About Us - Galexia News

Two-stage independent PIA for myGovID finalised - September 2018

Related Galexia services and solutions

  • Strategic Privacy Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Related Galexia news about PIAs

In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.

The 2 stages included:

  • The replacement of the AusKey credential with myGovID and then
  • Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).

The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.

TDIF Accreditation

One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <>. 


enables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.

In August 2018, ATO accepted all of Galexia’s recommendations.

The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.

Read more about Galexia’s work with ATO »

[ Galexia Dots ]