# Manage My Health & Privacy Act 2020: Compliance Review
> Discover how Manage My Health aligns with NZ's Privacy Act 2020. This assessment covers data security, retention policies, and identified implementation gaps.

Tags: privacy-act-2020, manage-my-health, data-privacy, health-tech, new-zealand-compliance, data-security
## Outlines of Manage My Health & the Privacy Act 2020
- Assessment of MMH's alignment, gaps, and recommendations.
- Prepared for public and journalists (April 2026).

## Positive Alignments with the Privacy Act 2020
- **Security Commitment:** Robust alignment with security requirements.
- **Data Classification:** Clinical notes and NHI numbers are classified as personal information under Section 4.
- **Login Security:** Implementation of Two-Step Verification (2SV).
- **Sovereignty:** Data is stored domestically in New Zealand; offshore transfers comply with NZ laws.

## Structural & Language Alignment
- **Retention Policy:** MMH utilizes a 90-day data deletion policy following account closure, aligning with Section 7 of the Act.
- **Accountable Agency:** MMH positions itself as an accountable agency and primary data custodian rather than a mere service provider.

## Failures & Recommendations
- **Deletion Barriers:** Users face practical obstacles when attempting to delete accounts.
- **Retention Failures:** Reports of data being retained beyond the stated 90-day window.
- **Key Recommendations:**
  1. Prioritize technical improvements for reliable data deletion.
  2. Increase oversight by the Office of the Privacy Commissioner (OPC).
  3. Develop clearer technical guidelines for digital service providers.
---
This presentation was created with [Bobr AI](https://bobr.ai) — an AI presentation generator.