I definitely think you’re right that if your organisation doesn’t make privacy an important thing then you get blind to it. I’ve worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I’d expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it’s because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I’ve seen are very strict on recording every access, however, didn’t enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it’s probably fairer to say they have all the tools they need to take it seriously but that doesn’t mean they do.
I know a bit about RealMe. As far as I know the service itself is not being phased out, and new government portals are still required to implement it. What gave you the impression it’s being phased out?
I personally think RealMe is a poor customer experience. It’s not the concept (which is good), but the execution.
I think I saw something about DIA no longer allowing it for passport renewal.
I think that’s unlikely since they are the ones pushing for its use. Perhaps it was that a verified RealMe is no longer required? Their renew passport page says you can create a RealMe during the process, which implies a verified RealMe is not required. I can’t remember if it was previously required.
The distinction between RealMe as a login service and RealMe as an identity verification service is one thing I think they convey poorly. They should consider splitting these products into two separate but connected brands.
Been ages since I had to renew so I’m probably forgetting the poor customer experience part and am about to find out.
Exciting! If you already have a RealMe then the process is mostly ok. The RealMe onboarding is atrocious and the distinction between the login and verification is endlessly confusing to users (you should not need to go to a post shop to verify your identity).
DIA has done heaps to improve the passport process in recent years so hopefully it goes smoothly for you! Looking online they seem to actually be issuing passports within normal times, too! After COVID they got so many applications all at once they were taking months to issue passports.
I definitely think you’re right that if your organisation doesn’t make privacy an important thing then you get blind to it. I’ve worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I’d expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it’s because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I’ve seen are very strict on recording every access, however, didn’t enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it’s probably fairer to say they have all the tools they need to take it seriously but that doesn’t mean they do.
Ah, that makes sense and it tracks. If you ever want to work somewhere with little accountability, that would probably be a good place!
Speaking of govt systems do you know anything about RealMe? It sort of looks like they are phasing it out?
I know a bit about RealMe. As far as I know the service itself is not being phased out, and new government portals are still required to implement it. What gave you the impression it’s being phased out?
I personally think RealMe is a poor customer experience. It’s not the concept (which is good), but the execution.
I think I saw something about DIA no longer allowing it for passport renewal. But when I google all I get is articles saying it is being expanded.
Been ages since I had to renew so I’m probably forgetting the poor customer experience part and am about to find out.
I think that’s unlikely since they are the ones pushing for its use. Perhaps it was that a verified RealMe is no longer required? Their renew passport page says you can create a RealMe during the process, which implies a verified RealMe is not required. I can’t remember if it was previously required.
The distinction between RealMe as a login service and RealMe as an identity verification service is one thing I think they convey poorly. They should consider splitting these products into two separate but connected brands.
Exciting! If you already have a RealMe then the process is mostly ok. The RealMe onboarding is atrocious and the distinction between the login and verification is endlessly confusing to users (you should not need to go to a post shop to verify your identity).
DIA has done heaps to improve the passport process in recent years so hopefully it goes smoothly for you! Looking online they seem to actually be issuing passports within normal times, too! After COVID they got so many applications all at once they were taking months to issue passports.