Entries submitted (as on 21.04.2017)

D1: ‘AboutMe’ online access tool (New Zealand)
D2: AskUs a query-based online knowledge base (New Zealand)
D3: A Privacy Compliance Assessment Web Application Tool (Mauritius)
D4: “Privacy App.” (Albania)
D5: Digital tool for citizens to report nuisance calls and messages (UK)
D6: YouTube channel (Canton of Zurich, Switzerland)
D7: Datenschutz.ch App (Canton of Zurich, Switzerland)
D8: System of Access, Rectification, Cancellation and Opposition of Personal Data of the State of Mexico (SARCOEM) (Infoem, Mexico)
D9: Online information and education campaign (Philippines)
D10: Data Protection self-assessment for SMEs (UK)
D11: OIPC Webinar Series (OIPC Ontario, Canada)
D12: “Corpus luris” (INAI, Mexico)

D1: ‘AboutMe’ online access tool (New Zealand)


 

 

 

 

 

Entry by: Office of the Privacy Commissioner, New Zealand

‘AboutMe’ online access tool
The Privacy Commissioner developed an online tool called AboutMe to make it easier for individuals to ask agencies for their personal information by helping to draft a template email with all the details agencies need to respond to information requests. AboutMe also helps agencies by standardising requests for personal information and ensuring that they include all the relevant detail.

Why the initiative deserves to be recognised by an award?*
The AboutMe tool seeks to give better effect to a fundamental individual right and to ‘make privacy simple’ for both the subject and the data controller.

* Non-competition entry: New Zealand has exempted itself from the competition as the ICDPPC Chair, who is judging the competition, is also the New Zealand Commissioner. This entry is for illustrative purposes only.

Complete entry available here.

 

D2: AskUs a query-based online knowledge base (New Zealand)

 

 

 

 

Entry by: Office of the Privacy Commissioner, New Zealand

AskUs a query-based online knowledge base
AskUs is a query-based online knowledge base that is subject specific to privacy and New Zealand’s privacy legislation. Individuals are able to pose privacy-related questions to AskUs by entering their query in the AskUs online search field. The system is designed to produce a closely or exactly matching answer to the question.

Why the initiative deserves to be recognised by an award?*
AskUs is a flagship example of how the Office of the Privacy Commissioner is strategically configuring its resources to be able to assist more people more easily by providing smarter and more efficient online services. Digital technology and the Internet allow organisations to be able to help more people with more targeted tools for delivering assistance and advice.

The Office of the Privacy Commissioner is of the view that AskUs is achieving an important key performance indicator by making its advice and assistance available as easily, accessibly and widely as possible. While a formal evaluation of AskUs has yet to be carried out, it appears the online tool is reducing the enquiries workload on staff, freeing them to carry out other jobs.

AskUs is an example of how a successful and effective tool can be considered for use by other data protection and privacy authorities in their own moves to provide better public services within their respective privacy jurisdictions.

* Non-competition entry: New Zealand has exempted itself from the competition as the ICDPPC Chair, who is judging the competition, is also the New Zealand Commissioner. This entry is for illustrative purposes only.

Complete entry available here.

D3: A Privacy Compliance Assessment Web Application Tool (Mauritius)

Entry by: Data Protection Office, Mauritius

A Privacy Compliance Assessment Web Application Tool has been developed to enable data controllers to quickly and inexpensively check their compliance with the Data Protection Act.

Why the initiative deserves to be recognised by an award?
Most jurisdictions worldwide have developed comprehensive privacy laws which impose a number of obligations on organizations collecting personal data. However, the processes of ensuring compliance with privacy laws may be complex, lengthy, and costly. This is because such compliance work is usually undertaken by highly qualified experts, who need to examine in detail organizations’ flow of personal data across its lifecycle, from collection to disposal. Therefore, there is a pressing need to facilitate such privacy compliance. The advent of such a technological solution like the Privacy Compliance Assessment Web Application Tool is monumental and deserves recognition.

Complete entry available here.

D4: “Privacy App.” (Albania)

 

 

 

 

 

 

 

 

Entry by: Information and Data Protection Commissioner, Albania

Information and Data Protection Commissioner on the occasion of the 28 of January organised the “Privacy App.” competition. Three students teams reached the final stage of the competition and presented their privacy application. The winner application “IDP – Ankesa” give the possibility to individuals  to complain at  the Commissioner Office in an swiftly, easily and safely way, closer to the digital citizen.

Why the initiative deserves to be recognised by an award?
The application “IDP Ankesa” is available for download in the “Google play store” by all citizens in possession of an Android smartphone. Mobile technology has the potential to make services more flexible and citizens more informed, as they can access information anywhere at any time from their mobile device. This innovation enables anyone to file a complaint for any violation or misuse of personal data directly from their phone. The application is efficient, secure and easy to use.

As a newly introduced instrument, the application is also intended to raise the awareness of individuals and society, regarding the protection of their privacy.

Complete entry available here.

D5: Digital tool for citizens to report nuisance calls and messages (UK)

 

 

 

 

 

 

Entry by: Information Commissioner’s Office, UK

For citizens to report nuisance calls and messages to the UK Information Commissioner’s Office (ICO), so that we can take action against those responsible.

Why the initiative deserves to be recognised by an award?
The service is the key source of intelligence to identify and take action against those responsible for nuisance calls and messages in contravention of the Privacy and Electronic Communications Regulations. Its ease of use has led to high numbers of reports; the service allows us to easily manage this volume and use the intelligence without having to deal with each report as an individual case – helping us meet our strategic aims.

The results in numbers:

  • 40,000 reports received in the first 10 weeks;
  • 80% increase in the number of reports received – from an average 2,300 to 4,150 a week;
  • 92% completion rate.
  • Over £2.5m issued in fines since the start of 2016 (using information from the tool and its predecessor).

Comments from users:

  • “We now have somewhere to go to report these unwanted calls in the hope that action will be taken against them. Website is easy and clear to use.”
  • “It’s nicely streamlined, straightforward and without bogging the user down with too much information – important when users may be wanting to make a complaint whilst being a bit flustered due to having been annoyed by unsolicited sales calls.”
  • “New nuisance call complaint form is a great improvement.”

Complete entry available here.

D6: YouTube channel (Canton of Zurich, Switzerland)

 

 

 

 

 

 

Entry by: Data Protection Authority of the Canton of Zurich, Switzerland

To encourage and stimulate young people to address data protection and privacy issues according to their focus, in their own language, with their own means, while using the platform they are most often on. Therefore a Youtube channel was provided for them by the Data Protection Authority, kick-starting the initiative with a video from Youtubers entitled «Why privacy matters?».

Then a first competition for Youtubers was launched. Videos on the topics of data protection and privacy could be submitted.

Why the initiative deserves to be recognised by an award?
The initiative is a unique approach to address the fundamental question «Why privacy matters?». Young people are given an incentive to discuss and reflect on the topic of privacy and data protection in their own way of thinking. The results are reflected in Youtube videos which represent own experiences and ideas.

The Data Protection Authority launched the Youtube channel with a first video with statements of four Youtubers on privacy and data protection. By initiating a first competition a peer to peer dialogue was implemented which was further supported by two commissioned videos of the Data Protection Authority on the subject of passwords, both produced by Youtubers.

This approach complements the most common way of disseminating information and building awareness by Data Protection Authorities. Getting online users, who typically are not intensely engaged in privacy, to disseminate their reflection on privacy to their peers by producing a video, opens a platform usually not accessible by a common approach. The success of this approach was made obvious by the fact that thousands of clicks on the sites were registered in the first few weeks.  And it needs to say, the Data Protection Authority has to be open and a bit venturous in not intervening in the single content of a video.

Complete entry available here. Attachment available here.

D7: Datenschutz.ch App (Canton of Zurich, Switzerland)

 

 

 

 

 

 

Entry by: Data Protection Authority of the Canton of Zurich, Switzerland

Creating a tool, an app, which combines all needs of today’s mobile and interactive user. It enables the user to get in touch promptly with competent staff or report data protection issues of any kind. It provides access to other useful tools such as a password check, direct access to sample forms to get access to one’s personal information, instruction to one’s rights as well as access to all publications of the Data Protection Authority.

Why the initiative deserves to be recognised by an award?
The App is a unique tool which gives a full portfolio of information and supporting tools to all individuals. It’s not just an index with links to the website of the Data Protection Authority but an interactive tool. For instance the integrated password check is a smart tool which analyzes a password and gives tips how to generate a secure and strong password.

The app fulfills the standards of a privacy friendly and secure application. It is by itself an example of «privacy by design».

This app answers the needs of today’s mobile and independent users. The app has already been downloaded by thousands. It complements the Data Protection Authority’s task in consulting with individuals and public bodies as well as in disseminating information. Needless to say that this smart tool is available whenever you want and wherever you are.

Complete entry available here. Attachment available here.

D8: System of Access, Rectification, Cancellation and Opposition of Personal Data of the State of Mexico (SARCOEM) (Infoem, Mexico)

 

 

 

 

 

 

Entry by: Transparency, Public Information Access and Personal Data Protection Institute of Estado de México and municipalities, Infoem, Mexico

Sarcoem is a computer system that allows ARCO rights to be exercised to authorities of the State of Mexico and Municipalities by Internet, to file an appeal against (review), verifying compliance and management to the profiles of various users.

Why the initiative deserves to be recognised by an award?
Sarcoem is an innovative system, there is no reference to a similar system at the global level in the public sector.

It is Infoem development, with level and security measures adequate to carry out the management of requests ARCO, also has Secure Socket Layer certificate.

Sarcoem is an example of efficiency, effectiveness and economy, considering that Infoem has a limited budget for the fulfilment of its obligations compared to other authorities (the general budget of the Institution was about 5´000,000 euros last year, conversion of April 3, 2017), a part of which is used for administration and maintenance of proprietary systems through a Directorate specialized in information technologies.

It is a simple, free and easily accessible system for citizens, available 24 hours 365 days a year. A system with a philosophy of continuous improvement, as its operation is constantly evaluated to increase safety and efficiency measures. Focused to an important target population, since only the State of Mexico had 16’187,608 population in 2015 (last official census).

System with global users, makes possible the exercise of ARCO rights from anywhere in the world by authorities of the State of Mexico and Municipalities.

Complete entry available here.

D9: Online information and education campaign (Philippines)

 

 

 

 

 

 

Entry by: National Privacy Commission, Philippines

The National Privacy Commission’s online information and education campaign utilizes social media to maximize its limited resources and reach as many people as possible by providing compelling content to raise awareness, elevate public discourse, and ensure that every Filipino understands their right to data privacy, and to hold accountable those who violate it. They are some of the Commission’s most potent tools in achieving its goal of building a culture of privacy in the Philippines.

Why the initiative deserves to be recognised by an award?
In a country where the concepts of data privacy and protection have yet to find solid ground in the minds of industry leaders and the general public alike — despite being victims of the largest personal data breach in a government-held database in the world — the NPC’s online information and awareness campaign attempts to introduce the need for good personal data privacy hygiene practices to the everyday Filipino. It capitalizes on the Filipino population on Facebook, a whopping 60 million users, by using references from popular culture and current events to help make privacy and personal information household terms and an everyday concern.

Through a constant stream of daily content and compelling messages, the Commission aims to concretize the concepts of data privacy and protection to the ordinary citizen, explaining how the very real dangers of ineffective or inadequate privacy practices can affect their personal and professional lives. It is also an avenue for the Commission to address inquiries and concerns. Overall, the online platforms are designed to be consistently engaging in order to demystify data privacy and really communicate the message of the Commission — that data privacy isn’t just for lawyers or IT people, it is for everyone.

Complete entry available here.

D10: Data Protection self-assessment for SMEs (UK)

 

 

 

 

 

 

Entry by: Information Commissioner’s Office, UK

Data Protection self-assessment for SMEs
For organisations, particularly small and medium sized enterprises, to quickly and easily assess their compliance with the Data Protection Act in a range of areas, and get targeted guidance on what they can do to improve.

We are currently working on improvements to the tool, expected to go live in May 2017. We would like them to be included as part of this entry and we have detailed them below.

Why the initiative deserves to be recognised by an award?
We undertake regular testing with users on our website. We’d heard that many organisations struggled to know where to start. This tool helps organisations by highlighting key areas, and giving advice based on the organisation’s particular needs.

As part of the ICO’s digital and IT strategy we aim to be digital by default, and more self sufficient when building and maintaining our digital services. The tool provides a service that would usually require input from ICO staff via our helpline, email or post. We have built the technology with common, re-usable components within our open source content management system so that we are able to create new checklists without reliance on third party developers.

The tool receives an average 9,000 visits each month.

Comments from users:

  • “The toolkit allows us to review and identify any data protection gaps and confirm that the processes we have are sound. Our core business is providing a service to patients and part of this is safely handling their data.”- Orthodontic practitioner
  • “The tool was very simple to use and provided a wealth of information. This is a great tool for a beginner or an experienced information practitioner. The toolkit has highlighted weak spots with our information security that we will now work on.”- Consultancy service provider
  • “I recommend any and all companies to use this tool.” – Marketing company group manager

Complete entry available here.

D11: OIPC Webinar Series (OIPC Ontario, Canada)

 

 

 

 

 

Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada (OIPC)

OIPC Webinar Series
We fulfilled our commitment to increased engagement with our public and professional audiences across Ontario by leveraging the use of online tools. To help with this province-wide outreach, the OIPC launched a webinar series on in-demand access and privacy issues facing Ontarians and the institutions that serve them. This online series has helped us overcome geographical barriers to delivering our mandate on behalf of all Ontarians, regardless of where they live or work.

Why the initiative deserves to be recognised by an award?
Our webinar series has opened the door to more consultation and collaboration with our diverse audiences. It has increased the OIPC’s profile and visibility, and allowed us to build a truly province-wide presence as we deliver our mandate and serve all Ontarians. Essentially, this is what makes this initiative deserving of recognition. With the use of this online tool, the OIPC has expanded its geographic footprint and is fulfilling its mandate to educate the public about Ontario’s access, privacy and health privacy laws. The result has empowered the OIPC and Ontarians, alike. More than ever before, we are consulting with each other on evolving and emerging access and privacy issues facing Ontario’s public and health sectors. Our webinar series has made it possible to communicate with each other in real-time, across the province, from urban centres to remote areas, and share guidance on best practices that serve as access and privacy benchmarks to help institutions meet their responsibilities under the law.

Complete entry available here.

D12: “Corpus luris” (INAI, Mexico)

 

 

 

 

 

Entry by: INAI, Mexico

The “Corpus Iuris” on personal data protection is an electronic tool based on a search engine which allows the identification of:

  • International instruments on personal data protection, privacy, intimacy, and habeas data in the different human rights systems: American, European, African, the United Nations, as well as in specialized bodies, such as the Special Rapporteur on the right to Privacy of the UN.
  • Jurisprudential criteria that international jurisdictional bodies have issued regarding these rights.

Why the initiative deserves to be recognised by an award?
In the first place, it is useful to have a computer-based tool through which the jurisdictional and administrative authorities can have access to the criteria for the application of the legislation in this subject, allowing them to improve the argumentation in specific cases of application of the law. Also, in Ibero-American countries, this tool is particularly important to achieve an adequate level of conventionality through an exercise of legal interpretation in which the application of international human rights norms is privileged over domestic provisions, when the latter provide lower protection of human rights.

On the other hand, it is also useful to provide individuals and society in general with relevant and updated information related to the right of personal data protection, to the provided mechanisms for its exercise and defense, as well as to the different criteria issued in this subject by international organizations. This, to ensure that the data subject has the necessary information to fully exercise her/his rights to personal data protection, privacy, and informational self-determination.

Complete entry available here.