SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New Zealand's first Privacy Trust Marks awarded to Trade Me and RealMe
Thu, 10th May 2018
FYI, this story is more than a year old

RealMe and Trade Me's Transparency Reporting websites are the first two recipients of the Office of the Privacy Commissioner's new Privacy Trust Mark.

The Privacy Trust Mark was launched as part of Privacy Week to indicate a ‘privacy by design' approach to trust.

The Mark's aim is to give New Zealanders assurance and confidence that a product or service has been designed with their privacy interests in mind.

“It is intended to build public awareness around privacy and provide incentives for organisations to engage in best practice. It also provides a means for organisations to showcase their practices.

A Privacy Trust Mark can be issued to a service, mobile app, computer software, or a privacy statement. It does not apply to an entire organisation.

Privacy Commissioner John Edwards says that Trade Me is the only New Zealand agency that participates in transparency reporting ‘above and beyond what is required of it by law”.

“I am particularly impressed with the way Trade Me draws wider privacy issues into its transparency reports as a way of keeping the public informed of topical issues,” Edwards says.

RealMe, a government-run identity verification website led by the Department of Internal Affairs was also awarded a Privacy Trust Mark because it met all criteria.

“RealMe's data minimisation and user control practices are excellent. Users can control when and where their identity information is shared and can review all of their transactions and revoke their consent at their discretion. RealMe also only collects and stores information that is required to administer the core service.

Department of Internal Affairs general manager of partners and products, David Philp, says he is thrilled to be the first government agency to receive a Privacy Trust Mark.

“RealMe has robust privacy and security measures, and allows users to control when and where their information is shared at all times. It is great to see this commitment to customer privacy recognised by the Privacy Commissioner, especially with the current focus on trust in government.

Privacy trust marks are also used in other countries, but there is no global body that manages them. Other privacy trust marks include the United States' TRUSTe, and Japan's PrivacyMark scheme.

John Edwards says that he hopes to see many more Privacy Trust Marks issued in future.

“This project is part of our vision to help consumers to have trust and confidence that their information will be safeguarded. It will also make it easier for people to make choices for privacy-friendly goods and services.

Organisations that wish to apply for a Privacy Trust Mark must meet the seven principles of Privacy By Design. Products or services may need to meet other criteria including (but not limited to) security proactivity, privacy by default, end-to-end security, transparency, and customer control of their personal information.

Interested organisations can contact the Office of the Privacy Commissioner for more details.