Nau mai, haere mai

Your privacy is precious; let us help you protect it.

We’re changing the way we respond to public enquiries
New guidance: multi-agency meetings
Lost USB stick constitutes notifiable privacy breach
Commissioner speech: National Cyber Security Summit
New children's privacy guidance for the education sector
Manage My Health Inquiry
Use our response calculator
Send an enquiry
Lodge a privacy issue with another agency
Notify Us of a breach

We’ve changed the way we respond to public enquiries

For many years we’ve operated a bespoke enquiries service. People and agencies have been able to contact us through a dedicated email address and 0800 number to ask their privacy questions.

The volume of these enquiries has long outnumbered our ability to answer them. Many are questions that people could have quickly answered themselves using our website and many could also have been answered by agencies’ privacy officers.

Given this, we’ve changed the way we respond to public enquiries.

You will still be able to make privacy complaints(external link). That is not changing.

On 31 March 2026 our enquiries email address was closed. Our website is full of information to help answer privacy questions, including outlining your privacy rights.

You’ll also find answers in our AskUs knowledge base, which has already answered more than 650 popular privacy questions. (external link)If you need customised help especially for your situation then you need to either seek free legal advice through Community Law(external link) or contact your own lawyer.

You can still call our 0800 803 909 number but what you hear is changing too. From 1 May you will hear a menu of options, which will help you answer your question. Accessibility choices will be part of these options.

Read the detail about what we're changing.

We will update the website with any further information.

IPP3A: getting ready for 1 May 2026

One of the important changes in the Privacy Amendment Act 2025 is the addition of Information Privacy Principle (IPP) 3A. IPP3A changes an agency’s obligations when it collects personal information indirectly. Collecting personal information indirectly means that the agency collects the personal information from someone other than the person themself.

Watch our short video on YouTube.(external link)

Read our IPP3A guidance: notification requirements for indirect collection of personal information.

Read our IPPA(5) guidance: archiving in the public interest.

New children's privacy guidance for the education sector

Children and young people are a taonga to be nurtured and supported as they complete their journey through to adulthood.

Our new guidance focuses on the unique needs of those working within and on the frontline of the education sector. It covers how the IPP's should be applied in a range of education settings, as well as topics like education technology, health and learning support information, and privacy and confidentiality.

While it focuses on the privacy of learners, much of the guidance also applies to other personal information you may hold (e.g. personal information about staff and parents).

Read the new guidance.

Make a privacy complaint

We're keen to work with New Zealanders to get their privacy queries and complaints sorted quickly and fairly. Before you complain to us, you need to complain directly to the business or organisation that you feel has breached your privacy.

If you haven’t been able to work out your privacy issue with them, then you can complain to us. We aim to ensure that you're treated fairly, whatever your background or circumstances. We work in accordance with the Human Rights Act 1993.

Read our tips about using AI to contact us
Lodge a privacy issue with another agency(external link).
Use our Response Date Calculator for access and correction requests.
Answer your questions about privacy breaches.
Fill in our online enquiry form.
Make a privacy complaint to us(external link).

Being affected by a privacy breach can be distressing and emotionally harmful. Read about managing your mental distress.

We review all the complaints we receive. If we can resolve them quickly, we will. If your case requires a complicated or comprehensive investigation, then owing to high volumes, the wait time for an investigator is at least six months, and likely longer. Another agency may be able to help you quicker than that. See our list of other dispute resolution schemes.

Agencies: report a data breach

If you're an organisation and have a privacy breach that is likely to cause anyone serious harm, you are legally required to notify us and any affected persons as soon as you can.

As a guide, our expectation is that a breach notification should be made to our Office no later than 72 hours after agencies are aware of a notifiable privacy breach. Work out whether you need to notify us.

How long is 72 hours(external link)?

Do I need to notify my privacy breach(external link)?

Notify Us of a privacy breach

Use our free e-learning tools

We can help you and your workmates learn about privacy, or sharpen your skills with our free e-learning tools. There are 10 free courses to choose from, and they are all run as online learning modules. Learn at your own pace and receive a certificate of completion.

Topics range from Privacy 101 to specialist topics like health and education. You can learn more about reporting privacy breaches, approved information sharing agreements (AISA) and more.

Get learning with our e-learning modules.

Our news and views

Read our latest media releases and news.

Subscribe to Privacy News, our free monthly newsletter.

See case notes and court decisions.

Order free brochures for your customers or clients.

Come and work with us

When you work here you’re serving New Zealanders and their right to privacy. We’re a small but mighty Office full of well-read people who are interested in the world and what happens in it. Kindness matters here, which creates a great place to work. Find out more about working here, check for vacancies, and read about our recruitment process.