The Department of Internal Affairs

The Department of Internal Affairs

Te Tari Taiwhenua

Building a safe, prosperous and respected nation

 

Resource material › Evidence of Identity Standard › Questions and Answers

* This document is in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.

What is the Evidence of Identity (EOI) Standard?


The Evidence of Identity (EOI) Standard is a good practice guide for government agencies who need to establish and subsequently confirm the identity of customers accessing their services. The Standard applies only for those services that have a degree of identity-related risk.

The Standard is part of the suite of New Zealand Authentication Standards for online service delivery designed to assist agencies to meet the goal of transforming government through the use of the internet. However, the EOI standard also applies to offline services.

What do we mean by evidence of identity?


EOI is the types of evidence that, when combined, provide agencies or organisations with confidence that an individual is who they claim to be.

The Evidence of Identity Standard is based on three components that, if applied as a whole to an individual case, provide confidence that a person actually owns the identity they require.

The three components for establishing identity are:
    • 1. Evidence that the claimed identity is valid – i.e. that the person was born and, if so, that the owner of the identity is still alive.
    • 2. Evidence that the presenter links to the claimed identity – i.e. that the person claiming the identity is who they say they are and that they are the only claimant of the Identity.
    • 3. Evidence that the presenter uses the claimed identity – i.e. that the claimant is operating under this identity in the community.
Evidence of identity is the combined evidence that individuals provide to agencies to show that they are who they say they are. The level of evidence that they have to provide will vary, depending on the level of potential risk of the service they require.

Why introduce an Evidence of Identity Standard?


Identity theft and fraud are becoming both easier and more prevalent. The introduction of a mandated Standard is one effective way to reduce the effects of identity crime and its consequences. It is not, however, the only mitigation. With Internet services, some people are becoming increasingly concerned about privacy. The Evidence of Identity Standard has been developed in consultation with the Office of the Privacy Commissioner to help ensure that the evidence being provided is appropriate for the service the public is receiving.

The Evidence of Identity Standard has been developed in response to the need to ensure government agencies apply consistent, good practice methods of establishing and confirming the identity of individuals with whom they transact.

The Standard will ensure consistency in the purposes for which particular documentation should, and should not, be used within an evidence of identity process.

The Standard was also introduced to assist with the transformation of government service delivery through the use of the internet. This aspect includes the goal of increased customer convenience through more efficient service delivery, and reduced cost by eliminating duplication of investment by agencies as they use igovt services rather than invest in their own systems.

Does the Evidence of Identity Standard eliminate identity crime? HOW does the Evidence of Identity Standard protect us against the threat of terrorism and organised crime?


The newest growth sector for organised crime is identity theft and this is an international problem. The Evidence of Identity Standard will not entirely eliminate identity crime. The Standard aims to reduce risks by providing agencies with good practice guideance on evidence of identity requirements for services with varying degrees of identity-related risk. If an appropriate standard is established from the start, then agencies will be able to gain a higher degree of confidence that the person presenting to them for a service is the person they claim to be. This will reduce the risk of identity crime, along with the associated downstream consequences.

Recent studies provide an insight on the estimated cost of identity crime in New Zealand:
    • The New Zealand Crime and Safety Survey (2006, Ministry of Justice) estimates that 93,000 New Zealanders were victims of identity theft.
    • Translating Australian data to the New Zealand context suggests 133,000 New Zealanders per annum would be victims of identity fraud.

Is it compulsory for agencies to use the Evidence of Identity Standard?


The Standard was developed principally for use by New Zealand government agencies. Over time, agencies will be required to apply this Standard to all services they deliver to the public that contain identity-related risk. The Standard will apply to both online and offline services provided by agencies.

The Standard will become mandatory in the future as it moves through the Standard development stages in the E-government Interoperability Framework (e-GIF). Government agencies will be required to adopt it when they are developing new services or undertaking process redesign of existing services.

Private sector organisations can choose to use the Standard for services that involve identity risk.

What happens if we’ve already got a process in place?


If an agency already has an evidence of identity process in place for a service, it will need to assess that process against the requirements of the Evidence of Identity Standard. If the current process doesn’t meet the design and operational requirement of the Evidence of Identity Standard, then appropriate changes should be made when agencies are next making changes to those services.

Is there an extra cost if agencies use the Evidence of Identity Standard?


There is no extra cost in the Standard itself. Extra costs may be incurred by agencies when internal resources are used in the implementation of the Standard, and any associated costs resulting from the need to amend business processes. It is also possible that some costs could reduce if an agency has been using more complex processes than absolutely necessary.

What information can be held by agencies using the Evidence of Identity Standard? Who has the right to see the information held about me? Can I check the information held about me?


Regulations setting out what personal information can be held by agencies are governed by the Privacy Act 1993. The Privacy Act also governs who has the right to see individual’s personal information and how that individual might get access to the information.

For information about the Privacy Act see the Privacy Commissioner’s website: www.privacy.org.nz

Does the Evidence of Identity Standard apply to visitors to New Zealand, permanent residents who were not born in New Zealand and foreign nationals?


Yes, the Evidence of Identity Standard applies to anyone accessing the agencies’ services with a degree of identity-related risk, not the ‘types’ of individual customers.


Further Information

* This document is in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.