NSW swings for digital ID
The NSW Government has announced a number of tech reforms, including plans for a digital ID system and new personal data breach laws.
NSW is set to pilot photo verification technology that it says will enable secure proof-of-identity transactions.
Minister for Customer Service and Digital Government Victor Dominello said the technology will always be opt-in and will put customers in charge of their personal information.
“Customers will be able to store their encrypted personal information securely on their own device meaning it will not be held centrally by Government or a private entity,” he said.
“And customers can be confident that no biometric or photo data will be stored once successfully verified.
“This will give customers more control over their personal information and reduce the oversharing of physical identity documents and credentials.
“NSW customers have already embraced the Digital Drivers Licence with over 75 per cent of licence holders opting in to access their licence via the Service NSW app.
“The NSW Digital Identity will take things to the next level, increasing convenience and customer control over what personal information and credentials are shared with whom.”
The pilots commencing in November will enable customers to renew their Working with Children Check remotely via the Service NSW and conduct proof of age checks for online alcohol purchases via the Service NSW app.
The government says its ongoing tests will be covered by Privacy Impact Assessments, regular consultation with the Information and Privacy Commissioner, Fraud Risk Assessments, Security Risk Assessments, compliance with the NSW AI Assurance Framework and other safeguards, to ensure the privacy and security of customers.
NSW is also set to be the first Australian state or territory to introduce a mandatory scheme for government agencies to respond to data breaches.
New laws - the Privacy and Personal Information Protection Amendment Bill 2022 - have passed in State Parliament.
“The new law establishes a mandatory data scheme which will require public sector agencies to notify the Privacy Commissioner if there is suspected data breach involving personal information which is likely to result in serious harm,” says Attorney General Mark Speakman.
“Under the scheme, agencies will have to satisfy a number of data management requirements, including maintaining an internal data breach incident register, and having a publicly accessible data breach policy.
“This scheme establishes new standards of accountability and transparency around the protection of citizens’ personal information. It will create greater openness while also enhancing consistency across all public sector agencies.”