The new law protects Australians from identity fraud and theft
Parliament has recently passed legislation aimed at fortifying identity verification services, ensuring their security and safeguarding the privacy of Australians, Attorney General Mark Dreyfus announced.
The Identity Verification Services Bill 2023 and Identity Verification Services (Consequential Amendments) are expected to boost the nation's digital infrastructure. Identity verification services are integral to daily life, including government operations, tax-related activities, and financial transactions. It is also critical to the operation of government and industry, with MyGovID, the ATO, Centrelink, banks and telecommunications providers all using identity verification services to authenticate identity documents.
Identity verification services enable Australians to engage with the digital economy conveniently and securely without exposing them to identity fraud and theft. The new legislation enhances transparency, oversight, and privacy protection.
Key provisions of the bill include the requirement for express consent when verifying an individual's identity, consultation on proposed rules, annual reporting, and the publication of participation agreements to ensure transparency. The legislation also safeguards personal information by prohibiting the Attorney-General's Department from dealing with protected information for any purpose other than outlined in the bill and mandates the destruction of facial images by entities using the Face Verification Service when they are no longer needed.
The legislation mandates entities to adhere to privacy obligations to ensure ongoing compliance with privacy laws and standards. The bill outlines stringent penalties for non-compliance, including the potential suspension or termination of access to services and by invoking civil penalty provisions in the Privacy Act 1988 (Cth) and the Information Commissioner's regulatory function.
The legislation further emphasises the importance of securing systems and databases to provide certainty that personal information will be protected, including through encryption and the requirement to report security breaches. The legislation's robust oversight mechanisms include an annual assessment by the Information Commissioner, two statutory reviews, data breach reporting, and authorised disclosures to Commonwealth integrity agencies.
The Attorney General underscored that the passage of these bills ensures Australians can continue to benefit from the operation of identity verification services while maintaining strong standards of privacy and security.