Nau mai, haere mai

Completion of Phase 1 of the Manage My Health Inquiry

The Privacy Commissioner has released the results of the Inquiry into the Manage My Health cyber security breach in December 2025. 

He has found that both Manage My Health and Health NZ failed in their responsibilities to have reasonable security safeguards in place to protect patient information and that they both breached Rule 5 of the Health Information Privacy Code, relating to the storage and security of information.

While both Manage My Health and Health NZ have told us that they have made improvements, the Commissioner intends to issue each with a compliance notice(external link) that will enable the Commissioner to independently check that the changes are working effectively and patient information is now better protected. 

The Inquiry into the Manage My Health cyber incident is being done in two phases and this completes phase 1, which focused on what caused the breach and who was accountable. Phase 2 will focus on the impacts of the breach.

• Read the full inquiry document [PDF, 932 KB]
• Read the executive summary of the Inquiry
• Read our media release, Privacy Commissioner finds Manage My Health and Health NZ breached Privacy Act
• Go to our Focus Areas page about the Manage My Health Inquiry

Privacy concerns are no longer niche worries

Issues like AI decision-making, facial recognition, and children's digital lives are now firmly mainstream concerns, rather than niche ones, according to the latest privacy survey. 

“The increasing use of technology is leading more New Zealanders to ask questions about the amount of personal information being collected about them, what it’s being used for, and how it’s being kept safe from misuse”, Privacy Commissioner Michael Webster says.

This year’s top three concerns are children's privacy including social media use (71% concerned, up 4%); government agencies and businesses using AI to make decisions about people using personal data (67% concerned, up 5%); and the management of personal information by social media companies (65% concerned, up 2%). 

“These issues remain unchanged from 2025, which shows that privacy issues linked to these topics are becoming entrenched in people’s minds as something to worry about”, said Mr Webster.

Read the full results of our 2026 privacy survey.

Read our media release about our new survey.

We’ve changed the way we respond to public enquiries

For many years we’ve operated a bespoke enquiries service. People and agencies have been able to contact us through a dedicated email address and 0800 number to ask their privacy questions.

The volume of these enquiries has long outnumbered our ability to answer them. Many are questions that people could have quickly answered themselves using our website and many could also be answered by agencies’ privacy officers.

Given this, we’ve changed the way we respond to public enquiries.

You will still be able to make privacy complaints(external link). That is not changing.

On 31 March 2026 our enquiries email address was closed. Our website is full of information to help answer privacy questions, including outlining your privacy rights.

You’ll also find answers in our AskUs knowledge base, which has already answered more than 650 popular privacy questions. (external link)If you need customised help especially for your situation then you need to either seek free legal advice through Community Law(external link) or contact your own lawyer.

When you call our 0800 803 909 number now you'll hear a menu of options, which will help you answer your question. Accessibility choices are part of these options.

Read the detail about what we're changing.

Make a privacy complaint

We're keen to work with New Zealanders to get their privacy queries and complaints sorted quickly and fairly. Before you complain to us, you need to complain directly to the business or organisation that you feel has breached your privacy.

If you haven’t been able to work out your privacy issue with them, then you can complain to us. We aim to ensure that you're treated fairly, whatever your background or circumstances. We work in accordance with the Human Rights Act 1993.

• Read our tips about using AI to contact us
• Lodge a privacy issue with another agency(external link).
• Use our Response Date Calculator for access and correction requests.
• Answer your questions about privacy breaches.
• Make a privacy complaint to us(external link).

Being affected by a privacy breach can be distressing and emotionally harmful. Read about managing your mental distress.

We review all the complaints we receive. If we can resolve them quickly, we will. If your case requires a complicated or comprehensive investigation, then owing to high volumes, the wait time for an investigator is at least six months, and likely longer. Another agency may be able to help you quicker than that. See our list of other dispute resolution schemes. 

Use our free e-learning tools

We can help you and your workmates learn about privacy, or sharpen your skills with our free e-learning tools. There are 10 free courses to choose from, and they are all run as online learning modules. Learn at your own pace and receive a certificate of completion.

Topics range from Privacy 101 to specialist topics like health and education. You can learn more about reporting privacy breaches, approved information sharing agreements (AISA) and more.

Get learning with our e-learning modules.

Our news and views

Read our latest media releases and news.

Subscribe to Privacy News, our free monthly newsletter.

See case notes and court decisions.

Order free brochures for your customers or clients.

Come and work with us

When you work here you’re serving New Zealanders and their right to privacy. We’re a small but mighty Office full of well-read people who are interested in the world and what happens in it. Kindness matters here, which creates a great place to work. Find out more about working here, check for vacancies, and read about our recruitment process.