Office of the Privacy Commissioner | New on the website
Most recently edited pages
Displaying 1 - 10 of 26
HIPC Rule 3A: Notification requirements for indirect collection of health information
IPP3A is about an agency’s obligations when it collects personal information indirectly (collecting from someone other than the person themselves).
Breach legal professional privilege
This content was updated in June 2026.
Current vacancies at OPC
We're hiring!
Executive summary: Inquiry into the cyber security breach affecting the Manage My Health Limited patient portal
On 1 January 2026, Manage My Health Limited notified the Office of the Privacy Commissioner that threat actors had managed to steal large amounts of health info
Privacy Commissioner finds Manage My Health and Health New Zealand breached Privacy Act – 91 percent of affected patients based in Northland
The Privacy Commissioner has today released the findings of Phase 1 of his Inquiry into the December 2025 Manage My Health cyber incident which resulted in...
Privacy Commissioner finds Manage My Health and Health NZ breached Privacy Act
Privacy Commissioner Michael Webster has today released the results of Phase 1 of his Inquiry into the December 2025 Manage My Health cyber incident.
Manage My Health Inquiry
Updated 27 May 2026
Completion of Phase 1 of the Manage My Health Inquiry
Privacy Commissioner Michael Webster has released the results of Phase 1 of his Inquiry…
Privacy Week 2026
Everything you need to know about Privacy Week 2026 (11-15 May).
New survey: privacy concerns are no longer niche worries
Issues like AI decision-making, facial recognition, and children's digital lives are now firmly mainstream concerns, rather than niche ones.
2026 annual survey on privacy
Issues like AI decision-making, facial recognition, and children's digital lives are now firmly mainstream concerns rather than niche ones.