All posts by Genevieve

Identity Verification

How many times as in-house counsel have you been asked to certify a “true copy” of an identity document such as a passport or driver’s licence? I did laugh when I wrote this, as the very first time that I was asked to certify an identity document, having just started as an in-house counsel, it turned out it was for my fellow-employee’s divorce application!

There is a new code of practice relating to identity verification to be aware of if you are certifying identity documents – the Amended Identity Verification Code of Practice 2013 (the 2013 Identity Verification Code). The 2013 Identity Verification Code can be found here: 2013 Identity Verification Code. The information published by the Financial Markets Authority also recommends that the Code should be read in conjunction with this explanatory note.

The 2013 Identity Verification Code has been issued under the Anti-Money Laundering and Countering of Financing Terrorism Act 2009[1].

An earlier version of the Identity Verification Code was issued in 2011. The 2013 Identity Verification Code includes changes to make the code consistent with electronic identity verification in accordance with the Electronic Identity Verification Act 2012. The 2013 Identity Verification Code came into effect on 10 October 2013.

The 2013 Identity Verification Code allows for identity verification using both documentary and electronic verification. Where documentary verification is used, the reporting entity may rely on copies of the relevant identity documents, as opposed to sighting the originals, provided that they are certified in the prescribed way[2].

The biggest change from the older practice that many lawyers will be used to is that instead of only certifying a document as a “true copy”, lawyers must now also include a specific statement that the documents represent the identity of the person. The lawyer must sight the original documentary identification, and make a statement to the effect that the documents “are a true copy and represent the identity of the named individual”.[3] Certification must also include the name and signature of the lawyer and must specify the date of certification and that the certifier is a lawyer.[4]

There are also restrictions about the lawyer’s relationship with the person whose identity is being verified (you can not provide a valid certification if you are related or living at the same address as the person or involved in a business or transaction requiring the certification) and about the timing of the certification versus the presentation of the documents [5].

At the end of this blog is a checklist which is intended to provide a quick summary of the key restrictions and requirements for certifying copies under the 2013 Identity Verification Code but please do review the full Code here: 2013 Identity Verification Code.

New Zealand Law Society guidance on certifying identity documents is here: Law Society Guidance, although note that the guidance was written for the Identity Verification Code of Practice 2011 and not the current 2013 version.[6]

Checklist

1.             Do you satisfy the requirement to be a “trusted referee” by being a lawyer as defined in the Lawyers and Conveyancers Act 2006?

 2.             Are you not excluded from certifying the documents by being related or living at the same address as the person or involved in a business or transaction requiring the certification (see the full list at section 10 of the Code)?

 3.            Have you sighted the original identifying documents?

 4.             Have you made a statement on the copy document(s) to the effect that the documents are a true copy and represent the identity of the person?

 5.            Have you included your name and occupation with the certifying statement?

 6.            Have you signed and dated the certification?

For more information about electronic verification in New Zealand see Real Me.

 


[1] See subpart 5 of the Act – Codes of Practice

[2] See section 7 of the Code.

[3] See section 11 of the Code.

[4] See section 12 of the Code.

[5] See sections 8 and 10 – 13 of the Code in particular.

[6] Although that statement was made in relation to the 2011 Code.

Launch of Interwoven Law

We are very pleased to announce Interwoven Law, an alliance of experienced senior lawyers working together to provide helpful advice to the public sector. Best+Hancock | Sole Practitioners is one of its founding members.

Interwoven Law is not a single firm, but a collective of agile practices, interwoven to better serve our clients. The Interwoven Law members are Best+Hancock | Sole Practitioners, Elwood Law, Jonathan Kaye Law, Palairet Law, Robert Buchanan Law and Van Rij Law.

What effect will the Interwoven alliance have? Interwoven Law will help us to continue to offer our clients excellent quality and value, through:

  • connectedness and sharing of knowledge: Interwoven Law members know the public sector well and are committed to sharing non-confidential information to ensure we all remain up to date. We also share templates and other know-how with one another to help deliver a better client service;
  • more newsletters and events: it takes time to stay on top of relevant legal developments. The Interwoven legal practices discuss recent cases, as well as legislative and policy changes, to ensure that our knowledge, and our clients’ knowledge, remains current. If you would like to subscribe to Interwoven Law newsletters, you can subscribe by email or RSS feed on the Interwoven website;
  • cost efficiencies (such as joint purchasing of some services and shared premises and resources) that will enable us to continue to offer our clients excellent value for money and highly competitive rates; and
  • added capacity: the Interwoven Law practices know each other well and are skilled at collaborating on projects. Where needed, and only with client approval, we can involve other Interwoven Law members to boost capacity, knowledge and turn-around.

You can find out more on Interwoven Law and its members at the Interwoven Law website.

Google privacy debate continues

Google implemented its revised Privacy Policy on 1 March as it indicated it would, but pressure to amend the policy continues.

Several days ago the EU’s Justice Commissioner apparently said that authorities had found that “transparency rules have not been applied” by Google and that the changes made are in breach of European law (see the BBC reports).

Japan’s trade and industrial ministry also warned that Google must follow Japan’s privacy law in implementing its new approach, and that Google needed to provide explanations to address users’ concerns (Computerworld UK).

And members of the US senate have asked the Federal Trade Commission to investigate whether the new policy breaches the company’s settlement over the Buzz social networking site (see Infosecurity magazine). Although a separate claim by a US based privacy group the Electronic Privacy Information Center, also filed with the Federal Trade Commission, about concerns over the privacy policy has been dismissed.

Locally, the Asia Pacific Privacy Authorities (APPA), which is the forum for the privacy authorities of New Zealand, Australia, Canada, Mexico, Hong Kong and South Korea, has written to Google chief executive Larry Page to raise concerns about the policy. APPA’s letter (which can be viewed here: APPA letter) indicates concerns that:

  • combining personal information from across different services has the potential to significantly impact on the privacy of individuals;
  • in condensing and simplifying the privacy policies, important details in the policies may have been lost; and
  • privacy tools such as the Dashboard and the Opt-out in the Ads Preference Manager are not readily accessible.

The response to APPA from Google’s Global Privacy Counsel (here if you would like to see it in full) indicates that the sharing of data across Google services is something Google has “already done for a long time for many of our products“ (and its previous privacy policies reflected that, as we mentioned in our previous blog post on the new policy). The letter also confirms that Google is not collecting any new or additional data about users under the new “up-dated” policy and that Google does not  sell users’ personally identifiable information.

The letter includes some interesting comments about deletion or removal of data, which continues to be an issue with many social networking tools. The letter states that Google makes ”good-faith efforts to provide our users with access to their personal information and to delete such data at their request, if it is not otherwise required to be retained by law or for legitimate business purposes“. It goes on to say that immediate deletion of user data is not always practicable due to the way the Google archiving system operates, but that Google has processes in place to remove user data from active serving systems within a reasonable period of time after a user asks it to close his or her Google Account.

(Photo by Robert Scobie and licensed under a CC-BY 2.0 (Generic) licence.)

Google announced last week that it is replacing its previous privacy policies, which differed across specific Google services, with one overall policy.

The new policy, available here, has come under criticism for allowing Google to share user data across its services (for instance, across services like Gmail and YouTube).

The pooling of information in this way, critics say, increases the attraction for advertisers, because adverts can be more targeted.

Microsoft has been particularly vocal in criticising the new policy, taking out full-page ads in several large American newspapers including Today, The Wall Street Journal and New York Times (v3.co.uk).

The new policy does include the ability for Google to share information across its services. For example:

We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services.

But, Google’s privacy policy has not changed in relation to sharing user data across services. In fact the rights for Google to share information across services goes back to at least 2004. See the 2004 Google Privacy Policy.

It is also important to note that Google does not appear to provide personal information directly to advertisers. What its privacy policy says, on this issue, is that it “may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites“. Google has also said that its “computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you”. That is quite different to providing individual and personally identifying user information to advertisers.

It’s of course important that users are aware of the privacy policies and the terms and conditions that apply to the services they are using. But in some ways this negative publicity is ironic. As a user and as a legal adviser, I welcome having one consolidated privacy policy to consider for the range of Google services (excluding Postini it should be noted), instead of trawling through a number of policies. Perhaps the media attention just reflects a growing awareness of the issues around privacy and the Internet. And awareness of those issues is a good thing.

(Photo by Robert Scobie and licensed under a CC-BY 2.0 (Generic) licence.)

Chrisco Hampers Limited, the Christmas hamper seller, was fined $175,000 in the Manukau District Court yesterday, for breaches of the Fair Trading Act 1986. Chrisco had earlier pleaded guilty to misleading customers about their rights to cancel hamper and toy orders. Consumers’ rights to cancel these types of purchases are governed by the Layby Sales Act 1971.

The Commerce Commission investigated the cancellation policy and then brought 10 charges under the Fair Trading Act. The breaches related to customers being mislead about what they could be charged if they cancelled at a particular time, how they could cancel, and in some instances, at what point in time they could cancel.
Read more…

Hold tight to that iPhone

Apple’s anywhere, any person warranty is certainly useful when you have a problem with an Apple product. But not surprisingly, it benefits thieves as well as legitimate owners. An article in the Sydney Morning Herald this morning quotes a New York City Police report as saying that mobile phones and other gadgets were the target of half of the 16,000 robberies reported in New York between January and October 2011 and that 70 per cent of all phones taken from subway and bus passengers were iPhones. And a common channel for thieves to get rid of iPhones is apparently to take them to a store, as if broken, for replacement or a discount on a new phone. Those with legitimate iPhone warranty claims may find this leads to Apple becoming less generous than it currently is. In the meantime, there are a number of iPhone apps designed to help guard against thieving, including one called iGotYa, which takes a photo of anyone who incorrectly types int he password on a locked phone and then emails the photo and location to the owner’s email address. iGotYa indeed. For the full article see SydneyMorningHerald.

Image care of Salvatore Vuono.

The interview with Paul Ducklin, Head of Technology, Asia Pacific for the global internet security provider, Sophos on National Radio’s Nine to Noon this morning (Nine to Noon) shows just how strong feelings around the Internet, intellectual property rights and competition and innovation by artists and developers are.

It’s useful to remember that the current law under which prosecutions of file sharing can be brought seems adequate for dealing with a site that is designed to allow file-sharing (as megaupload.com is alleged to have been designed for), although megaupload is allegedly in an extreme category, with its proprietors being charged with racketeering and money-laundering as well as copyright infringement.

(Image by MikeBlogs and licensed under a CC BY 2.0 licence.)

On Sunday, New Zealand time, the US Congress postponed the Protect IP and the Stop Online Piracy Acts, without any date for the proposed laws to be re-visited.

In the common US contortionist naming of bills, the Protect IP Act stands for Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (or PIPA) and the Stop Online Piracy Act is known as “SOPA”.

The bills were introduced in mid 2011. The intention of the planned legislation was particularly to stop online piracy of movies and music, but it would have included piracy of software and even counterfeiting of drugs and car parts. Read more…

If you'd like to get to know us or discuss something over coffee, drop us a line.