Review Bodies

(Initial PIA Recommendations 29, 30 & 34)

62. Ministers have agreed in principle that the existing jurisdictions of the Privacy Commissioner, Ombudsmen, Human Rights Commission and Auditor-General can between them cover the review role. It is proposed that specific agreements be reached with the OPC and OoO in relation to their involvement in the Initial Implementation Programme. While both offices will need to give preparatory consideration to community education and the handling of complaints in due course, OPC will need to be adequately resourced for participation in all five of the components of the Initial Implementation in the immediate future. It should be confirmed that OPC will be just as closely involved in those components of C2 led by DIA as it is in the EGU led components.

63. The proposal to rely on existing review body jurisdictions runs the risk of complaints about the operation of any online authentication scheme falling between gaps, or alternatively duplication of effort and confusion. A detailed protocol will be required in due course, identifying the type of complaints that could arise and clearly agreeing on responsibility for dealing with them.

64. Similarly, agreement will be needed on responsibility for overall periodic review of the operation of the scheme.

65. These issues will be addressed in Component 4.