What it takes to gain a Privacy Trust Mark
Why has only one company managed to earn the Privacy Trust Mark for a product or service from the Privacy Commission in over a year since it launched? Has no one else bothered to apply, and what does it say about New Zealand organisation's attitude to privacy?
These questions cropped up in my post earlier this week - Privacy Trust Mark a rare honour - so I sought some answers from the Commission. Here's a quick Q&A:
How many organisations have applied to be awarded the Mark?
A total of nine agencies have applied for a Privacy Trust Mark. Two of these applications are still being assessed, four were rejected and three have been awarded: one to Air NZ for their Privacy Centre, one to TradeMe for their Transparency Reporting and one to DIA for their RealMe service.
Do you think that the lack of organisations who have the Mark indicates that New Zealand companies and organisations don't put sufficient thought into privacy?
Privacy is something that some agencies take for granted until something goes wrong. The Mark was designed to reward agencies who put privacy front and centre in the thinking and design of their products and services. We are planning to continue promoting privacy as a value, rather than an obligation.
Why has only one organisation been awarded the Mark in a year (TradeMe and DIA received the Mark at its launch in May 2018)?
The threshold for achieving a Trust Mark is high. We wish to maintain a high-standard, so will continue to be selective in which products and services we award the Trust Mark to. Unlike some Trust Marks, which are intended to indicate compliance and meeting minimum legal requirements, our Mark is intended to denote a product or service which is exemplary from a privacy perspective.
What - if anything - do you think the Commission can do to promote the Mark (if that is the issue)?
We will continue to raise awareness about this scheme through our social media channels and stakeholder networks. We believe awareness of the Trust Mark will grow organically over time.
The Commission pointed me to a blog post on its site which provides a 'how to' guide to achieving the Mark. There is quite a lot that is required, for example the product or service much comply with eight criteria categories. In addition there are three steps to avoid - applying with a product or service that is merely privacy compliant, making stuff up, and applying with something that doesn't yet exist.
You can find out more here
You must be logged in in order to post comments. Log In