Australia’s New Digital Identity Legislation Passed: Is That a Good Thing?

Australia’s Digital ID Bill passed on Mar 28, 2024. Our new ID system is designed to allow individuals to verify their identity through the myGov ID system, instead of providing ID documents directly to providers. In an ideal world, this would reduce the risk of identity theft and related fraud to the individual. It would also ideally reduce the risk to Australian organisations, since you would not need to collect so much personal information. But will it work in practice? 

Overcoming Overcollection With A National ID System

Current identity verification systems come with a very real risk of overcollection. Businesses that need to verify that customers are over 18 don’t just ‘collect’ the person’s age when they scan their ID. They may also collect and store their precise date of birth, full name, address, and organ donor status. That’s a lot of information, when all they really need to know is whether the individual is older than 18. 

This is the same problem many businesses face. You need certain information, but it’s only available by collecting documents that contain significantly more information. Landlords collect precise financial information when all they really need to verify is a range of income. And so on. 

The Rationale Behind Australia’s Digital ID System

Australia’s National Digital ID scheme is designed to overcome some of the flaws inherent in the current system, including: 

• Human error in accurately verifying ID details.
• The risk of identity theft and/or other fraud in the event of a breach of stored data. 
• Digital ID verification could reduce the likelihood of individuals falling for scams or divulging their personal information to criminals. 
• Greater individual control over personal information sharing. 
• Increased speed within transactions. 
• Cost savings for individuals, businesses and organisations. 

There are benefits to Australian businesses and organisations too, namely: 

• Data minimisation without increased risk of fraud. 
• Streamlined (and more accurate) customer verification. 
• Compliance efficiency. 
• Reduced data breach risk and attack surface. 
• Increased customer trust and empowerment. 

What Can Australian Organisations Do To Prepare?

For now, most Australian organisations will just need to hang tight. It looks as though a limited few companies will get early access to the technology as part of a trial, potentially including NAB and Australia Post. 

However, if you’re keen to get started, you can take these early steps: 

• Run a cost-benefit analysis and other early strategy sessions. Consider the potential costs of implementing the system against the benefits of efficiency and security. 
• Assess the potential impact on your business, including completing a privacy impact assessment. 
• Develop a high-level strategy for implementing the digital ID system, including whether you will continue to offer alternative verification methods and for how long, as well as whether you will need to introduce additional technology infrastructure.
• Develop communications to explain the new system and how it will impact your current and future client base. 
• Plan for customer service training. Your customer service team will need to explain the system to your potential customers, and they should be prepared. Consider what questions your customers may have, and pre-empt them to ensure your team has answers. Privacy and security concerns will be particularly relevant here.  

We may update this post in the future once the technology is being rolled out to businesses. If you’re interested in receiving privacy updates about this legislation and other trending privacy topics, subscribe to our newsletter.