Open sourcing our complaints code

It might sound strange but complaints are the lifeblood of our office. We receive them, vet them and investigate them. And because we are the Office of the Privacy Commissioner, people need to have absolute confidence in the security of our complaints process.

The Privacy Act gives you the right to complain to us if someone breaches your privacy. It’s an important right, both for you personally and for our society as a whole.

We get 700 to 800 complaints a year about alleged breaches of privacy. To make it easier to access this service, we introduced this year a form on our website that allows any user to lodge a complaint with us online.

Privacy and security

The information we receive about an alleged breach of privacy is often sensitive and personal. For that reason, a primary consideration for us in designing the online complaints system was to ensure that we can give our users a high level of confidence about the privacy and security of the information they submit.

With that in mind, our web developers at SilverStripe developed a module for us that encrypts the information when it is lodged online. The information is then securely transferred to our internal mail systems and decrypted on receipt.

Our website is hosted on the Common Web Platform, a shared web service delivery platform used by New Zealand Government agencies. A key benefit of this shared platform is the reusability of software code.

Open source code

Online complaints form

We are making our solution for the secure transmission of information available as an open source resource through our account on GitHub in the same way that we have benefited from solutions developed by others.

For the more technically minded, our complaints encryption module uses GPG or “Gnu Privacy Guard”, which is compatible with the OpenPGP standard and with Symantec’s PGP tools.

Developers can sign and encrypt the content for an email (including file attachments) before it's sent. This requires a transfer of public keys between the sender and recipient, and requires GPG software to be installed on the website server.

Priv-o-matic

For the same reason, we made Priv-o-matic, our online tool for the quick and easy generation of privacy policy statements, open source. We also intend to make available any other software code we develop for any new online tools through GitHub.

It makes sense to us to share any code that might be reusable, or indeed improved, in the interest of encouraging good information security, improved knowledge sharing and open innovation across both the public and private sectors. With the support and assistance of SilverStripe, we are happy to be able to share these technical solutions.

Comments are closed.

Navigate Posts