Kia ora koutou, 

From 9 to 13 May, New Zealand will celebrate privacy week. The theme for this year is "Privacy: The foundation of trust." We often talk about how good privacy practices can build individual and community trust. However, trust should not be considered purely as a passive reward for compliance. Rather, trust is interwoven into privacy regulations themselves, in requirements for accountability and transparency, and as a critical element of data stewardship. 

This got me thinking about the role of trust in the transparency picture. It’s not news that being transparent about how personal information will be used and shared is a critical part of building trust in the way an agency handles personal information. But publishing boilerplate privacy statements online is not trusted transparency. It’s not even real transparency. It’s a half-hearted compliance approach that fails to meet the spirit of the transparency principle. It leaves an agency’s trust balance dangerously vulnerable, because it won’t take long for customers to learn that, in fact, the agency does a whole lot more with their data than it said. 

Trusted transparency describes something much more. This idea sits at the heart of the “notice of purpose” concept, which underpins New Zealand’s privacy regime, stating that an agency may set its lawful purposes and use these to decide how it will use and share personal information. Once it has conveyed these purposes to its data subjects, it may use and share personal information in these ways. However, this flexible and enabling legislative approach must be balanced with responsibility and accountability. For this concept to function, we rely on agencies being honest about their purposes, and being accountable for ensuring that personal information is in fact used and shared only for these purposes. 

If transparency use and disclosure are each separate elements in the data lifecycle, trusted transparency is a way to meaningfully link them together. It can assist an agency to ensure it is being responsible and accountable. To achieve trusted transparency, an agency needs to develop a framework that ensures its privacy statement is properly integrated into the fabric of its operations, and can truly be trusted by its audience. I share more about the components such a framework could include in a recent blog post. 

Increasingly, agencies in New Zealand and overseas are building trust into their privacy functions and programs, to ensure they are accountable and responsible, and putting measures in place to test the impact internal trust activities have on customer trust levels. The IAPP has partnered with the Office of the Privacy Commissioner to host a panel session on Measuring Trust as part of the OPC’s Privacy Festival. The session, which will round off Privacy Week events and complement other events during Privacy Week, will focus on why measuring trust in privacy is a key activity and how to implement means to improve it. The panelists are University of Auckland Philosophy professor Tim Dare, Privacy Consultant to the Government Chief Privacy Officer Miki Seifert, CIPM, CIPT, Spark Lead Digital Trust Partner Sara Auva’a, and Simpson Grierson Senior Associate Michelle Dunlop as moderator. 

My pick of other events taking place next week as part of the OPC’s virtual conference include a session with Carwyn Jones, reflecting on tikanga Māori and privacy in the aftermath of the Whānau Ora Commissioning Agency decisions, a session on questions of data and racial inequality, with a panel of academics from Australian National University’s Justice and Technoscience Lab, and a session on the unique privacy challenges faced by Intergovernmental Organisations. 

Make sure you build in some time to celebrate Privacy Week, both internally with your colleagues and by attending some of the many great upcoming events. In the meantime, enjoy the digest.  

Ngā mihi