Delivering strong safeguards for identity verification services
Parliament has today passed legislation to ensure identity verification services are secure and protect the privacy of Australians.
Identity verification enables Australians to conveniently and securely engage with the digital economy without exposing them to identity fraud and theft.
They are critical to the daily operation of government and industry, with MyGovID, the Australian Tax Office, Centrelink, banks and telecommunications providers all using identity verification services to authenticate identity documents.
The Identity Verification Services Bill 2023 and Identity Verification Services (Consequential Amendments) establish important safeguards, oversight and transparency arrangements including:
- Providing transparency by requiring express consent when verifying an individual’s identity, consultation on proposed rules, annual reporting and publishing participation agreements.
- Safeguard personal information by prohibiting the Attorney-General’s Department from dealing with protected information for any purpose other than that provided for in the Bill, and requiring entities that use the Face Verification Service to destroy facial images that are no longer required.
- Requiring compliance with privacy laws and obligations to ensure personal information continues to be protected in accordance with applicable privacy standards.
- Strong penalties for non-compliance, including the ability to suspend or terminate access to the services, and by enlivening civil penalty provisions in the Privacy Act 1988 (Cth) and the Information Commissioner’s regulatory function.
- Securing systems and databases to provide certainty that personal information will be protected, including through the use of encryption and the requirement to report security breaches.
- Supporting robust oversight over the operation of the services and the legislation, including through an annual assessment by the Information Commissioner, two statutory reviews, the reporting of data breaches, and authorised disclosures to Commonwealth integrity agencies.
The passage of these Bills ensures Australians can continue to benefit from the operation of the identity verification services while maintaining strong standards of privacy and security.