Data minimisation
Digital ID, specifically the Digital ID Act 2024, commenced on December 1, 2024. However, digital identity initiatives and related technologies have been in use in Australia for longer. For example, the Document Verification Service was introduced as early as 2009. The Digital ID Act 2024 aims to provide a more formal, regulated, and expansive system for digital identity across both the public and private sectors. Similarly, earlier this year, the OAIC (Office of the Australian Information Commissioner) introduced a Digital ID Regulatory Strategy.
The strategy lays out a roadmap for educating consumers and businesses about Digital ID, monitoring compliance, and enforcing regulations through investigation and legislation.
What is Digital ID?
Digital ID is a form of identification that can be used to interact with government entities and other organisations online. To get a digital ID, people share an existing ID – such as a passport or birth certificate – which together with biometric information – is verified against official government records. This creates a digital ID that can be used to access certain online services.
Ultimately the framework is designed to minimise data storage and data sharing between organisations, essentially enacting a ‘reliance’ model.
Understanding the Digital ID strategy
The OAIC is responsible for protecting private information and ensuring access to government records. It has a vested interest in the success of the Digital ID system – which is why it has created a refreshed regulatory strategy.
The key goals of the strategy are to:
- Educate Australian consumers and businesses about the benefits of secure ID verification.
- Monitor the Digital ID system for potential data breaches and misuse.
- Enforce regulations by investigating potential breaches and moving to legislation if needed.
- Deter fraud by making enforcement activities visible and communicating with stakeholders.
It seems that the Digital ID Act and Regulatory Strategy are essentially about improving the robustness of the Digital ID service from an information security perspective to increase confidence amongst the private sector and therefore increase adoption.
Interaction with current practises
The OAIC’s vision is to encourage organisations to minimise unnecessary data retention and partner with accredited Digital ID providers, where relevant.
LAB believes the question is whether private organisations are willing and ready to have full reliance on the government to satisfy AML/CTF obligations. There needs to be alignment between what the government can offer from a technology perspective and what is written into AML/CTF and similar regulations.
With Tranche 2 Rules finalisation on the horizon, and biometrics likely to play a larger role in KYC as a result, LAB is well positioned to continue to be agile and flexible offering customers a breadth of options to satisfy regulations whether that’s existing options (eIDV), new options (e.g., biometrics) and solutions that might emerge as the Digital ID strategy takes shape.
With an already built-in capability that gives clients opening accounts an equivalent biometric check to what is done when enrolling for Digital ID, and established integrations with accredited Digital ID providers, LAB is ready for whatever comes next in this space – book a demonstration.
