DTA considering TDIF privacy legislation


By Dylan Bushell-Embling
Wednesday, 14 November, 2018
DTA considering TDIF privacy legislation

The Digital Transformation Agency is “reviewing the benefits” of legislation that would enshrine the privacy protection requirements of the new Trusted Digital Identity Framework (TDIF).

The DTA revealed it is exploring ways to enshrine the privacy requirements of the new framework, either through legislation or binding contractual obligations, the agency revealed in its response to the second Privacy Impact Assessment of the TDIF project.

The agency agreed with all the recommendations of the independent assessment apart from one — a recommendation that the identity exchange should only retain transaction-related metadata for a short period — which the agency said needs to be explored further.

As part of its evaluation of legislative protections, the DTA is also looking into introducing legal restrictions on the use of biometric information supplied for the purpose of identification.

While the DTA said it agrees in principle with the need to set a maximum period for retention of this data, this information may need to be accessed by the Oversight Authority for evidence, so current use cases suggest that the data would need to be retained for longer than 18 months. Some data will also need to be retained indefinitely for individuals to use the system.

Among the review’s other recommendations are introducing a requirement for a mandatory review of the TDIF after three years, a requirement for the Identity Exchange and accredited identity providers to develop standalone privacy policies, and establishing a time period for the validity and renewal of identity credentials.

In a statement, the DTA said protection of privacy has been a key consideration at all points during the development of the program.

The framework has privacy and security requirements that are at least as strong as federally mandated standards such as the Australian Privacy Principles and Privacy Code, and the Australian Signals Directorate’s Essential Eight cybersecurity mitigation strategies.

Participants in the program are also required to undertake their own independent security testing and assessments.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Macquarie Government selected for Australian Defence procurement panel

Macquarie was added to the ICTPA panel following a long history of supporting Australian...

Cobalt Iron nabs EU patents for security techniques

Cobalt Iron has secured patents from the European Patent Office for new cyber event...

Content from other channels on our network

Australia is getting good value for health dollar: report

Medical drone project to service rural, remote Australia

Specialised LGBTQ+ health service to open in NSW

Hospital teams with intersecting roles more effective: study

Decarbonising health care: Australia joins US, UK statement

Cognizant and Microsoft forge AI partnership

Queensland's Something Digital festival to return in August

How to prepare for the AI future (that isn't here yet)

Commvault arranges to buy Appranix

GenAI market research: 80% of leaders concerned about data privacy and security

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd