DTA considering TDIF privacy legislation


By Dylan Bushell-Embling
Wednesday, 14 November, 2018
DTA considering TDIF privacy legislation

The Digital Transformation Agency is “reviewing the benefits” of legislation that would enshrine the privacy protection requirements of the new Trusted Digital Identity Framework (TDIF).

The DTA revealed it is exploring ways to enshrine the privacy requirements of the new framework, either through legislation or binding contractual obligations, the agency revealed in its response to the second Privacy Impact Assessment of the TDIF project.

The agency agreed with all the recommendations of the independent assessment apart from one — a recommendation that the identity exchange should only retain transaction-related metadata for a short period — which the agency said needs to be explored further.

As part of its evaluation of legislative protections, the DTA is also looking into introducing legal restrictions on the use of biometric information supplied for the purpose of identification.

While the DTA said it agrees in principle with the need to set a maximum period for retention of this data, this information may need to be accessed by the Oversight Authority for evidence, so current use cases suggest that the data would need to be retained for longer than 18 months. Some data will also need to be retained indefinitely for individuals to use the system.

Among the review’s other recommendations are introducing a requirement for a mandatory review of the TDIF after three years, a requirement for the Identity Exchange and accredited identity providers to develop standalone privacy policies, and establishing a time period for the validity and renewal of identity credentials.

In a statement, the DTA said protection of privacy has been a key consideration at all points during the development of the program.

The framework has privacy and security requirements that are at least as strong as federally mandated standards such as the Australian Privacy Principles and Privacy Code, and the Australian Signals Directorate’s Essential Eight cybersecurity mitigation strategies.

Participants in the program are also required to undertake their own independent security testing and assessments.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

F5 reaches Australian public sector milestone

Application security expert F5 has announced it now has over 20 federal and 50 state government...

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Cobalt Iron says its patent introduces approaches that provide more dynamic control of...

Macquarie Government selected for Australian Defence procurement panel

Macquarie was added to the ICTPA panel following a long history of supporting Australian...

Content from other channels on our network

Riverbed launches AI observability platform

Logicalis forms new APAC division

ISACA identifies gaps in AI knowledge, training and policies

Emergency onboarding: what to do before and after a data breach

VNC accounts for nearly all remote desktop attacks

New guidelines to cut bloodstream infections from catheter use

Midwifery Group Practice model highly valued in rural areas: report

Better use of data could save $5.4bn in hospital costs: PC

Immersive reality for improved healthcare delivery

Call to improve prevention and management of chronic conditions

Retailers caught selling unapproved electrical appliances

Ampcontrol and Siemens partner on renewable energy solutions

SA announces smart residential energy trial

Western Power welcomes new apprentices

Avoiding another Black Summer

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd