Privacy and security

Privacy and security benefits

Private and protected

Your personal information is valuable and worth protecting.

It's important to know who you are sharing your personal information with online. It's also important to understand how your information and privacy are being protected. Using an accredited Digital ID provider on the Australian Government Digital ID system means information is:

• securely encrypted
• only shared with providers and services with your consent, unless required by law or to investigate instances of fraud
• not collected, profiled, used or sold for other purposes, such as direct marketing
• protected by strict security protocols set by the Australian Government. 

Information about what services you access is protected and only used to:

• manage your Digital ID
• manage possible fraud.

What information is shared?

Your personal information is only shared with your consent. Information that is shared is usually limited to your:

• name
• date of birth
• contact details.

Some services may require more information. They must justify this request in writing and seek express consent from you. They also need to demonstrate that:

• they have appropriate security, privacy and fraud control processes
• they have completed a risk assessment before they receive more information.

Protecting your biometric information

Biometrics, like your face are used to prove who you are online is safe, secure, and reliable way. Matching a scan of your face to your ID documents reduces the risk of identity crime and fraud.

Digital ID Biometric matching is only used to help verify that an individual is a true and live person. It is a secure, convenient and reliable way to check a person is who they claim to be.

Your biometric information is protected by a range of safeguards. ID services within the Australian Government Digital ID system:

• will only use your biometric information to verify your ID
• will delete your biometric information after your ID is verified
• need your consent each time they use biometric matching
• use strong security and encryption to protect your ID.

A secure Digital ID system

The Australian Government Digital ID System has been designed with your security in mind.

The system includes security features which undergo rigorous assessment and testing.

Providers within the system must be accredited under the Trusted Digital Identity Framework. Accredited providers must meet strict requirements. These requirements include protection of users’ privacy and security, and control against fraud.

These requirements include the need for system participants to have:

• demonstrated compliance with the Australian Privacy Principles and the Privacy Code
• an independent privacy impact assessment
• independent information security assessments

• ICT penetration tests.

Accreditation and standards for services

Organisations involved in the Australian Government Digital ID system must be accredited under the Trusted Digital Identity Framework. To achieve this, organisations must meet strict requirements for privacy protection, security, risk management and fraud control.

Accreditation is checked annually by the Australian Government.

Strong governance

The Australian Government Digital ID system is currently governed by an interim Oversight Authority responsible for safety, reliability and the efficient operation of the system.

The Oversight Authority manages:

• accreditation, approval, suspensions and termination of organisations in the system
• monitoring and compliance of these organisations against the standards
• inquiries and investigations of the system such as system incidents, fraud and security
• complaints and issues handling for organisations participating in the system.