Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Nau mai, haere mai

Your privacy is precious; let us help you protect it.

down arrow
20260302 happy Asian woman at laptop

We’re changing the way we respond to public enquiries

For many years we’ve operated a bespoke enquiries service. People and agencies have been able to contact us through a dedicated enquiries@ email address and 0800 number to ask their privacy questions.

The volume of these enquiries has long outnumbered our ability to answer them. Many are questions that people could have quickly answered themselves using our website and many could also have been answered by agencies’ privacy officers.

Given this, we’re changing the way we respond to public enquiries. You can expect to see these changes in the next few months.

Read the detail about what we're changing.

We will update the website with any further information.

2025 young man and children

Manage My Health privacy breach

Manage My Health(external link) provides patient portal services to health providers and their patients (registered users).

On 1 January 2026, Manage My Health notified us that it had been affected by a serious cyber incident involving the sensitive health information of thousands of users. Ransom hackers accessed and downloaded documents stored in the My Health Documents section of Manage My Health, including:

  • files uploaded by individual users such as correspondence, reports or results
  • hospital discharge summary documents for Northland Hospital patients (including clinical letters)
  • referral letters from GPs to specialists and other health providers between 2017 and 2019.

Read more detail on Manage My Health’s website where they're giving updates and have answers to frequently asked questions(external link).

Information for people impacted by this breach - learn how to find out if you're impacted, how to secure your personal information, and how to make a privacy complaint.

Information for affected primary care providers - Manage My Health has notified us about their breach so primary care providers do not need to formally notify OPC about the breach.

2025 storytime

Sharing information to protect the wellbeing and safety of children and young people

New guidance is now available. Read the guidance.

People working in the children’s sector will often need to work together to ensure children and young people are getting the services and supports they need to be safe, protected from harm and to thrive and succeed. 

This means making sure relevant information about the child or young person is shared with the right people at the right time in the right way.

Learn how to share information for the wellbeing and safety of children and young people.

Our work is part of an integrated government response(external link) relating to the Dame Karen Poutasi review in 2022(external link). (external link)Read our 9 October 2025 media release

 

 

Privacy breach homepage

Make a privacy complaint

We're keen to work with New Zealanders to get their privacy queries and complaints sorted quickly and fairly. Before you complain to us, you need to complain directly to the business or organisation that you feel has breached your privacy.

If you haven’t been able to work out your privacy issue with them, then you can complain to us. We aim to ensure that you're treated fairly, whatever your background or circumstances. We work in accordance with the Human Rights Act 1993.

Being affected by a privacy breach can be distressing and emotionally harmful. Read about managing your mental distress.

We review all the complaints we receive. If we can resolve them quickly, we will. If your case requires a complicated or comprehensive investigation, then owing to high volumes, the wait time for an investigator is at least six months, and likely longer. Another agency may be able to help you quicker than that. See our list of other dispute resolution schemes

Agencies: report a data breach

If you're an organisation and have a privacy breach that is likely to cause anyone serious harm, you are legally required to notify us and any affected persons as soon as you can.

As a guide, our expectation is that a breach notification should be made to our Office no later than 72 hours after agencies are aware of a notifiable privacy breach. Work out whether you need to notify us.

How long is 72 hours(external link)?

Do I need to notify my privacy breach(external link)?

Notify Us of a privacy breach
elearning homepage image

Use our free e-learning tools

We can help you and your workmates learn about privacy, or sharpen your skills with our free e-learning tools. There are 10 free courses to choose from, and they are all run as online learning modules. Learn at your own pace and receive a certificate of completion.

Topics range from Privacy 101 to specialist topics like health and education. You can learn more about reporting privacy breaches, approved information sharing agreements (AISA) and more.

Get learning with our e-learning modules.

News and views homepage image

Our news and views

Read our latest media releases and news.

Subscribe to Privacy News, our free monthly newsletter.

See case notes and court decisions.

Order free brochures for your customers or clients.

110325 statement of intent

Come and work with us

When you work here you’re serving New Zealanders and their right to privacy. We’re a small but mighty Office full of well-read people who are interested in the world and what happens in it. Kindness matters here, which creates a great place to work. Find out more about working here, check for vacancies, and read about our recruitment process.

Back to top