Story image

New Zealand's first Privacy Trust Marks awarded to Trade Me and RealMe

10 May 2018

RealMe and Trade Me’s Transparency Reporting websites are the first two recipients of the Office of the Privacy Commissioner’s new Privacy Trust Mark.

The Privacy Trust Mark was launched as part of Privacy Week to indicate a ‘privacy by design’ approach to trust.

The Mark’s aim is to give New Zealanders assurance and confidence that a product or service has been designed with their privacy interests in mind.

“It is intended to build public awareness around privacy and provide incentives for organisations to engage in best practice. It also provides a means for organisations to showcase their practices.”

A Privacy Trust Mark can be issued to a service, mobile app, computer software, or a privacy statement. It does not apply to an entire organisation.

Privacy Commissioner John Edwards says that Trade Me is the only New Zealand agency that participates in transparency reporting ‘above and beyond what is required of it by law”.

“I am particularly impressed with the way Trade Me draws wider privacy issues into its transparency reports as a way of keeping the public informed of topical issues,” Edwards says.

RealMe, a government-run identity verification website led by the Department of Internal Affairs was also awarded a Privacy Trust Mark because it met all criteria.

“RealMe's data minimisation and user control practices are excellent. Users can control when and where their identity information is shared and can review all of their transactions and revoke their consent at their discretion. RealMe also only collects and stores information that is required to administer the core service.”

Department of Internal Affairs general manager of partners and products, David Philp, says he is thrilled to be the first government agency to receive a Privacy Trust Mark.

“RealMe has robust privacy and security measures, and allows users to control when and where their information is shared at all times. It is great to see this commitment to customer privacy recognised by the Privacy Commissioner, especially with the current focus on trust in government.”

Privacy trust marks are also used in other countries, but there is no global body that manages them. Other privacy trust marks include the United States’ TRUSTe, and Japan’s PrivacyMark scheme.

John Edwards says that he hopes to see many more Privacy Trust Marks issued in future.

“This project is part of our vision to help consumers to have trust and confidence that their information will be safeguarded. It will also make it easier for people to make choices for privacy-friendly goods and services.”

Organisations that wish to apply for a Privacy Trust Mark must meet the seven principles of Privacy By Design. Products or services may need to meet other criteria including (but not limited to) security proactivity, privacy by default, end-to-end security, transparency, and customer control of their personal information.

Interested organisations can contact the Office of the Privacy Commissioner for more details.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.