So you’ve decided that you want to move your IR330 data collection online through an app. Getting the IR330 tax code declaration is important for employers and payroll in New Zealand. Employers should look to collect their data online forms as a convenient and effective way to collect personal information from individuals on the internet. However, websites must ensure that they comply with applicable data protection laws and regulations, respect individuals' privacy and data protection rights, and provide clear and transparent information on how personal information is collected, processed, and used.
Here is our technical performance checklist under PICMI principles:
Protected Open Access
Online forms should have protected open access to ensure that users can access and complete the form securely, without the risk of unauthorised access or data breaches.
Have they consented to using a digital signature
Have they consented to transferring data digitally
Is this information an exclusion to digital signatures
Is the person signing in behind a log in that identifies them and it is their account
Can they make their own signature? (like name, font or “squiggle”)
Trusted and Authoritative
Online forms should be trusted and authoritative, including using electronic signatures, to ensure that users have confidence in the accuracy and integrity of the data collected and the organisation that collects it.
Are there tamper-proof measures to stop or detect unauthorised alterations, additions or deletions
Is the data secure end-to-end such that it cannot be intercepted and understood
Audit data is record: origin, destination, time
Well Managed
Online forms should be well-managed to ensure that they are easy to use, free from errors and omissions, and provide a positive user experience.
Can change the data when needed
Can the version of the data be seen
Can the originator of the data have a way to prove that later versions have not changed
Data is retained long enough
Understand how the data is going to be used (eg by third parties)
Do you have Data Privacy Officer
Is there data confidentiality
Where data is stored meets legal requirements (eg if offshore)
Are disaster recovery processes proven and reliable?
Reusable
Online forms should have reusable data to improve efficiency, accuracy, convenience, consistency, and customization, providing a better user experience and improving data quality.
Can people avoid retyping the same information
Is data only available once data is agreed to be shared
Is your unique identifier legal
Made for People
Online forms should be made for people to ensure that they are accessible, easy to use, translatable and provide a positive user experience, regardless of the user's language, background, or abilities.
Collect only what is needed
Collect directly from the person
Fairly and legally collected for purpose
Reviewed that enough data is collected to meet legal requirements
Does the law require language to be in English
Does the law require numbers to be in Arabic numerals
Is the meaning transparent
Is the language plain
If necessary, does it translate well (eg using google translate)
Reasonably Priced
Online forms should be reasonably priced to ensure that users can access and complete the form without financial barriers or undue costs.
Do you charge for access
Do you charge for changes
Conclusion
Collecting data respectfully and legally is key to establishing and maintaining a good business and a good relationship with potential employees and having the information at the ready for compliance purposes.
Discover exactly how to audit proof your IR330.
Take our PICMI Scorecard™ and get a “freakishly accurate” assessment of your business' top strengths and weaknesses in less than 10 minutes.
Comments