The federal government has ultimately unveiled exhibition legislation expanding its digital identity program to state governments and the private sector, with a flash consultation period starting before it is soon presented to parliament.
The legislation will introduce two voluntary programs to accredit businesses and governments as service providers or trusted partners in the digital identity program, as well as to enshrine additional privacy safeguards and establish authority in law. permanent monitoring for the program.
The Digital Identity System, a government-wide federal program to provide identity verification across a range of government services and private sector offerings, has been in the works for six years at a cost of over $ 450 million , but legislation is needed. to extend it to the private sector.
The Digital Transformation Agency has been working on the legislation for over a year, and an exposure draft has just been released.
“The bill… will build on strong safeguards already in place, providing the authority for a cohesive set of rules that will protect Australians and Australian businesses,” Employment Minister Stuart Robert said in a statement. .
“We have actively engaged all interested parties throughout the consultation process and this commitment to co-design and the ongoing conversation continues with the opportunity to comment on proposed legislation. “
The Trusted Digital Identity Bill is a set of several pieces of legislation that will constitute the “rulebook” of the government’s digital identity system, including the Trusted Digital Identity Framework, the Rules of accreditation, trusted digital identity rules and technical standards, which have yet to be released.
The government has chosen to split its digital identity program into two voluntary programs that will be enshrined in law through legislation.
These will be the existing Trusted Digital Identity Framework (TDIF) accreditation, for identity service providers to be accredited under government rules, and the new Trusted Digital Identity System, which will see companies accredited to actually participate. to the digital identity ecosystem.
“The two programs involve different benefits and levels of regulation that will affect an entity’s choice to participate in the trusted digital identity system, to be accredited, or neither,” the project says. of law.
Under TDIF, four types of accreditation will be offered: Identity Service Provider, Identity Exchange, Attribute Service Provider, and Identification Service Provider.
The DTA recently started to accredit a number of private operators through the TDIF before the legislation was passed. Eftpos was recently accredited as a digital exchange provider, while Sydney start-up OCR Labs became the first private company to receive accreditation in August. Mastercard also announced that it has applied for TDIF accreditation for its digital identity services.
The law will also introduce privacy protection measures beyond those of the Privacy Act. These include express consent requirements when a user’s data is sent to a relying party.
There are also a number of restrictions on biometric information under the program, including a ban on disclosing this information to law enforcement and the use of one-to-many matches.
While most biometric information should be deleted immediately after verification is complete, companies will be able to request to retain data for testing.
“The bill allows for the retention of biometric information under limited circumstances to allow for limited functional testing and fraud detection activities,” he said.
Program data may only be released to law enforcement if the agency has reasonable grounds to believe that a person has committed an offense and has taken legal action against that person.
Any business participating in the program will also become subject to the federal government’s data breach notification program.
Although not included in the legislation, the government provided an update on its work to develop a pricing framework for the scheme, with the intention of making the entire program self-sustaining in the future. .
“We are in the early stages of developing a pricing framework that will ensure continued, long-term financial sustainability for the trusted digital identity system, balancing the need for market maturity with the ability to meet the needs. changes in the community over time, and providing business opportunities for private sector participants, ”the government said.
“A fair and robust pricing framework will help ensure that the trusted digital identity system can support adoption across the economy, while meeting the stringent technical and security controls required. “
Users will not be billed under the program, but digital identity providers and state and territory governments may be.
Do you know more? Contact James Riley by email.