Privacy FAQs
What is the Office of the Privacy Commissioner’s role in the
authentication initiative?
Since the commencement of early policy work in 2002, the Government has recognised that privacy is an important consideration when making decisions about online authentication. The Office of the Privacy Commissioner has continually provided comment and advice as the initiative has developed. Now that the phased implementation of all-of-government authentication is about to commence, the Government has decided as part of its approval that resources will be made available to the Office so that there can be an ongoing, detailed review as implementation proceeds.
What is happening in response to the recommendations in the Privacy Impact Assessment (PIA) reports?
The EGU has been working closely with the Office of the Privacy Commissioner and other stakeholders to determine the most appropriate action to take in relation to each of the recommendations in the PIA.
The review of the recommendations was undertaken bearing in mind the general stage of the project’s development and that in their report the Assessor has ‘anticipated [a] worst case’ scenario. A number of the report’s recommendations are being ‘taken up’ in continuing design development. A further 20 of the total of 39 recommendations have been identified as only requiring further action if a decision is made in the future to proceed further with a full implementation of all-of-government authentication.
Will be there be any further PIA reports?
The phased implementation of all-of-government authentication specifically allows for the continuous review of privacy issues and for decisions to be taken regarding the privacy implications of subsequent implementation phases. As technical design and initial implementation is completed over the next 18-24 months, further PIA reports will be produced and reviewed by the Office of the Privacy Commissioner.
Why are biometrics being talked about in the PIA report?
The biometric referred to in the PIA report is the use of photographs. The report notes that the EGU has explored whether using photographs would be the best means of providing a safeguard from fraudsters using people’s identity data to set themselves up with fraudulent online identities. The use of photographs was also explored as a means of differentiating between individuals that do genuinely have identical identity data (e.g. same name and/or date of birth). The December 2004 PIA report recommended further consideration before a final commitment is made to adopt these solutions. This will take place as part of the work that will commence shortly.
If I register for online authentication then will all government agencies know all of my personal information?
No. The authentication model does not allow all government agencies or any one agency to know all of your personal information. In order to register for an online credential, you will only have to provide enough information to the authentication agency so that you can be uniquely identified, such as name, date and place of birth. The detail on the identity information required for registration will be determined in the design phase.
For additional information respondents may contact: