Digital iD™ Privacy Impact Assessment

Australia Post takes its commitment to customer privacy and data security very seriously. Part of this commitment involves demonstrating our firm belief in the importance of transparency when it comes to how we handle personal information.

As an organisation providing identity services under the Trusted Digital Identity Framework, Australia Post arranged for a third party privacy and cyber security consultancy to undertake a Privacy Impact Assessment of Digital iD™ in September 2018.

Recommendations and response

  1. Consider simplifying the Digital iD™ Privacy Notice and Terms of Use to reduce their effective reading age. Alternatively, adopt a simplified “tiered” privacy notice which summarises and links to key points in the standard privacy notice.

    Agreed. We will review and, where possible, simplify the Privacy Notice and Terms of Use to improve readability.

  2. Consider adopting a “soft” age limit, below which users will be encouraged to seek help from a legally responsible adult (13 is a common minimum age limit for many online services and may serve as a suitable soft age limit). This would involve altering the profile creation flow to encourage users under 18 to seek help from their parent or guardian during setup.

    Agreed in principle. We will revise the Terms of Use to identify a “soft” age limit and encourage users below that age limit to seek help from a parent or guardian.

  3. Ensure that Australia Post’s complaints handling staff (or a subset) are trained to deal with complaints related to Digital iD™ and are familiar with the APPs and the Trusted Digital Identity Framework.

    Agreed. We have a decided team of complaints handling staff who are specially trained to deal with complaints relating to the product and who are familiar with the APPs and the TDIF. Other complaints handling staff who receive complaints relating to the product are trained to transfer the complaint to the dedicated team.

  4. Work with the accreditation authority and other complaint handling bodies to reach agreement on an integrated complaint handling model, including a threshold for determining the adequacy of deidentification processes.

    Agreed. We look forward to working with the Trust Framework Accreditation Authority and other complaint handling bodies to reach agreement on an integrated complaint handling model.

  5. Confirm with the accreditation authority whether Identity Service Providers are expected to inform users of alternative channels for verifying their identity.

    Agreed. We have confirmed with the Trust Framework Accreditation Authority that Identity Service Providers are not expected to inform users of this information.

  6. Subject to clarification and approval, consider adding information within the Digital iD™ Terms of Use to notify readers that Australia Post is an Identity Service Provider under the Trusted Digital Identity Framework, and that there are other providers operating within the framework.

    Not applicable. The Trust Framework Accreditation Authority has confirmed that Identity Service Providers are not expected to inform users of this information.

  7. Enhance the transaction confirmation screen with additional privacy information.

    Agreed in principle. We will identify a way to inform users that transaction information is recorded in audit logs that promotes openness and transparency whilst ensuring an optimal user experience.

  8. At a minimum, include a note indicating that the transaction will be recorded by Australia Post and displayed in the record of the user’s past activity, with a link to the Privacy Notice. For example, the “Allow” button in Figure 1, a note could be amended to state: “Allow and save in activity feed”, with a link to the Privacy Notice displayed elsewhere on the screen.

    Agreed in principle. We will determine a way to address this recommendation that promotes openness and transparency whilst ensuring an optimal user experience.

  9. Consider also allowing counterparties to embed a link to their privacy collection statement in this screen.

    Agreed in principle. We will determine a way to address this recommendation that promotes openness and transparency whilst ensuring an optimal user experience.

  10. Before deploying a self-service onboarding process for counterparties, establish a framework for managing counterparty risk which identifies categories of appropriate and inappropriate uses of identity information.

    Agreed. We will take this step before deploying a self-service onboarding process for counterparties.

  11. Consider allowing users to upload new identify verification at any time, even if they have already provided the same type of information. For instance, a user who has replaced a lost passport may wish to update their information to include the details of the new document without having to delete the app and re-register. This would not require Australia Post to display the previously provided information, nor to proactively check for its currency.

    Agreed in principle. The product has been developed with privacy and data security as its fundamental priorities. We will consider options for updating identity document information in the manner recommended without compromising those priorities.

  12. Update Australia Post’s Data Breach Response Plan to incorporate a test to determine whether a breach involves personal information handled as part of Digital iD™, and instructions for notifying the TFAA.

    Agreed in principle. Our Privacy Compliance Incident Management Procedure has been updated to incorporate the Trust Framework Accreditation Authority as a party to notify in the event of a data breach relating to the product.

  13. Prepare and publish a summary of this PIA after it has been finalised and resulting actions have been closed.

    Agreed in principle. We have published a summary of the Privacy Impact Assessment as soon as practicable, in the interests of transparency. In some cases, this is before all resulting actions have been closed.

  14. When establishing the standard terms for counterparties outside of Australia:
  • ensure that counterparties are contractually required to adopt privacy practices at least substantially similar to those under APPs;
  • ensure that counterparties may only use personal information collected through Digital iD™ for identity verification purposes; and
  • ensure that the agreement with the counterparty specifies:
    • why the counterparty may handle the personal information;
    • the minimum technical and organisation protections applying to the information;
    • that Australia Post can require the counterparty to destroy the information; and
    • mechanisms for monitoring compliance with the contract,

among any other requirements imposed under the core Privacy Requirements of the Trusted Digital Identity Framework.

Agreed. We will take these step before determining standard terms for counterparties outside of Australia.