1. Introduction & Overview

1.1. This is the latest in a series of privacy impact assessments that have been prepared in relation to elements of the State Services Commission's work on online authentication.

1.2. The first and second privacy impact assessments were prepared by Pacific Privacy Partners in 2003 and 2004. They are available on the e-government website at www.e.govt.nz/services/authentication/authent-pia-200312/index.html and www.e.govt.nz/services/authentication/pia-200404/index.html.

1.3. Since the publication of those documents, the all-of-government authentication programme has considerably advanced its thinking, and has signalled a change in direction for the phased implementation of the project. These changes appear privacy positive, and have no doubt been affected by the analysis presented in the earlier privacy impact assessments. As such the process of privacy impact assessment appears to be both hardwired into the e-government policy development and analysis systems, and to be working as intended by advocates of privacy impact assessment.

1.4. Of considerable significance is the split between establishment (proving who you are once) and confirmation of identity (confirming who you are on an on-going basis through the Government Logon Service).

1.5. Much of the earlier analysis of privacy impact focused on issues around identity establishment, and the privacy problems of a central database, effectively a population register, to establish and assert identity. One of the themes of the earlier assessment was the establishment of an Authentication Agency, which may have functioned as a central repository of information about individuals' identities, and their electronic representations.

1.6. This privacy impact assessment expressly excludes discussion of an Authentication Agency, or of issues of establishment, proof, or evidence of identity. The terms of reference for this report are attached as appendix "A".

1.7. The Government Logon System does not depend on establishment or proof of identity, nor is it a centralised agency accumulating data about individuals' transactions with government. Rather, the system requires Service Agencies to continue establishment of identity of their service users to the extent they consider appropriate for their assessment of the identity related risks posed by use of authenticated online services offered by that Service Agency.

1.8. There may be privacy issues which are contingent on the ways chosen by Service Agencies to verify identity, but the challenge for this process of privacy impact assessment is to accurately delineate between the core Government Logon Service proposal and the framework and business processes adopted by service agencies to allow online access to their systems.