ATO - Australian Taxation Office
- ATO - Overview
- ATO - 2-stage PIA for myGovID (2018)
- ATO - Assistance with Identity Management Platform Upgrade (2008)
ATO - Overview
ATO - 2-stage PIA for myGovID (2018)
In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.
The 2 stages included:
- The replacement of the AusKey credential with myGovID and then
- Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).
The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.
One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework>.
The TDIFenables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.
In August 2018, ATO accepted all of Galexia’s recommendations.
The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.
ATO - Assistance with Identity Management Platform Upgrade (2008)
Galexia provided identity management consulting services to assist the ATO consolidate their existing identity management investment and migrate to a major new release of their platform. Galexia's advice included:
- Identification of critical problems within their existing platform;
- Planning, execution and communication of a response to alleviate problems;
- Expert advice, technical recommendations and technical fixes to ensure that the migration proceeded smoothly;
- Identifying the responsibilities and directing the activities of multiple vendors, including Sun Microsystems and Oracle, in order to remedy known product defects;
- On-site assistance during migration; and
- Follow-up to ensure successful completion of work.