Duty Of Care: What NZ Businesses Need To Know

If you run a business in New Zealand, duty of care isn’t just a legal phrase lawyers throw around. It’s a practical way of describing the responsibilities you owe to people who could be affected by what your business does (or doesn’t do).

That might include your staff, contractors, customers, visitors to your premises, or even members of the public who interact with your products or services.

Getting your duty of care right from day one can save you a lot of stress later. It can reduce the risk of injuries, disputes, complaints, regulatory action, and reputational damage - and it also helps you build a safer, more trustworthy business.

What Is “Duty Of Care” In New Zealand?

In simple terms, duty of care describes a legal responsibility to take reasonable steps to avoid causing harm to someone else.

The word “reasonable” matters. A duty of care usually doesn’t mean you must prevent every possible problem (that would be unrealistic). Instead, the question is typically whether a reasonable business in your position would have:

• identified a risk (or should have identified it), and
• taken sensible steps to reduce that risk.

In NZ, duty of care tends to come up across a few different legal “buckets”, including:

• Health and safety law (especially the Health and Safety at Work Act 2015)
• Common law (for example, negligence claims where someone alleges you failed to take reasonable care)
• Consumer and trading obligations (for example, product and service safety expectations under the Consumer Guarantees Act 1993 and the Fair Trading Act 1986)
• Privacy obligations (especially under the Privacy Act 2020)

So while people often talk about duty of care as “one concept”, in practice it’s something you manage across multiple parts of your business - and the exact legal test and consequences can differ depending on which area of law is involved.

Why Small Businesses Should Care (Even If You’re Not “High Risk”)

A lot of small business owners assume duty of care only matters for construction sites or factories. But it applies just as much if you run a café, retail store, clinic, agency, online store, or professional services business.

Examples of everyday duty of care issues include:

• a customer slipping on a wet floor in your shop
• an employee getting injured due to unsafe manual handling or poor training
• a client claiming your service caused them financial loss because you didn’t warn them about a known risk
• a data breach exposing customers’ personal information

None of these situations are rare - which is why it’s worth setting up your legal foundations early.

When Do NZ Businesses Owe A Duty Of Care (And To Who)?

A duty of care generally exists where it’s foreseeable that your actions or omissions could cause harm, and where there’s a relationship that justifies imposing responsibility on you.

From a business owner’s perspective, the most common groups you may owe a duty of care to are:

• Employees (including part-time and casual staff)
• Contractors and subcontractors working in your business or at your site
• Customers and clients receiving your products or services
• Visitors to your premises (including delivery drivers and members of the public)
• Other businesses you work with (for example, in a supply chain where your work impacts their safety or operations)

It can help to think about duty of care in “touchpoints”:

• People: anyone your business directs, trains, supervises, or relies on
• Places: your shop, office, warehouse, home-based workspace, vehicles, or work sites
• Products and services: what you sell, supply, deliver, install, or advise on
• Information: the personal data you collect, store, use, or share

Does Duty Of Care Mean You’re Automatically Liable If Something Goes Wrong?

Not automatically. Liability depends on the situation, the relevant law, and whether you took reasonable steps.

It’s also important to understand a key NZ-specific point: for most personal injuries, New Zealand’s ACC scheme generally limits the ability to sue for compensatory damages (because ACC provides no-fault cover). However, businesses can still face other consequences - including WorkSafe enforcement and fines under HSWA, reparation in criminal cases, contractual or property damage claims, privacy complaints, and reputational harm.

In practice, if you don’t have clear systems (training, policies, contracts, maintenance, incident reporting), it can be much harder to show you did what a reasonable business should have done.

Duty Of Care At Work: Health And Safety Obligations For Employers

One of the most important areas for NZ businesses is workplace health and safety. Under the Health and Safety at Work Act 2015 (HSWA), many businesses will be a PCBU (Person Conducting a Business or Undertaking). PCBUs have broad obligations to ensure health and safety so far as is reasonably practicable.

That’s closely connected to duty of care in everyday language: it’s your responsibility to keep your workplace safe.

If you want a deeper breakdown of what this looks like in practice, duty of care employers is a useful starting point.

Common Workplace Duty Of Care Risks

Even “low risk” workplaces can have real hazards. Examples include:

• slips, trips and falls (cords, clutter, wet surfaces)
• manual handling injuries (lifting stock, repetitive tasks)
• stress and psychosocial risks (burnout, bullying, unrealistic workloads)
• unsafe equipment use (tools, kitchen equipment, vehicles)
• remote work set-ups (poor ergonomics, lack of supervision)

What “Reasonably Practicable” Steps Look Like

Duty of care is usually about doing the basics consistently and documenting what you’re doing. For many small businesses, practical steps include:

• Induction and training: making sure people know how to do tasks safely
• Clear instructions: especially for higher-risk tasks
• Hazard identification and controls: writing down hazards and what you do to manage them
• Incident reporting: so problems don’t repeat
• Maintenance: keeping equipment and premises in safe condition
• Supervision: particularly for new staff, young workers, or high-risk tasks

Use Your Contracts And Policies To Reinforce Safety Expectations

Legal documents won’t replace good safety practices - but they can support them.

For example, an Employment Contract can set expectations around following safety procedures, reporting hazards, and complying with workplace rules.

Similarly, having a written Workplace Policy (or a wider staff handbook) helps you communicate the standards you expect day-to-day - and can be important if you ever need to manage performance or misconduct.

If you engage contractors, it’s also worth putting expectations in writing using a Contractor Agreement, especially around site rules, safety responsibilities, and reporting.

One common mistake is assuming that calling someone a “contractor” means you don’t owe them safety duties. Under HSWA, duties can still apply depending on the relationship and who controls the work.

Duty Of Care To Customers, Clients And The Public

Duty of care isn’t limited to your team. If customers or members of the public interact with your business, you’ll often have responsibilities to take reasonable steps to keep them safe too.

This can show up in two main ways:

• Physical safety: injuries that happen at your premises or due to your operations
• Product/service safety and quality: issues with what you sell or the services you provide

Premises And On-Site Safety

If you operate from a physical location (shop, clinic, warehouse, salon, café), your duty of care typically involves managing hazards that visitors might encounter.

Practical examples include:

• keeping walkways clear and well-lit
• using wet floor signs and cleaning spills promptly
• regularly checking stairs, rails, mats, and entryways
• managing crowding and queues safely
• ensuring emergency exits are accessible

Think of it as a routine: if a hazard is common, your response should be built into your daily operations, not treated as a once-off fix.

Products And Services: Safety, Advertising And Quality Expectations

If you sell products or services, the Consumer Guarantees Act 1993 (CGA) and the Fair Trading Act 1986 (FTA) can be highly relevant to your duty of care in practice.

In plain language:

• The CGA sets expectations that products are of acceptable quality and fit for purpose (and services are carried out with reasonable care and skill).
• The FTA prohibits misleading or deceptive conduct - including advertising that creates the wrong impression about what your product or service can do.

If you oversell what you provide, or you don’t warn customers about key risks or limitations, you increase the chance of complaints and disputes - and in some cases, potential liability if harm occurs (particularly outside the ACC personal injury framework, such as property damage or pure economic loss claims in certain circumstances).

Professional Services And Advice-Based Businesses

If your business provides advice (consulting, marketing, IT, design, coaching, health services, and more), your duty of care often includes:

• setting clear scope (what you will and won’t do)
• using appropriate disclaimers where relevant
• documenting instructions and approvals
• keeping records of advice given

This is where tailored service agreements and good project documentation can make a real difference if a client later claims they relied on something you said or assumed something was included.

Duty Of Care For Information, Monitoring And Technology

Modern duty of care isn’t only about physical safety. It can also involve how you handle personal information and how you monitor people at work.

As a small business owner, it’s easy to accidentally create risk here - for example, by storing customer data in an unsecured spreadsheet, sharing login details, or recording calls without thinking through the rules.

Privacy And Data Security (Privacy Act 2020)

If you collect personal information (customer names, emails, phone numbers, addresses, health info, ID documents, CCTV footage), the Privacy Act 2020 applies.

From a duty of care perspective, a big part of privacy compliance is taking reasonable steps to protect data from misuse, loss, or unauthorised access.

A Privacy Policy is a practical starting point because it forces you to map out what you collect, why you collect it, where you store it, and who you share it with.

Reasonable privacy steps for many SMEs include:

• restricting staff access to only what they need
• using strong passwords and multi-factor authentication where possible
• training your team on phishing and safe handling of customer data
• having a process for responding to suspected privacy incidents
• only collecting what you actually need

CCTV And Workplace Monitoring

Some businesses use CCTV for security, theft prevention, or safety. That can be legitimate - but it needs to be handled carefully.

As a general rule, you should be clear about:

• why you’re collecting footage (the purpose)
• where cameras are located (and avoiding highly private areas)
• how long footage is stored
• who can access it
• how you notify staff and visitors

If CCTV is relevant to your workplace, it’s worth checking the specific considerations around are cameras legal in the workplace, because privacy and employment expectations often overlap here.

Call Recordings, Customer Service Calls And Training

Recording calls can be useful for quality assurance, training, and dispute resolution - but you need to make sure you do it the right way.

At a minimum, you should think about:

• whether you notify callers the call may be recorded
• how the recordings are stored and who can access them
• how long you keep them
• whether the recordings include sensitive personal information

If your business records calls, business call recording laws in New Zealand is a helpful reference point for common compliance issues and practical steps.

Key Takeaways

• Duty of care generally means taking reasonable steps to prevent foreseeable harm to people affected by your business, including staff, contractors, customers and visitors.
• Duty of care can come from multiple sources, including the Health and Safety at Work Act 2015, common law negligence principles, the Consumer Guarantees Act 1993, the Fair Trading Act 1986, and the Privacy Act 2020.
• For employers and PCBUs, duty of care is closely tied to workplace health and safety - and it’s often about consistent systems like training, hazard controls, supervision, and incident reporting.
• Your duty of care to customers and the public often includes managing on-site risks (like slips and trips) and ensuring your products and services are safe, accurately described, and delivered with reasonable care and skill.
• In NZ, ACC often changes the claims landscape for personal injury, but businesses can still face serious consequences (including HSWA enforcement and fines, reparation in criminal matters, and other civil claims such as for property damage or economic loss).
• Data handling and monitoring (CCTV, call recordings) can raise duty of care and privacy issues, so it’s important to be transparent, limit access, and have clear processes.
• Strong legal foundations support your duty of care in practice - including having the right contracts and policies in place, and getting tailored legal advice rather than relying on generic templates.

Important: This article is general information only and isn’t legal advice. If you’d like help putting the right legal foundations in place to manage your duty of care - whether that’s employment documents, contractor terms, privacy compliance, or risk-focused policies - you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.