Private and protected
Your personal information is valuable and worth protecting.
When you send your personal information online, it is important to know who you are sharing it with, and how your privacy is protected.
Having a Digital ID through the Australian Government's Digital ID system means you can be confident your personal information is:
- securely encrypted
- shared with providers and services only with your consent*
- not collected, profiled, used or sold for other purposes, such as direct marketing
- protected by strict security protocols set by the Australian Government
- information about what services you access is also protected and only used to:
- manage your Digital ID
- manage possible fraud
*Unless required by law or to investigate instances of fraud.
What information is shared?
Your personal information is only shared with your consent and is usually limited to your:
- name
- date of birth
- contact details.
If the service you are accessing requires more information, they must justify this request in writing and seek express consent from you.
- They also need to demonstrate that:
- they have appropriate security, privacy and fraud control processes
- they have completed a risk assessment before they receive more information.
Protecting your biometric information
Using biometrics, like your face, to prove who you are online is safe, secure, and reliable. Matching a scan of your face to your ID documents is an important security feature which helps reduce the risk of identity crime and fraud.
Biometric matching can be used for many purposes. With a Digital ID, it is only used to help verify that an individual is a true and live person. It is a secure, convenient and reliable way to check a person is who they claim to be.
Your biometric information is protected by a range of safeguards. Identity services in the Australian Government's Digital ID system:
- will only use your biometric information to verify your ID
- will delete your biometric information after your ID is verified
- need your consent each time they use biometric matching
- use strong security and encryption to protect your ID.
A secure Digital ID system
The Australian Government's Digital ID system has been designed with your security in mind.
The system includes security features which undergo rigorous assessment and testing.
Providers within the system must be accredited under the Trusted Digital Identity Framework and meet strict requirements to protect users’ privacy and security, and control against fraud.
These requirements include the need for system participants to have:
- demonstrated compliance with the Australian Privacy Principles and the Privacy Code.
- an independent privacy impact assessment
- independent information security assessments
- ICT penetration tests
Organisations involved in the Australian Government's Digital ID system must be accredited under the Trusted Digital Identity Framework. To achieve this, organisations must meet strict requirements for privacy protection, security, risk management and fraud control.
Accreditation is checked annually by the Australian Government.
The Australian Government's Digital ID system is currently governed by an interim Oversight Authority responsible for safety, reliability and the efficient operation of the system.
The Oversight Authority manages:
- accreditation, approval, suspensions and termination of organisations in the system
- monitoring and compliance of these organisations against the standards
- inquiries and investigations of the system including (but not limited to) system incidents, fraud and security
- complaints and issues handling for organisations participating in the system.
The use of a digital ID involves the exchange of sensitive and personal information when a person is seeking to verify their ID online.
The Privacy Act promotes and protects the privacy of individuals and covers many Digital ID transactions. This Act includes a range of enforcement and regulatory powers.
The Trusted Digital Identity Framework builds on the requirements in the Privacy Act, ensuring that providers in the Australian Government's Digital ID system meet high standards for privacy and security.
There have been five independent Privacy Impact Assessments conducted on the Australian Government's Digital ID system and associated policy which are available to download (last updated 24 January 2024):
2023
- Privacy Impact Assessment for the Digital ID Bill 2023 Exposure Draft and Rules, December 2023, Maddocks
- Addendum for the Digital ID Bill 2023, January 2024, Maddocks
- Departmental Responses to the Maddocks Privacy Impact Assessment Recommendations, January 2024, Department of Finance.
2022
- Privacy Impact Assessment Report for the draft TDI Legislation, February 2022, HWL Ebsworth
2021
- 3rd Independent Privacy Impact Assessment (PIA) on the TDIF and related Digital Identity Eco-system, March 2021, Galexia
2018
- Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF), September 2018, Galexia
2016
- Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha, December 2016, Galexia
