|Networking government in New Zealand.

Tabs

Site map Access Keys Contact us About this site

You are here: Home » Services » Authentication » Library » Key Documents » GLS Privacy Impact Assessment 2005 » Appendix 2

Appendix 2 Appendix 2- Terms of Reference

TERMS OF REFERENCE

IMPACT ASSESSMENT - ALL OF GOVERNMENT INITIAL IMPLEMENTATION AUTHENTICATION PROGRAMME

Background

The State Services Commission is undertaking and leading the Initial Implementation phase of the All-of-government Authentication Programme (the Programme). A major project in this Programme is the Government Logon Service (GLS) (the Project).

The expected outcome of the project will be a solution for people (and businesses) and New Zealand government agencies to verify their identity when transacting electronically. GLS specifically deals with the Logon process and the management of a service user's Logon credentials (keys). Cabinet will consider the next steps at the conclusion of the Programme, expected to be December 2005, and will make a decision whether or not to roll-out the All-of-government Logon solution to other agencies.

Privacy Impact Assessments (PIA's) have previously been carried out on an initial design for the overall authentication model, of which GLS is a component. As the design for the GLS has evolved from that originally reviewed, the Commission considered it appropriate that a review be undertaken of the GLS design that is to be implemented.

Assignment

The purpose of the PIA is to identify privacy impacts arising from the Project and to provide advice on potential mitigation options available to address such privacy impacts in order that the policy objectives of the project are met. Decisions on these options remain the prerogative of the project team.

The PIA is to be delivered to the Authentication Programme Manager and is to be prepared generally in conformity with Privacy Commissioner's Privacy Impact Assessment Handbook. When complete, the PIA is to be a public document available for use by policy makers, the Privacy Commissioner and other interested parties.

Approach

The work will commence no later than 4 March 2005 and will involve an iterative process including:

Reviewing project documentation (including the two Pacific Privacy Consultant PIA documents and the Paua Interface Ltd Research of issues for Māori relating to the Online Authentication Project report)
Convening and attending "white board" Q & A session(s) with key project staff
Meeting with the Office of the Privacy Commissioner (OPC)
Meeting with the Authentication Project team to discuss conclusions in draft PIA

The Commission is particularly interested in the likely privacy impacts on Maori. It is expected the PIA will look specifically at whether there are any privacy impacts for Maori that need to be considered by the project.

Timeframes

The PIA reviewer will:

Undertake international and domestic research and prepare a "rough cut" draft for review by the Authentication Project team's technical staff by 22 April 2005
Finalise the draft PIA for submission to OPC (to be sent by the Authentication Project team once it has reviewed and is satisfied with the PIA) by 6 May 2005
Meet with OPC to discuss and receive feedback and revise the draft, if necessary, to incorporate OPC feedback by 27 May 2005
Submit the final version of the PIA to the Authentication Project team by 3 June 2005

[ Previous ]