Trust Framework principles
Eight Digital Identity Trust Framework principles have evolved through extensive research and discussion with individuals, and public and private organisations who will operate within the New Zealand digital identity ecosystem.
The principles will inform the development of:
- the Trust Framework Bill, which will define the governance, accreditation and legal enforcement mechanisms.
- the rules that all service, technology and information providers will follow, based on the roles they carry out within the digital identity ecosystem.
The principles should be treated as draft while the rules and legislative framework that will support the trust framework continue to be developed.
The rights and needs of people are of highest importance, though not to the exclusion of the needs of other entities in the digital identity ecosystem.
- People’s participation in the digital identity ecosystem is voluntary, with the right to opt out without penalty.
- Digital identity services are convenient and straightforward for people to use.
- People retain control over their information in line with legislative requirements, including the Privacy Act.
Everyone has the right to participate in the digital identity ecosystem.
- The digital identity ecosystem can reflect the needs and requirements of a broad range of stakeholders.
- Barriers to participation in the digital identity ecosystem, whether they be social, financial or technical, are minimised without compromising security or privacy.
- Everyone is able to use digital identity services without risk of discrimination or exclusion.
Everyone has the right to expect that personal and organisational information will be stored, shared and used in a secure manner within the digital identity ecosystem.
- Systems and services are designed with the security of information in mind.
- Technology design, operational controls and regulations governing the use of personal and organisational information safeguard it from breaches, corruption or loss.
Privacy is a critical enabler of trust in the digital identity ecosystem. Everyone’s privacy must be respected.
- Approaches to privacy are proactive and preventative.
- Privacy is embedded in the design and maintenance of systems and services.
- There are no gaps in either protection or accountability — privacy is continuously protected across the ecosystem.
- Obligations are met regarding the legislative requirements of the Privacy Act.
Enabling Te Ao Māori approaches to identity
The digital identity ecosystem is inclusive of Māori perspectives of identity and enables the needs and aspirations of Māori to be achieved.
- Māori participate equitably in the digital identity ecosystem.
- Māori perspectives and approaches to identity are enabled by the digital identity ecosystem.
- The digital identity ecosystem is developed and maintained in partnership with Māori.
- Māori are supported in leadership and decision-making roles to ensure Māori perspectives of data and identity are embedded in the digital identity ecosystem.
The digital identity ecosystem must be designed and maintained in a manner that supports its technical, social, and economic sustainability in the long-term.
- The digital identity ecosystem generates value — for example, social, economic or fiscal — for those involved.
- Systems and services are sufficiently flexible to adapt to change — for example, social licence, government priorities, emerging technologies or regulatory developments — and support innovation.
- Systems and services are scalable, or able to be altered in size, in order to enable people-centred outcomes.
Personal and organisational information should be able to be re-used across services, sectors and geographies without security or privacy being undermined.
- Common approaches such as open standards, frameworks or best practice guidelines are used to ensure consistency and facilitate interoperability nationally and internationally.
- Barriers to interoperability such as propriety technology or the portability of personal and organisational information are minimised.
- Consultation and collaboration occur between the public sector, private sector, Treaty partners, the wider community and international partners to identify and address interoperability issues.
Open and transparent
The digital identity ecosystem is maintained in an accessible, responsive and accountable manner.
- It is clear how personal and organisational information is stored, used and shared, and for what purpose.
- The rules and standards governing the digital identity ecosystem are available to all.
- Government is accountable to the public for its role in the digital identity ecosystem.