricing model.

Here’s what the consequences often look like in practice.

1. Urgent Action To Stop The Damage

Once confidential information is out, you can’t “unring the bell”. That’s why many NDA disputes become urgent quickly.

Your first steps often include:

• sending a formal letter requiring the other party to stop using/disclosing the information;
• requiring return or destruction of copies (including backups);
• asking for written confirmations and details of who received the information;
• seeking an injunction if the risk is ongoing.

If you’re in a commercial deal context (like a negotiation or supplier arrangement), it can be useful to have a broader contract framework in place alongside the NDA, such as a Service Agreement that clearly sets expectations about deliverables, ownership, and dispute processes.

2. Damages (Compensation) Can Be Harder Than People Expect

Many business owners assume that if someone breaks an NDA, they automatically “owe” a big payout. In reality, damages claims can be complex because you may need to prove:

• there was a breach of the NDA;
• you suffered a quantifiable loss (or the other party made a gain); and
• the breach caused that loss.

This doesn’t mean damages are off the table - it just means you’ll want the NDA drafted in a way that supports enforcement, and you’ll want good internal documentation showing:

• what was shared;
• when it was shared;
• who had access; and
• why the information is commercially valuable.

3. Your Competitive Advantage Can Be Compromised

For small businesses, confidentiality often is the business value.

If your processes, pricing, customer lists, supplier terms or product roadmap are leaked, it can lead to:

• competitors undercutting you;
• clients being poached;
• investor confidence being shaken;
• your “unique” product becoming easier to replicate; and
• long-term reputational harm.

This is why NDAs are often paired with other legal protections, like well-drafted IP ownership clauses in contractor arrangements and clear confidentiality obligations in employment agreements.

How Do You Enforce An NDA In NZ?

Enforcement is where a lot of NDAs succeed or fail in real life. An NDA that looks good on paper but isn’t practical to enforce won’t give you the protection you think it will.

While enforcement depends on your exact facts, most NDA enforcement paths include some combination of the following steps.

Step 1: Check The NDA’s Key Terms First

Before you take action, confirm what the NDA actually says about:

• what is confidential (and what’s excluded);
• permitted use (what can the recipient do with the info?);
• who can receive it (employees, advisers, related entities);
• how long confidentiality lasts;
• return/destruction obligations;
• injunctive relief wording (often included to support urgent court orders); and
• jurisdiction / governing law (especially important for overseas contractors).

If your NDA is part of a broader contractual relationship, you’ll also want to check the related agreement, such as your Non-Disclosure Agreement terms (or your main services agreement) to ensure there aren’t conflicting clauses.

Step 2: Gather Evidence Early (And Carefully)

To act quickly, you’ll want evidence of what happened, such as:

• emails, messages or file transfer records;
• access logs (if you have them);
• copies of what was disclosed (if available);
• witness statements or internal notes;
• the original NDA and any related communications.

Be cautious about how you collect evidence, especially if it involves monitoring workplace devices or staff communications. If you collect personal information in the process, the Privacy Act 2020 may apply, and you’ll want your internal settings aligned with an Privacy Policy and appropriate workplace policies.

Step 3: Issue A Formal Notice Or Letter Of Demand

Often, the first external step is a letter that:

• identifies the confidential information;
• sets out the alleged breach;
• demands they stop using/disclosing it;
• requires return/destruction and confirmation; and
• reserves your rights (including a claim for damages).

This step is also useful because it creates a clear paper trail if the matter escalates.

Step 4: Apply For An Injunction If There’s Ongoing Risk

If the information is actively being used or shared (or you reasonably believe it will be), you may need urgent court relief.

Injunctions are technical and fact-specific, but the underlying idea is straightforward: you’re asking the court to order the other party to stop doing something immediately to prevent further harm.

This is where having a properly drafted NDA matters. Courts are more willing to enforce clear, reasonable obligations than vague “everything is confidential forever” wording.

How Do You Prevent Breaking An NDA Problems In The First Place?

Most businesses only think about NDAs after something goes wrong. But if you build confidentiality into your processes from day one, you can prevent a lot of disputes - and you’ll be in a stronger position if you ever need to enforce your rights.

Use The Right NDA For The Relationship

Not all NDAs are the same. Some common options include:

• Mutual NDA (both parties share confidential info);
• One-way NDA (only your business discloses);
• NDA built into a broader commercial contract (common for ongoing supplier, contractor, or tech relationships).

If you’re working with contractors, it’s usually best not to rely on an NDA alone. You’ll want an agreement that covers confidentiality and deliverables, payment, IP ownership, and liability allocation - particularly where the contractor is building something core to your business. This is also where contractor classification matters, because you don’t want a “contractor” relationship that looks like employment without the right paperwork in place (and the right obligations clearly documented).

Where you’re actually hiring staff, ensure confidentiality sits inside your Employment Contract and aligns with your policies and onboarding process.

Define Confidential Information Clearly (And Include Practical Examples)

Vague NDAs tend to be harder to enforce. Strong NDAs usually:

• define confidential information broadly enough to protect you;
• include examples relevant to your industry (pricing, customer lists, product plans, code, etc.);
• exclude information that is genuinely public or independently developed; and
• explain the permitted purpose (e.g. “to evaluate a potential partnership”).

This helps reduce “grey area” arguments later about what was or wasn’t covered.

Limit Access Internally (Need-To-Know Is Your Friend)

Your NDA is one layer of protection - your internal controls are another. If you share confidential information broadly, you increase the chance of accidental disclosure, leaks, and disputes.

Practical steps include:

• only giving access to staff who need it;
• using role-based permissions in your systems;
• watermarking or labelling “Confidential” documents (where appropriate);
• keeping a disclosure register for highly sensitive materials; and
• having clear offboarding processes (return of devices, access removal, confirmation of deletion).

Don’t Forget About IP Ownership

A common misunderstanding is thinking that an NDA automatically gives you ownership of ideas or work product. It doesn’t.

An NDA is about confidentiality. Ownership (especially for things like software, designs, and content) usually needs separate, explicit IP clauses or an IP assignment arrangement.

If someone is creating IP for your business, consider putting the right IP terms in place early, such as an IP Assignment (or a broader contract that clearly states what IP is created, who owns it, and how it can be used).

When Is An NDA Not Enough (And What Else Should You Have In Place)?

For many small businesses, the NDA is just the starting point. Depending on what you’re doing, you might also need:

• non-compete / restraint provisions (used carefully, and only where reasonable and enforceable);
• non-solicitation clauses (e.g. stopping poaching of clients or team members);
• privacy compliance if confidential information includes personal data (customers, leads, staff);
• trade mark protection for your brand; and
• shareholder and director protections if sensitive information is being shared inside a company structure.

For example, if you’re taking investment or bringing in a co-founder, confidentiality is only one part of protecting the business. You’ll also want clarity around decision-making, equity, exits, and what happens if someone leaves. That’s where documents like a Shareholders Agreement can reduce the risk of disputes (including disputes involving confidential information).

And if you’re operating through a company, it’s worth aligning your governance documents so everyone understands the rules from day one - including confidentiality expectations at a director/shareholder level. A Company Constitution can be part of that legal foundation, depending on how your company is set up.

Key Takeaways

• An NDA breach is usually a civil matter in New Zealand, meaning the typical consequences are court orders and compensation - not jail.
• Jail is unlikely for the NDA breach alone, but it can become relevant where the surrounding conduct amounts to a separate offence (like theft, fraud, unauthorised access to computer systems under the Crimes Act 1961, or serious misuse of personal information).
• The business impact of an NDA breach can be significant, including loss of competitive advantage, client poaching, and urgent legal costs to stop ongoing disclosure.
• Enforcing an NDA often depends on speed and evidence, so it’s important to gather documents, confirm the scope of confidentiality, and act quickly if there’s an ongoing risk.
• The best NDAs are specific and practical, clearly defining what’s confidential, the permitted purpose, who can access it, and what happens when the relationship ends.
• NDAs work best as part of a broader legal setup alongside solid contracts, IP protections, privacy compliance, and (where relevant) company governance documents.

If you’d like help putting the right NDA in place or responding to a suspected breach, we can help. Reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.