DTA baking privacy into design of Govpass
The Digital Transformation Agency adopted privacy by design principles for the Govpass unified identity verification system, considering privacy from the inception of development, according to the agency's privacy advisor Jacob Suidgeest.
As part of the agency's involvement in Privacy Awareness Week, Suidgeest has penned a blog post detailing the steps the agency is taking to ensure the privacy of Govpass users is maintained.
These include using a double-blind architecture for the identification process itself, which handles the process through an exchange process, he said.
A service seeking to verify a user will not have access to the user's identity documents, while identity providers will not be aware of which service is requesting the verification.
The data collection process itself has been designed based on privacy principles focusing on limiting the collection, use, disclosure and retention of personal information, as well as giving users both a choice of how to verify their identity and control over how their data is shared.
Govpass will likewise be provided on an opt-in rather than opt-out basis, and users will be able to revoke their account at any time. It will also provide users clear information on how their personal data will be used prior to gaining consent from a user.
The project will also be subject to a series of independent privacy impact assessments aimed at identifying and mitigating privacy risks.
Government data breaches have increased this year: OAIC
New statistics show the number of notified data breaches in Australia in the first half of 2024...
Chinese state-sponsored cyber espionage ring expands activity: report
Operation Crimson Palace, a Chinese state-sponsored espionage ring, has expanded in Southeast...
Jamie Norton appointed to ISACA Board of Directors
ISACA has appointed the former CISO at the Australian Taxation Office, Jamie Norton, to its Board...