One of their examples was probably the whisper network (warning someone about historic allegations about someone else who probably had contact with them) but some of the others have me scratching my head.
I think what happens sometimes is that over time with underfunding and undertraining you end up with an organizational culture that becomes weirdly blind to privacy issues, like how our birds evolved to not have wings.
I definitely think you’re right that if your organisation doesn’t make privacy an important thing then you get blind to it. I’ve worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I’d expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it’s because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I’ve seen are very strict on recording every access, however, didn’t enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it’s probably fairer to say they have all the tools they need to take it seriously but that doesn’t mean they do.
I know a bit about RealMe. As far as I know the service itself is not being phased out, and new government portals are still required to implement it. What gave you the impression it’s being phased out?
I personally think RealMe is a poor customer experience. It’s not the concept (which is good), but the execution.
One of their examples was probably the whisper network (warning someone about historic allegations about someone else who probably had contact with them) but some of the others have me scratching my head.
I think what happens sometimes is that over time with underfunding and undertraining you end up with an organizational culture that becomes weirdly blind to privacy issues, like how our birds evolved to not have wings.
I definitely think you’re right that if your organisation doesn’t make privacy an important thing then you get blind to it. I’ve worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I’d expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it’s because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I’ve seen are very strict on recording every access, however, didn’t enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it’s probably fairer to say they have all the tools they need to take it seriously but that doesn’t mean they do.
Ah, that makes sense and it tracks. If you ever want to work somewhere with little accountability, that would probably be a good place!
Speaking of govt systems do you know anything about RealMe? It sort of looks like they are phasing it out?
I know a bit about RealMe. As far as I know the service itself is not being phased out, and new government portals are still required to implement it. What gave you the impression it’s being phased out?
I personally think RealMe is a poor customer experience. It’s not the concept (which is good), but the execution.
I think I saw something about DIA no longer allowing it for passport renewal. But when I google all I get is articles saying it is being expanded.
Been ages since I had to renew so I’m probably forgetting the poor customer experience part and am about to find out.