The Privacy Commissioner has ordered the Reserve Bank to improve its policies and procedures and make its systems more secure for the handling personal information.
The compliance notice was issued to the RBNZ after a privacy breach was reported to the Office of the Privacy Commission on 9 January.
The breach related to a cyber-attack on the RBNZ in December 2020, which was followed by an internal and external review to identify any shortcomings in the central bank's operations.
Following that review, the privacy commissioner determined the RBNZ had failed to adequately protect some personal information it held, despite security safeguards.
The Reserve Bank had since instigated a programme of work to improve policies and processes for protecting personal information.
The Office of the Privacy Commissioner was monitoring the RBNZ's progress on that programme of work.