Skip to content.
|Networking government in New Zealand.
You are here: Home » Services » Authentication » Policy Work » Privacy

Privacy

Key Documents

Background

A Privacy Impact Assessment (PIA) is an analysis of potential effects on privacy arising from a particular proposal. The Office of the Privacy Commissioner explains that:

  • "PIA is a process whereby a conscious and systematic effort is made to assess the privacy impacts of options that may be open in regard to a proposal.
  • PIA is an assessment of any actual or potential effects that the activity or proposal may have on individual privacy and the ways in which any adverse effects may be mitigated."

 

December 2005 PIA of Identity Verification Service

A PIA on the high-level design of the Identity Verification Service was commissioned by SSC from an independent privacy assessor, John Edwards. The December 2005 report states that:

"It is apparent from the latest iteration of the design specifications that the issues that have been raised in earlier reports have been taken seriously, and lead to novel approaches to striking the balance between the core needs of an authentication service, and of the individual privacy interest of the population as a whole."

The Report goes on to say that,

"Privacy has been central to the development of the project, a fact reflected in both in the Cabinet principles, and in the way that many of the concerns pointed out in the earlier privacy impact assessment have been addressed."

"The risks that remain are in the main, contingent and inherent. That is, there is very little in the design that could be characterised as a breach of privacy if the scheme operates as currently intended. The risks relates to further expansion and as yet unanticipated developments probably contrary to the Cabinet principles."

The Report contains five recommendations, all of which have been accepted by the State Services Commission and Department of Internal Affairs. These are being implemented as recommended by the PIA.

July 2005 PIA of Government Logon Service

A PIA report on the implementation design of the Government Logon Service was commissioned from an independent privacy assessor, John Edwards. The July 2005 report is overall positive on the privacy-related features. Section 1.3 of the report states:

"Since the publication of those documents [previous PIAs], the all-of-government authentication programme has considerably advanced its thinking, and has signalled a change in direction for the phased implementation of the project. These changes appear privacy positive, and have no doubt been affected by the analysis presented in the earlier privacy impact assessments. As such the process of privacy impact assessment appears to be both hardwired into the e-government policy development and analysis systems, and to be working as intended by advocates of privacy impact assessment."

The PIA emphasises the privacy-positive them in Section 5.1:

"Overall the proposed GLS [Government Logon Service] appears to have been devised to minimise privacy risk, and has done so successfully."

and in Section 5.3:

"The project design appears to fully reflect the policy settings prescribed by Cabinet, and the voluntary nature of the system is a significant factor in safeguarding privacy."

Eight recommendations have been made, all of which SSC accepts and has either already implemented or is doing so during the current Initial Implementation Phase of the Authentication Programme.

Privacy in Online Authentication

The need for the online authentication initiative to give full consideration to privacy concerns and issues was first formally recognised by Cabinet in April 2002, when it approved ‘protection of privacy’ as one of the policy principles for authentication.

Feedback from the public consultation, undertaken in March 2003, demonstrated a strong desire for security and privacy to feature prominently in any model that was adopted for implementation. It was reinforced by the conclusions of a Preliminary PIA that was completed in parallel by the State Services Commission.

This view influenced the identification of a preferred model for implementation. It also led to Cabinet’s direction that future design work should give precedence to security and privacy, and that a formal PIA should be undertaken.

An independent Privacy Assessor – Pacific Privacy Consulting Ltd., was appointed to carry out the formal PIA and presented their completed report in December 2003. The report, which makes 35 recommendations, also comments that:

"The relatively early stage of the authentication project at which the assessment has been carried out has both advantages and disadvantages. It allows the assessment to perform its function of potentially influencing both the design and the business case. But because the design is not yet fully developed or stable, it also means that the analysis is to some extent speculative, and must necessarily anticipate 'worst case' privacy implications. It is desirable that further privacy analysis be undertaken as the project develops."

Update to the PIA Report

The recommendations of the PIA, and the outcome of further policy and design work, informed the development of the phased implementation to all-of-government authentication that is now underway.

Given this phased approach, and the outcome of additional design and scoping work that was subsequently completed, it became evident that the PIA needed to be updated in order to provide further value. The need for a review was also identified in the original PIA report that recommended an update be carried out once the project had progressed to the next phase.

The original Assessors undertook their review and subsequently submitted the completed report in April 2004.

The updated PIA report sets out four new recommendations -in addition to the 35 recommendations made in the December 2003 PIA. These recommendations deal with the locking in of privacy protection; presentation of privacy impact findings; governance arrangements; and continued consideration of alternative approaches to identity credentials. However, the report’s authors have also acknowledged that a number of the original recommendations will only be relevant if in the future a decision is made to proceed with a full implementation of all-of-government authentication.

It is important to note that this is an independent report and as such it presents only the views of the Assessor. However, the majority of the report’s recommendations are accepted, with the exception of the recommendation relating to the registration of multiple identities (Recommendation 2) which is at variance to established practice in New Zealand.