Story image

New Zealand's first Privacy Trust Marks awarded to Trade Me and RealMe

10 May 18

RealMe and Trade Me’s Transparency Reporting websites are the first two recipients of the Office of the Privacy Commissioner’s new Privacy Trust Mark.

The Privacy Trust Mark was launched as part of Privacy Week to indicate a ‘privacy by design’ approach to trust.

The Mark’s aim is to give New Zealanders assurance and confidence that a product or service has been designed with their privacy interests in mind.

“It is intended to build public awareness around privacy and provide incentives for organisations to engage in best practice. It also provides a means for organisations to showcase their practices.”

A Privacy Trust Mark can be issued to a service, mobile app, computer software, or a privacy statement. It does not apply to an entire organisation.

Privacy Commissioner John Edwards says that Trade Me is the only New Zealand agency that participates in transparency reporting ‘above and beyond what is required of it by law”.

“I am particularly impressed with the way Trade Me draws wider privacy issues into its transparency reports as a way of keeping the public informed of topical issues,” Edwards says.

RealMe, a government-run identity verification website led by the Department of Internal Affairs was also awarded a Privacy Trust Mark because it met all criteria.

“RealMe's data minimisation and user control practices are excellent. Users can control when and where their identity information is shared and can review all of their transactions and revoke their consent at their discretion. RealMe also only collects and stores information that is required to administer the core service.”

Department of Internal Affairs general manager of partners and products, David Philp, says he is thrilled to be the first government agency to receive a Privacy Trust Mark.

“RealMe has robust privacy and security measures, and allows users to control when and where their information is shared at all times. It is great to see this commitment to customer privacy recognised by the Privacy Commissioner, especially with the current focus on trust in government.”

Privacy trust marks are also used in other countries, but there is no global body that manages them. Other privacy trust marks include the United States’ TRUSTe, and Japan’s PrivacyMark scheme.

John Edwards says that he hopes to see many more Privacy Trust Marks issued in future.

“This project is part of our vision to help consumers to have trust and confidence that their information will be safeguarded. It will also make it easier for people to make choices for privacy-friendly goods and services.”

Organisations that wish to apply for a Privacy Trust Mark must meet the seven principles of Privacy By Design. Products or services may need to meet other criteria including (but not limited to) security proactivity, privacy by default, end-to-end security, transparency, and customer control of their personal information.

Interested organisations can contact the Office of the Privacy Commissioner for more details.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Interview: Aruba’s NZ country manager talks channel strategy
“What we're taking to market is that message around simplification and having everything in one place.”
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.