About Us - Galexia News
Two-stage independent PIA for myGovID finalised - September 2018
In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.
The 2 stages included:
- The replacement of the AusKey credential with myGovID and then
- Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).
The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.
One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework>.
The TDIFenables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.
In August 2018, ATO accepted all of Galexia’s recommendations.
The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.