Privacy and security benefits
Private and protected
Your personal information is valuable and worth protecting.
It's important to know who you are sharing your personal information with online. It's also important to understand how your information and privacy are being protected. Using an accredited Digital ID provider on the Australian Government Digital ID system means information is:
- securely encrypted
- only shared with providers and services with your consent, unless required by law or to investigate instances of fraud
- not collected, profiled, used or sold for other purposes, such as direct marketing
- protected by strict security protocols set by the Australian Government.
Information about what services you access is protected and only used to:
- manage your Digital ID
- manage possible fraud.
What information is shared?
Your personal information is only shared with your consent. Information that is shared is usually limited to your:
- name
- date of birth
- contact details.
Some services may require more information. They must justify this request in writing and seek express consent from you. They also need to demonstrate that:
- they have appropriate security, privacy and fraud control processes
- they have completed a risk assessment before they receive more information.
Protecting your biometric information
Biometrics, like your face are used to prove who you are online is safe, secure, and reliable way. Matching a scan of your face to your ID documents reduces the risk of identity crime and fraud.
Digital ID Biometric matching is only used to help verify that an individual is a true and live person. It is a secure, convenient and reliable way to check a person is who they claim to be.
Your biometric information is protected by a range of safeguards. ID services within the Australian Government Digital ID system:
- will only use your biometric information to verify your ID
- will delete your biometric information after your ID is verified
- need your consent each time they use biometric matching
- use strong security and encryption to protect your ID.
A secure Digital ID system
The Australian Government Digital ID System has been designed with your security in mind.
The system includes security features which undergo rigorous assessment and testing.
Providers within the system must be accredited under the Trusted Digital Identity Framework. Accredited providers must meet strict requirements. These requirements include protection of users’ privacy and security, and control against fraud.
These requirements include the need for system participants to have:
- demonstrated compliance with the Australian Privacy Principles and the Privacy Code
- an independent privacy impact assessment
- independent information security assessments
-
ICT penetration tests.
Accreditation and standards for services
Organisations involved in the Australian Government Digital ID system must be accredited under the Trusted Digital Identity Framework. To achieve this, organisations must meet strict requirements for privacy protection, security, risk management and fraud control.
Accreditation is checked annually by the Australian Government.
Strong governance
The Australian Government Digital ID system is currently governed by an interim Oversight Authority responsible for safety, reliability and the efficient operation of the system.
The Oversight Authority manages:
- accreditation, approval, suspensions and termination of organisations in the system
- monitoring and compliance of these organisations against the standards
- inquiries and investigations of the system such as system incidents, fraud and security
- complaints and issues handling for organisations participating in the system.
The Privacy Act
The use of a digital ID involves the exchange of sensitive and personal information when a person is seeking to verify their ID online.
The Privacy Act promotes and protects the privacy of individuals and covers many Digital ID transactions. This Act includes a range of enforcement and regulatory powers.
The Trusted Digital Identity Framework builds on the requirements in the Privacy Act, ensuring that providers in the Australian Government's Digital ID system meet high standards for privacy and security.
Privacy Impact Assessments
There have been five independent Privacy Impact Assessments conducted on the Australian Government Digital ID System and associated policy which are available to download (last updated 24 January 2024):
List of Privacy Impact Assessments
2023
- Privacy Impact Assessment for the Digital ID Bill 2023 Exposure Draft and Rules, December 2023, Maddocks
- Addendum for the Digital ID Bill 2023, January 2024, Maddocks
- Departmental Responses to the Maddocks Privacy Impact Assessment Recommendations, January 2024, Department of Finance.
2022
- Privacy Impact Assessment Report for the draft TDI Legislation, February 2022, HWL Ebsworth
2021
- 3rd Independent Privacy Impact Assessment (PIA) on the TDIF and related Digital Identity Eco-system, March 2021, Galexia
2018
- Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF), September 2018, Galexia
2016
- Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha, December 2016, Galexia