24/05/2024
The Digital ID Bill passed Federal Parliament in May and will come into force in November 2024.
Overall, the legislation aims to give Australians secure and effective ways in which to verify their identify for use in online transactions with government and business.
The Government hopes the new laws will address some of the gaps exposed by the recent Optus and Medibank data breaches in that it will, among other things, make available to the private sector the Commonwealth government’s current ID authentication process.
Some notable features of the new laws include that it:
- strengthens a voluntary accreditation scheme for digital ID service providers;
- enables expansion of the Commonwealth’s existing digital ID verification system for use by state and territory governments and private sector organisations;
- embeds strong privacy and consumer safeguards, in addition to the Privacy Act;
- establishes the Australian Competition and Consumer Commission as the Digital ID Regulator; and
- expands the role of the Australian Information Commissioner to regulate privacy protections for digital IDs.
The expansion into private sector organisations is set to take place within a timeframe of no more than two years following commencement of the legislation – so by November 2026. Under these provisions, accredited private enterprises will have the opportunity to apply for inclusion in the Australian Government Digital ID System.
These reforms form part of the Government’s larger National Strategy for Identity Resilience, which was released in June 2023. Under this strategy, the federal, state and territory governments will work together to protect Australians from identity crime and support any necessary recovery from a data breach. These reforms will also be complemented by the measures included in the recently-released 2023-2030 Australian Cyber Security Strategy.