Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Open sourcing our complaints code Charles Mabbett
10 September 2015

Open source edit

It might sound strange but complaints are the lifeblood of our office. We receive them, vet them and investigate them. And because we are the Office of the Privacy Commissioner, people need to have absolute confidence in the security of our complaints process.

The Privacy Act gives you the right to complain to us if someone breaches your privacy. It’s an important right, both for you personally and for our society as a whole.

We get 700 to 800 complaints a year about alleged breaches of privacy. To make it easier to access this service, we introduced this year a facility on our website that allows any user to lodge a complaint with us online.

Privacy and security

The information we receive in a complaint about an alleged breach of privacy is often sensitive and personal. For that reason, a primary consideration for us in designing the online complaints system was to ensure that we can give our users a high level of confidence about the privacy and security of the information they submit. 

With that in mind, our web developers SilverStripe developed a module for us that encrypts the information when it is lodged online. The information is then securely transferred to our internal mail systems and decrypted on receipt.

Our website is hosted on the Common Web Platform, a shared web service delivery platform used by New Zealand government agencies. A key benefit of this shared platform is the reusability of software code.

Open source code

We are making our solution for the secure transmission of information available as an open source resource in the same way that we have benefited from solutions developed by others.

It makes sense to us to share any code that might be reusable, or indeed improved, in the interest of encouraging good information security, improved knowledge sharing and open innovation across both the public and private sectors. We are happy to be able, with the support and assistance of SilverStripe, to share this technical solution.

For the same reason, we made Priv-o-matic, our online tool for the quick and easy generation of privacy policy statements, open source. We also intend to make available any other software code we develop for any new online tools. Our GitHub page is https://github.com/OPCNZ.

For the more technically minded, our complaints encryption module uses GPG or “Gnu Privacy guard”. It is compatible with the OpenPGP standard and with Symantec’s PGP tools.

Developers can sign and encrypt the content for an email (including file attachments) before the email is sent. This requires a transfer of public keys between the sender and recipient, and requires GPG software to be installed on the website server.

Image credit: American Scoter Duck by James John Audubon




No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.