OPC’s latest releases
It’s not my bag to ingratiate myself to regulators, in this case the Office of the Privacy Commissioner (OPC), but I do want to say that OPC has been producing a range of excellent offerings in recent times. The most recent offerings are so good that I felt the need to write about them.
Yesterday I received an email from OPC with its fortnightly digest alerting me to a range of developments. The forthcoming seminars on privacy risk management look excellent but the developments I want to focus on here are OPC’s:
- Priv-o-Matic privacy statement generator; and
- online privacy training modules.
Priv-o-Matic
With Priv-o-Matic, you can build your own privacy statement in a matter of minutes. This is similar in approach to a privacy policy generator I built a number of years ago (in that case for website privacy policies). I’ve done something similar more recently on my blog WP and Legal Stuff (see Would you like a privacy policy like mine?)
Priv-o-Matic can be used to build privacy statements for general, everyday use cases. An OPC blog post puts it in these terms:
“Priv-o-matic is built to help generate ‘principle 3’ statements. These are minimal compliance statements that you need to show people when you collect their personal information. It’s available here.
You might notice that it doesn’t generate the fully fledged privacy policy you often see used on websites. That’s not what principle 3 is about. Principle 3 statements let customers know clearly, and in plain English, what’s going on with their information.”
Priv-o-matic is explained in slightly differently terms within the generator itself (when you click the “What’s all this then?” button):
“Priv-o-matic
Get your privacy statement sorted.
This tool, which was designed by the Office of the Privacy Commissioner for small to medium businesses, creates basic privacy statements. A privacy statement tells people how you will be collecting, using and disclosing their information. A good privacy statement is important because New Zealand agencies are required by law to be transparent about how, when and why they collect personal information.
If the information you collect is sensitive, complex or intrusive, or you have any questions about privacy law, check out our help information, or contact our Enquiries Line.
If you collect medical information you should see the Privacy Health Toolkit for more detailed help and educational resources.
This tool uses your browser to do all the work – we don’t collect any of the information you enter about your business.”
In my view the tool wouldn’t be apt for the privacy statements of complex online services that require consents and the like (a point the generator makes when you indicate that you’ll be asking third parties for people’s personal information) nor is its purpose to create fully fledged website privacy policies but that doesn’t detract from its utility for general and simple everyday use cases where people need to produce privacy statements to comply with information privacy principle 3. For those kinds of use cases, Priv-o-matic is super helpful.
To make things even better, OPC has released the code for Priv-o-matic on Github under an MIT Licence. Big tick.
Online privacy training modules
OPC is also releasing a series of free online privacy training modules. To get things rolling it has released modules on Privacy 101 and Health 101. For those not familiar with the Privacy Act and its requirements, these training modules will be very helpful.
Parting comment
It’s fantastic to see a government regulator releasing tools like these to help people understand and comply with the law, in this instance the Privacy Act. I suspect these will be the first of many to come. Let’s hope so.