Office of the Privacy Commissioner | New on the website
Most recently edited pages
Displaying 1 - 10 of 28
Privacy at the 2026 General Election
The 2026 General Election is coming up on 7 November 2026, and an important part of the democratic process is keeping people, their information, and votes…
HIPC Rule 3A: Notification requirements for indirect collection of health information
IPP3A is about an agency’s obligations when it collects personal information indirectly (collecting from someone other than the person themselves).
Current vacancies at OPC
We're hiring!
What’s the difference between a privacy statement, notice and policy?
Agencies need to be transparent about what personal information they’re collecting and how they will use it under the Privacy Act 2020.
Breach legal professional privilege
This content was updated in June 2026.
Executive summary: Inquiry into the cyber security breach affecting the Manage My Health Limited patient portal
On 1 January 2026, Manage My Health Limited notified the Office of the Privacy Commissioner that threat actors had managed to steal large amounts of health info
Privacy Commissioner finds Manage My Health and Health New Zealand breached Privacy Act – 91 percent of affected patients based in Northland
The Privacy Commissioner has today released the findings of Phase 1 of his Inquiry into the December 2025 Manage My Health cyber incident which resulted in...
Privacy Commissioner finds Manage My Health and Health NZ breached Privacy Act
Privacy Commissioner Michael Webster has today released the results of Phase 1 of his Inquiry into the December 2025 Manage My Health cyber incident.
Manage My Health Inquiry
Updated 27 May 2026
Completion of Phase 1 of the Manage My Health Inquiry
Privacy Commissioner Michael Webster has released the results of Phase 1 of his Inquiry…
Privacy Week 2026
Everything you need to know about Privacy Week 2026 (11-15 May).