Identity security

Overview

The Attorney-General's Department is the lead Commonwealth agency on identity policy. We are responsible for a range of initiatives and services that improve identity security and resilience. We coordinate a national approach to identity by working closely with Commonwealth, state and territory stakeholders. Our strategic goals are to:

  • prevent identity crime and help reduce the impact of large data breaches
  • protect personal information and maintain the privacy of individuals
  • support victims of identity compromise
  • enable trusted and convenient business transactions.

Strong identity security supports the Government’s broader efforts in strengthening cyber security, combatting scams and enabling safe participation in an increasing digitalised economy.

National Strategy for Identity Resilience

On 23 June 2023, the Data and Digital Ministers Meeting (DDMM) announced the release of the National Strategy for Identity Resilience (the Strategy). We developed the Strategy in close collaboration with Commonwealth, state and territory agencies. It demonstrates the commitment of all Australian governments to strengthen identity infrastructure and build resilient identities that are hard to steal. If they are stolen, they are easy to restore.

The Strategy consists of ten principles to guide identity resilience. It includes immediate, medium, and long term initiatives that will strengthen identity security arrangements across jurisdictions.

Designed for government agencies, the Strategy can also serve as a benchmark for private sector organisations, particularly those providing identity related services to, or in conjunction with, government agencies.

The Strategy replaces the 2012 National Identity Security Strategy.

National Identity Proofing Guidelines

The National Identity Proofing Guidelines 2014 (the Guidelines) provide a more robust, yet flexible risk-based approach to identity proofing than the traditional '100 point check'. They align with international best-practice standards. The Guidelines strengthen identity-proofing processes and increase trust through a standardised and transparent national approach. This ensures the level of proofing is appropriate for the risk environment.

This approach enables a greater range of identity verification processes to be conducted online, supporting systems such as the national Identity Matching Services. These systems increase the confidence that organisations have in the validity of an online identity document and reduces the need to keep copies of individual’s identity documents. This results in significant cost savings, promotes privacy, lessens the impact of data breaches and maintains strong controls against identity fraud.

For more information see the National Identity Proofing Guidelines 2014.

Recording of a name

The Recording of a name to establish identity—Better practice guidelines aim to improve consistency and accuracy in the use of a name, particularly as an identifier by Australian Government agencies. The document provides best practice guidance on establishing identity, including when changing a name and the use of a preferred name.

Guidelines balance operational requirements of different agencies, and increase consistency and uniformity in name policy and procedures.

For more information see the Recording of a name to establish identity—Better practice guidelines.

Digital ID

Our increasing reliance on the digital economy and online transactions requires accessible and verifiable digital IDs. Digital IDs increase security and privacy. They tailor the amount of information needed to the type of transaction, limiting the amount of personal data collected. If compromised, digital IDs are easier to recover as victims can quickly regain control of the identity. This places less reliance on underlying credentials. 

The Digital Transformation Agency (DTA) leads on digital ID for the Commonwealth. The DTA is responsible for the Trusted Digital Identity Framework. This is an accreditation framework ensuring all identity providers meet strict rules and standards for:

  • usability
  • accessibility
  • privacy protection
  • security
  • risk management
  • fraud control.

This is not an exhaustive list, for more information refer to the Trusted Digital Identity Framework.

The Attorney-General's Department continues to work with the DTA and relevant Commonwealth, state and territory agencies on the development of the digital ID system. This ensures a security by design approach and customer experience focus.

Learn more about the Digital Transformation Agency.

Governance framework

The Data and Digital Ministers Meeting

The National Strategy for Identity Resilience was developed and implemented under the leadership of the DDMM. The DDMM drives national cooperation on data and digital priorities, and smarter service delivery for all Australians. The DDMM’s work plan focuses on three strategic priorities:

  • delivering a seamless digital identity experience for citizens
  • reforming cross-jurisdictional data and digital platforms and services
  • protocols transforming services around life events.

The DDMM is chaired by the Minister for Finance. It includes ministerial representation from the Commonwealth, states and territories, and New Zealand.

National Identity Resilience Policy Group

The National Identity Resilience Policy Group (the Group) provides guidance on the implementation of the National Strategy for Identity Resilience. The Group drives the strategic direction for identity security and resilience now, and in the future. The group’s members are comprised of senior executives from The Attorney-General's Department, the DTA and representatives from states and territories.

Related websites

ID Match