Implementing the Privacy Principles

Action points

  • Review all forms with personal data.
  • Use secure authentication e.g. RealMe.
  • Ensure Privacy Statement describes how information is protected, used and stored.
  • Comply with Section 2.4 of the NZ Government Web Usability Standard.
  • Make it easy for users to update their information.
  • Hold information only as long as required to deliver online service/function.
  • Do not re-use information for another purpose.
  • Do not re-use unique identifiers.
  • Consider that context may affect how information needs to be classified.
  • Consider that large collections of information may need a higher classification.

There are two aspects to managing privacy online for publicly-accessible web sites and services. The first is to secure users’ data as explained in the previous section Security and privacy assurance. The second is to apply the Privacy Principles.

This page lays out approaches to ensuring that websites and services meet the Privacy Principles.

Collection of information
Privacy Principle Supporting techniques
1. Personal information can only be collected from an individual when it is necessary to achieve a legitimate agency function. More detail Owners and managers of websites or services should review all forms that require users to provide any type of personal data to ensure the forms only require data necessary for meeting the purpose for which the form was designed. Collection of data for analytics and use of cookies should also use no more data than required.
2. Personal information should be collected directly from the individual concerned. More detail. Principle 2 can be met through the use of robust, secure authentication and consent processes, and ideally integration with RealMe. Authentication systems not using RealMe should be tested for flaws which are known to allow unauthorised access to other users’ data. Agencies should engage a security panel vendor for this purpose.
3. Individuals should be made aware of what is to be collected, why it is being collected, how it will be used, and their right to review and correct it. More detail. Agencies can meet Principle 3 by fully complying with section 2.4 of the NZ Government Web Usability Standard. This standard outlines the required content of a Privacy Statement for each website or service. Additionally, where user information is stored on a server accessible from the public domain, agencies should outline how information is protected but state that risk is ever-present on the web, and allow users to acknowledge acceptance via checkbox or similar.
4. Agencies can only collect information from individuals in a way that is fair and legal. More detail. The Privacy Statement (refer to No 3 above) should comprehensively describe the collection of information. It should also describe the collection and use of all “behind the scenes” data such as data collected for analytics purposes, or data collected from cookies.
Storage of information
Privacy Principle Supporting techniques
5. Personal information collected from an individual should be protected with safeguards that are considered reasonable, to prevent loss, disclosure or misuse. More detail. Measures to secure personal data stored on web systems are outlined in the other pages in this section.
Right to access information
Privacy Principle Supporting techniques
6. Where personal information is held, the individual concerned has the right to seek confirmation that an agency holds his or her personal information, and the right to access it. There are a number of provisions related to this principle – read more detail. Principle 6 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service.
Right to correct information
Privacy Principle Supporting techniques
7. An individual has the right to request that his or her personal information be corrected, and an agency holding that individual's personal information must take reasonable steps to make sure it is up to date, accurate and not misleading if so requested. More detail.
Principle 7 is met by complying fully with Section 2.4 of the NZ Government Web Usability Standard, which requires this information to be included in a Privacy Statement for each site or service. It also requires the publication of contact details for this purpose, and agencies should be responsive to such requests.
Use and disclosure of information
Privacy Principle Supporting techniques
8. An agency holding personal information must not use that information without taking reasonable steps to ensure that it is up-to-date, accurate and not misleading. More detail. At the least, where agencies are holding user data, users should be given opportunities to review and advise of any updates to that data.
9. Personal information cannot be kept for longer than is required for the purposes for which the information is to be used. More detail. Managers of sites and services should ensure that personal information is held only as long as required to deliver an online function or service. Users should also be informed via the privacy statement that they can request that their information be deleted. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.
10. In most circumstances, personal information collected for one purpose cannot be used for any other purpose without the permission of the individual concerned. This can be viewed in terms of privacy domains – personal information cannot flow from one privacy domain to another without consent. There are a number of caveats on this principle, so be sure to read more detail if you have queries. Agencies should review online systems to ensure that personal information is not re-used for purposes other than that for which it was supplied. Agencies should consider the benefits that RealMe offers in streamlining the management of personal information.
11. Personal information cannot normally be disclosed to other parties unless it is for the purposes of fulfilling the function for which it was provided. Again there are several caveats so read more detail if required. Agencies should ensure that personal information held online is secured in accordance with this guidance and the principles of the NZISM. Hosting agreements (whether internally or externally hosted) should explicitly preclude access to personal information by any unauthorised party.
Unique identifiers
Privacy Principle Supporting techniques
12. Individuals cannot be assigned unique identifiers unless it is necessary for the agency to perform its legal functions efficiently.
Agencies should ensure that any identifiers are only used to enable particular functions necessary for the operation of the site or service, and ensure that analytic data is anonymised, secured from unauthorised access and only used for the purpose of understanding usage of a site or service. Agencies should consider the benefits that RealMe offers in providing protection to user privacy.

Other considerations

The context in which information is supplied can affect the sensitivity of that information. While many people may not be concerned about information such as their street address (for example as published in a phone book), this may be very sensitive information to disclose for a person under a Domestic Protection Order, or for reasons best known to them. These considerations should be taken into account when determining the risk impact of a breach.

You should inform users about measures taken to protect their information, and ask them for their consent before storing any information on your agency web server.

Agencies storing In Confidence information on a web server should be aware of the Aggregation Effect: larger collections of information invariably present a bigger risk than each individual piece of such information. Substantial collections of In Confidence information require higher levels of protection and assurance. In these circumstances, agencies should consult their ITSM or CISO (see Security and Privacy governance roles).

Useful resources

The Privacy Leadership Toolkit (hosted on the Public Sector Intranet) is an extensive collection of guidance and tools to help agencies manage privacy at an organisational level, assembled by the Privacy Leadership Working Group. (Contact psi@dia.govt.nz if your agency doesn’t have access to the PSI). Other useful information can be found on The Privacy by Design web site.

Site owners and managers may wish to publish these links on their agency's intranet and distribute it to appropriate business managers.