Summary of recommended action

Component of Initial Implementation

Recommendations of December 2003 PIA to be addressed

(* indicates appearance under more than one component)

Component 1

Accredited Standards

15*, 18*, 21*, 24*,27*

Component 2

EOI and Credential investigation

2*, 4*, 5, 7*, 8*, 9*, 10, 11*, 12*, 13*, 14*, 15*, 16*, 17*, 18*, 21*, 24*, 27*, 29*, 30*, 34*

Component 3

Policy Development

2*,4*, 7*, 8*, 9*, 11*, 12*, 13*, 14*, 15*, 16*, 18*, 19, 23*, 24*, 25, 26, 27*, 28, 29*, 30*, 32, 35

Component 4

Review Bodies and PIA

11*, 15*, 17*, 18*, 27*, 29*, 30*, 34*

Component 5

Shared Keys Pilot

6, 7*, 11*, 15*, 17*, 18*, 20, 21*, 23*, 24*, 27*

Generic project management

1, 33

Further Recommendations

(paragraph numbers are references to this report)

Component of Initial Implementation

R36. Options for locking in privacy protection, developed as part of the Policy Component should be promoted through the Standards Component and, where applicable, through legislation. (Paragraph 21)

Components 1, 2 & 3

R37. Any public presentation of the Business Case should acknowledge the PIA Consultants reservation about the presentation of privacy issues in the Case, and participating agencies should be expressly informed of those reservations in the context of the work programme under the Initial Implementation. (Paragraph 38)

All Components

R38. Governance arrangements for the Initial Implementation are critical to management of both general and Māori specific privacy issues and OPC should be consulted about these arrangements, which should also be made public. (Paragraphs 45 & 46, and 53)

Component 2 & 4

R39. The Office of the Privacy Commissioner should pursue the unresolved conceptual issues, including the alternative of a one individual: multiple credential approach, in the Initial Implementation. (Paragraph 51)

Component 2 & 4