In the UK, OGC (Office of Government Commerce) has developed a very successful project review methodology for the British Government called Gateway. After being adopted in Australia, it is now being implemented in New Zealand by the State Services Commission for major capital projects.
According to a presentation given at a 2007 government IT conference, Gateway reviews will be a key part of monitoring and quality Assurance of major ICT-enabled business Government projects.
It was therefore interesting to see that the UK’s Information Commissioner’s Office (ICO) wants compulsory Privacy Impact Assessments to be part of the Gateway review process. A senior official is quoted in Computing as saying, “We do not want the government to develop systems that may contravene data protection law and cost millions of pounds to put right. And we do not want systems to be developed that will not enjoy public confidence because people feel that their privacy is being eroded.”
The OGC has rejected an across-the-board approach of requiring Privacy Impact Assessments for all projects reviewed. Instead, it favours a case by case approach.
It is worth keeping an eye on how this plays out in the UK and whether that flows into NZ.