With the Electronic Identity Verification Bill starting its route through Parliament, Privacy Commissioner Marie Shroff has corrected Green MP Gareth Hughes’s suggestion that the legislation may violate the Privacy Act’s Principle 12 by effectively giving every citizen a unique identity that reaches across agencies.
Subsection (2) of Principle 12 says: “An agency shall not assign to an individual a unique identifier that, to that agency's knowledge, has been assigned to that individual by another agency, unless those 2 agencies are associated persons within the meaning of Subpart YB of the Income Tax Act 2007.” “We will be taking this up at the Select Committee,” said Hughes in the Bill’s first-reading debate earlier this month.
The Bill will make the igovt all-of-government identity service www.i.govt.nz a reality, says Hughes, supporting its referral to Select Committee. The Identity Verification System (IVS) allows people who want to use it to set up an identifying credential, which will then be referenced by each agency the user deals with. This will eliminate the need to prove identity with each agency and have to remember a different logon.
The system has been in restricted use to date, by about 700 people who want to retrieve birth, marriage and death information for genealogical purposes; but it requires the enabling legislation before it can move into more general use.
Shroff says the “federated identity management” design of the identity verification system means “it operates in a way that will not breach principle 12 of the Privacy Act… The system does not assign a single unique identifier to each person that is then used by other government departments,” she says.
Once the user has set up their identity at a central point any logon with a participating agency goes to that central point. This simply verifies to the agency that the person has been securely identified; the agencies do not see or use the identifier.
“Any process where identity information is exchanged or shared raises inherent questions about privacy and security of personal information. When that process includes multiple government agencies, the stakes are high. It has been, and continues to be, important to get the fundamentals of this project right,” Shroff acknowledges.
“This office has been involved at a highly detailed level throughout the development of the proposed system, and was asked to provide independent critique and review.
“Throughout the development process, a number of privacy impact assessments were carried out by other independent parties.
“I am confident that genuine efforts have been made to identify the privacy risks from the identity verification process and to address them.”
The regulatory impact statement on the bill, issued in February last year, flags the risk of “function creep” in the operation of the IVS over time, to confirm Hughes’s fears, that the credentials would “over time, become de facto universal identity cards”. To prevent this, it says, “it is proposed that the Privacy Commissioner would have a general independent oversight role for the IVS, and would be able to require the chief executive of DIA to provide reports, from time to time on the IVS’s operations, so that any privacy issues are proactively monitored.”
These safeguards have been written into the Bill’s current text.