The New Zealand Department of Internal Affairs : Resource material : Evidence of Identity Standard : Questions and Answers
New Zealand Department of Internal Affairs : Resource material : Questions and Answers Skip to Access Key assignments for this site
Skip to the content of this page
Skip to other pages in this section
Skip to site wide navigation
Skip to links for help with this site
Logo of the New Zealand Department of Internal Affairs

Home

Careers

Services

About us

What's new

Legal

Forms

Resources
Other pages in this section

Evidence of Identity Standard

Evidence of Identity Standard (html version)

Amendment AS03/2008

Part One

Part Two

Part Three

Appendices

Questions and Answers

 Return to top of page Content area

Questions and Answers

* This document is in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.

What is the Evidence of Identity (EOI) Standard?

The Evidence of Identity (EOI) Standard is a good practice guide for government agencies who need to establish the identity of clients accessing their services. The Standard applies only for those services that have a degree of identity-related risk.

The Standard is part of the suite of New Zealand Authentication Standards for online service delivery designed to assist agencies to meet the Networked State Services Development Goal (operation of government transformed through use of the internet by June 2010). However, the EOI standard also applies to offline services.

What do we mean by evidence of identity?

EOI is the types of evidence that, when combined, provide agencies or organisations with confidence that an individual is who they claim to be.

The Evidence of Identity Standard is based on three components that, if applied as a whole to an individual case, provide confidence that a person actually owns the identity they require.

The three components for establishing identity are:

1. Evidence that the claimed identity is valid – i.e. that the person was born and, if so, that the owner of the identity is still alive.

2. Evidence that the presenter links to the claimed identity – i.e. that the person claiming the identity is who they say they are and that they are the only claimant of the Identity.

3. Evidence that the presenter uses the claimed identity – i.e. that the claimant is operating under this identity in the community.

The Evidence of Identity Standard is the combined evidence that individuals provide to agencies to show that they are who they say they are. The level of evidence that they have to provide will vary, depending on the level of potential risk of the service they require.

Why introduce an Evidence of Identity Standard?

Identity theft and fraud are becoming both easier and more prevalent. The introduction of a mandated Standard is one effective way to reduce the effects of the misuse and abuse of identity and its consequences. It is not, however, the only mitigation. With Internet services, some people are becoming increasingly concerned about privacy. The Evidence of Identity Standard has been developed in consultation with the Office of the Privacy Commissioner to help ensure that the evidence being provided is appropriate for the service the public is receiving.

The Evidence of Identity Standard has been developed in response to the need to ensure government agencies apply consistent, good practice methods of establishing the identity of individuals with whom they transact.

The Standard will ensure consistency in the purposes for which particular documentation should, and should not, be used within an evidence of identity process.

Will the Evidence of Identity Standard eliminate identity fraud? HOW will the Evidence of Identity Standard protect us against the threat of terrorism and organised crime?

The newest growth sector for organised crime is identity theft and this is an international problem. The Evidence of Identity Standard will not entirely eliminate identity fraud. The Standard aims to reduce risks by providing agencies with good practice guidelines on evidence of identity requirements for services with varying degrees of identity-related risk. If an appropriate standard is established from the start, then agencies will be able to gain a higher degree of confidence that the person presenting to them for a service is the person they claim to be. This will reduce the risk of identity misuse and abuse, along with the associated downstream consequences.

International studies provide an insight on the estimated cost of identity of fraud in the USA, UK, and Australia, for example:
  • 4.25% of all adults in the USA (9.3 million people) are victims of identity fraud on an annual basis (US Javelin Data)
  • The latest research suggests that identity fraud costs the UK economy £1.7 billion. (Source: an exercise by the Home Office Identity Fraud Steering Committee (IFSC) to update the Cabinet Office estimate if the cost to the economy of identity fraud. February 2006)
  • A 2003 Australian study revealed that identity fraud cost the Australian community $1.1 billion. (Source: “Identity Fraud in Australia: An Evaluation of its Nature, Cost and Extent.” A Securities Industries Research Centre Report 2003)

Will it be compulsory for agencies to use the Evidence of Identity Standard?

The Standard has been developed specifically for use by New Zealand government agencies. Over time, agencies will be required to apply this Standard to all services they deliver to the public that contain identity-related risk. The Standard will apply to both online and offline services provided by agencies.

The Standard will become mandatory in the future as it moves through the Standard development stages in the e-GIF. Government agencies will be required to adopt it when they are developing new services or undertaking process redesign of existing services.

Private sector organisations can choose to use the Standard for services that involve identity risk.

What happens if we’ve already got a process in place?

If an agency already has an evidence of identity process in place for a service, it will need to assess that process against the requirements of the Evidence of Identity Standard. If the current process doesn’t meet the design and operational requirement of the Evidence of Identity Standard, then appropriate changes should be made when agencies are next making changes to those services.

Is there an extra cost if agencies use the Evidence of Identity Standard?

There is no extra cost in the Standard itself. Extra costs may be incurred by agencies when internal resources are used in the implementation of the Standard as well as any general compliance costs. It is also possible that some costs could reduce if an agency has been using more complex processes than absolutely necessary.

What information can be held by agencies using the Evidence of Identity Standard? Who has the right to see the information held about me? Will I be able to check the information held about me?

Regulations setting out what personal information can be held by agencies are governed by the Privacy Act 1993. The Privacy Act also governs who has the right to see individual’s personal information and how that individual might get access to the information.

For information about the Privacy Act see the Privacy Commissioner’s website: www.privacy.org.nz

Will the Evidence of Identity Standard apply to visitors to New Zealand, permanent residents who were not born in New Zealand and foreign nationals?

Yes, the Evidence of Identity Standard applies to anyone accessing the agencies’ services with a degree of identity-related risk, not the ‘types’ of individual clients.


Further Information * This document is in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.

Return to top of page
Links for help with this site

Site map

Search

Help

Contact us

Email us

newzealand.govt.nz

 Return to top of page

Last updated: 02/07/2009