CWP Case Study: Privacy Commission Website

What does the Office of the Privacy Commissioner do?

The Office of the Privacy Commissioner is responsible for promoting and protecting individual privacy under the Privacy Act 1993. We monitor, research and report on matters relating to privacy. We also have an educational and outreach role in promoting the understanding, acceptance and protection of individual privacy.

For us, our website is our primary means of communications for our education and outreach work. We are also actively using social media, for example, Twitter, Facebook, LinkedIn and YouTube. We use our social channels alongside our web channel to extend our reach.

What’s our goal?

Our aim is to make privacy easy — easy for private sector businesses, public sector agencies and members of the general public to get the information they need about privacy and to easily interact with us. And to do this in a way that assures their privacy and security of information.

Why we use the Common Web Platform (CWP)

Given who we are, the privacy and security of information on our website is a key consideration for us. It is a reputational risk we have to manage well. Prior to migrating to the CWP, our website was largely informational in nature. The flow of information was one-way — from us to our public. But we wanted to more actively engage with our audiences and allow them to interact more easily with us. This is of course also in keeping with Better Public Services 9 and 10.

We are a small agency of 35 staff. Like everyone else, we have limited resources. The CWP is attractive because it enables us to achieve a higher level of security, compliance and information sharing than we could have achieved on our own. But nothing comes free. We had to weigh up the cost of participation against the benefits as we perceived them. These include:

  • a more secure platform, including for building the new functionality we wanted;
  • thorough security testing by the Department of Internal Affairs to enable its use by government agencies;
  • regular patching and software updates;
  • compliance with New Zealand Government Web Standards
  • built-in tools help us meet Public Records Act requirements;
  • an opportunity to take advantage of new features through a development pool co-funded by all CWP agencies;
  • an ability to share information easily and use functionality developed by other CWP agencies;
  • reduced cost for development work (of which we have a lot planned); and
  • a more user-friendly content management system (CMS) for our website administrators.

To cap it off, we were already using the SilverStripe Express CMS. The business case for upgrading and migrating to the CWP proved itself for us.

What we built

With the greater security of CWP, we can now offer these new features on our website:

  • a blog module which enables comments and the ability to moderate those comments
  • a subscription email digest that:
    • is automatically generated each fortnight
    • picks up the latest blog posts
    • enables us to add other news items
    • allows us to create one-off email digests for special mail-outs, and to any additional subscriber lists
    • resolves the privacy issues that come with using a third party software-as-a-service offering.
  • a Directory of Privacy Professionals which lets:
    • privacy professionals apply to be listed
    • people search the directory according to name, expertise and/or region.
  • a secure way for people to make online privacy complaints to us.

New features on the horizon

In addition to the guidance materials we continue to create and publish on our website, we are looking to develop other new features such as an online way for agencies to lodge breach notifications, an interactive knowledge base (or “FAQs on steroids” as we like to call it) and an online chat facility for people with privacy-related enquiries. There are others in development but we’ll hold off on the announcements until we launch them!

The security of the CWP gives us the assurance and confidence to continue to develop new functionality on our website.

2 comments

  1. Comment #1. Cam Findlay:

    Fantastic work guys.

    Interested in whether the people/expertise directory has been made into a reusable module under an open source license? Would be great to see this make it’s way out into open source for everyone to use, I can imagine something like this feature would be valuable. Is there a Privacy Commission GitHub account to help share these things with other agencies?

  2. Comment #2. John Edwards

    Thanks for your interest, Cam.

    The new functionality on our website was developed for us by SilverStripe (a shout out to the Rebel Alliance project team!) and we are working with them to release the code as open source.

Navigate Posts