Identity security
Overview
The Attorney-General's Department is the lead Commonwealth agency on identity policy. We are responsible for a range of initiatives and services that improve identity security and resilience. We coordinate a national approach to identity by working closely with Commonwealth, state and territory stakeholders. Our strategic goals are to:
- prevent identity crime and help reduce the impact of large data breaches
- protect personal information and maintain the privacy of individuals
- support victims of identity compromise
- enable trusted and convenient business transactions.
Strong identity security supports the government’s broader efforts in strengthening cyber security, combatting scams and enabling safe participation in an increasing digitalised economy.
National Strategy for Identity Resilience
On 23 June 2023, the Data and Digital Ministers Meeting (DDMM) announced the release of the National Strategy for Identity Resilience (the Strategy). We developed the strategy in close collaboration with Commonwealth, state and territory agencies. It demonstrates the commitment of all Australian governments to strengthen identity infrastructure and build resilient identities that are hard to steal. If they are stolen, they are easy to restore.
The strategy consists of 10 principles to guide identity resilience. It includes immediate, medium, and long term initiatives that will strengthen identity security arrangements across jurisdictions.
Designed for government agencies, the strategy can also serve as a benchmark for private sector organisations, particularly those providing identity related services to, or in conjunction with, government agencies.
The strategy replaces the 2012 National Identity Security Strategy.
National Identity Proofing Guidelines
The National Identity Proofing Guidelines 2014 provide a more robust, yet flexible risk-based approach to identity proofing than the traditional '100 point check'. They align with international best-practice standards. The guidelines strengthen identity-proofing processes and increase trust through a standardised and transparent national approach. This ensures the level of proofing is appropriate for the risk environment.
This approach enables a greater range of identity verification processes to be conducted online, supporting systems such as the national Identity Matching Services. These systems increase the confidence that organisations have in the validity of an online identity document and reduces the need to keep copies of individual’s identity documents. This results in significant cost savings, promotes privacy, lessens the impact of data breaches and maintains strong controls against identity fraud.
For more information see the National Identity Proofing Guidelines 2014.
Recording of a name
The Recording of a name to establish identity—Better practice guidelines aim to improve consistency and accuracy in the use of a name, particularly as an identifier by Australian Government agencies. The document provides best practice guidance on establishing identity, including when changing a name and the use of a preferred name.
Guidelines balance the operational requirements of different agencies, and increase consistency and uniformity in name policy and procedures.
For more information see the Recording of a name to establish identity—Better practice guidelines.
Digital ID
Our increasing reliance on the digital economy and online transactions requires accessible and verifiable digital IDs. Digital IDs increase security and privacy. They tailor the amount of information needed to the type of transaction, limiting the amount of personal data collected. If compromised, digital IDs are easier to recover as victims can quickly regain control of the identity. This places less reliance on underlying credentials.
The Department of Finance (Finance) leads on digital ID for the Commonwealth. Finance is responsible for the Digital ID Act 2024. The legislation:
- strengthens a pre-existing voluntary Digital ID Accreditation Scheme
- provides legislative authority for the Australian Government Digital ID System (AGDIS) to expand
- enshrines privacy and consumer protections in law.
The Attorney-General's Department continues to work with Finance and relevant Commonwealth, state and territory agencies to develop the digital ID system. This ensures a security by design approach and customer experience focus.
Learn more about the Digital ID Act.
Governance framework
The Data and Digital Ministers Meeting
The National Strategy for Identity Resilience was developed and implemented under the leadership of the DDMM. The DDMM drives national cooperation on data and digital priorities, and smarter service delivery for all Australians. The DDMM’s work plan focuses on three strategic priorities:
- delivering a seamless digital identity experience for citizens
- reforming cross-jurisdictional data and digital platforms and services
- protocols transforming services around life events.
The DDMM is chaired by the Minister for Finance. It includes ministerial representation from the Commonwealth, states and territories, and New Zealand.
National Identity Resilience Policy Group
The National Identity Resilience Policy Group (the Group) provides guidance on the implementation of the National Strategy for Identity Resilience. The Group drives the strategic direction for identity security and resilience now, and in the future. The group’s members are comprised of senior executives from The Attorney-General's Department, the DTA and representatives from states and territories.