15 February 2012

The Electronic Identity Verification Bill is part of a wider project of enabling people to securely access government services online.

Any process where identity information is exchanged or shared raises inherent questions about privacy and security of personal information. When that process includes multiple government agencies, the stakes are high. It has been, and continues to be, important to get the fundamentals of this project right.

This Office has been involved at a highly detailed level throughout the development of the proposed system, and the Office was asked to provide independent critique and review.

Throughout the development process, a number of privacy impact assessments were carried out by other independent parties.

I am confident that genuine efforts have been made to identify the privacy risks from the identity verification process and to address them. What has eventuated is more a case of 'little sister' than 'big brother'.

The proposed system is designed around a process of 'federated identity management' that means it operates in a way that will not breach principle 12 of the Privacy Act (that restricts the use of unique identifiers). The system does not assign a single unique identifier to each person that is then used by other government departments.'

ENDS