Digital Identity Australian Government

Private and protected

Your personal information is valuable and worth protecting.

When you send your personal information online, it is important to know who you are sharing it with, and how your privacy is protected.

Having a Digital Identity through the Australian Government Digital Identity System means you can be confident your personal information is:

securely encrypted
shared with providers and services only with your consent*
not collected, profiled, used or sold for other purposes, such as direct marketing
protected by strict security protocols set by the Australian Government
information about what services you access is also protected and only used to:
- manage your Digital Identity
- manage possible fraud

*Unless required by law or to investigate instances of fraud.

What information is shared?

Your personal information is only shared with your consent and is usually limited to your:

name
date of birth
contact details.

If the service you are accessing requires more information, they must justify this request in writing and seek express consent from you.

They also need to demonstrate that:
- they have appropriate security, privacy and fraud control processes
- they have completed a risk assessment before they receive more information.

Protecting your biometric information

Using biometrics, like your face, to prove who you are online is safe, secure, and reliable. Matching a scan of your face to your ID documents is an important security feature which helps reduce the risk of identity crime and fraud.

Biometric matching can be used for many purposes. With a Digital Identity, it is only used to help verify that an individual is a true and live person. It is a secure, convenient and reliable way to check a person is who they claim to be.

Your biometric information is protected by a range of safeguards. Identity services in the Australian Government Digital Identity System:

will only use your biometric information to prove your identity
will delete your biometric information after your identity is proven
need your consent each time they use biometric matching
use strong security and encryption to protect your identity.

A secure Digital Identity system

The Australian Government Digital Identity System has been designed with your security in mind.

The System includes security features which undergo rigorous assessment and testing.

Providers within the System must be accredited under the Trusted Digital Identity Framework and meet strict requirements to protect users’ privacy and security, and control against fraud.

These requirements include the need for system participants to have:

demonstrated compliance with the Australian Privacy Principles and the Privacy Code.
an independent privacy impact assessment
independent information security assessments
ICT penetration tests

Accreditation and standards for services

Strong governance

The Australian Government Digital Identity System is currently governed by an interim Oversight Authority responsible for safety, reliability and the efficient operation of the system.

The Oversight Authority manages:

accreditation, approval, suspensions and termination of organisations in the system
monitoring and compliance of these organisations against the standards
inquiries and investigations of the system including (but not limited to) system incidents, fraud and security
complaints and issues handling for organisations participating in the system.

Privacy Act

The use of a digital identity involves the exchange of sensitive and personal information when a person is seeking to verify their identity online.

The Privacy Act  promotes and protects the privacy of individuals and covers many Digital Identity transactions. This Act includes a range of enforcement and regulatory powers.

The Trusted Digital Identity Framework builds on the requirements in the Privacy Act, ensuring that providers in the Australian Government Digital Identity System meet high standards for privacy and security.

Privacy Impact Assessments

There have been four independent Privacy Impact Assessments conducted on the Australian Government Digital Identity System and associated policy which are available to download (last updated 22 July 2022):

Privacy Impact Assessment Report for the draft TDI Legislation, February 2022, HWL Ebsworth
3rd Independent Privacy Impact Assessment (PIA) on the TDIF and related Digital Identity Eco-system, March 2021, Galexia
Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF), September 2018, Galexia
Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha, December 2016, Galexia

Privacy and security

Private and protected

What information is shared?

Protecting your biometric information

A secure Digital Identity system

Related topics

Trusted Digital Identity Framework (TDIF)