Having robust identity enrolment, amendment, retirement, verification and authentication processes
Robust and consistent identity management practices are the first line of defence against identity misuse and theft across all environments.
Consistent enrolment, verification and authentication processes are critical. It is also important to ensure key pieces of information, such as addresses, are accurate by requesting appropriate evidence.
This can minimise ‘gaps’ that provide opportunities for criminals to perform identity takeovers or identity creations. It can also make it simpler and easier to obtain identity documents.
Having a strong identity system across all sectors will give the public confidence to transact online. NSW identity management processes must also align with national standards.
Changing identity habits
The way identity is used doesn’t always support privacy and security. Digital identity management can provide opportunities for customers to choose how much information they share and to reduce how often their personal information is collected or copied (e.g. many businesses routinely take copies of driver licences).
Information should be provided to customers and businesses about the risks of identity theft, how to protect personal information better and alternatives to taking copies of identity information.
Customers should also be made aware of their right to know how their information is used by various government agencies.
This will support changing existing habits and the adoption of newer, safer identity products.
Privacy and security by design, not as optional extras
Clever design ensures identity products deliver a seamless, frictionless experience for customers while providing strong privacy and security protections.
Developing projects in line with privacy and security-by-design principles encourages consideration of these aspects at all stages of the project lifecycle.
Applying these principles to all projects and initiatives that impact on identity enables a proactive, preventative approach to minimise privacy and security risks.
Early consideration ensures enough resources are available to include these features as an essential part of the product or policy.
Embracing technology to better secure identity, more quickly
Digital technology provides new opportunities for faster, simpler service delivery while improving the security of identity information.
The NSW Government is committed to exploring the ethical use of new technologies that can help confirm a person’s identity more quickly and safely to provide a more efficient service.
For example, biometric anchoring – connecting your identity to your unique physical characteristics – speeds up identity verification and secures identity against theft.
Using appropriately regulated facial recognition services can increase privacy as people need to provide fewer documents to frontline service staff to prove who they are. It also makes it harder for criminals to steal an identity.
Robust data safeguards to support online identification and service delivery
It is critical that digital infrastructure that interacts with, stores or transmits identity information meets the standards of the NSW Government Cyber Security Strategy, Australia’s Cyber Security Strategy 2020 and the NSW Cyber Security Policy.
Design of new systems and upgrades of legacy systems must embed security principles to ensure the protection of personal information.
The Digital Restart Fund provides funding support for projects that involve digital innovation, modernise digital systems and improve cyber security coordination.
Identity-related systems must be proactively maintained to defend against changing cyber security risks and threats.
The strategy outlines existing initiatives underway across government, at both the state and Commonwealth level.
The strategy also provides Focus Initiatives that demonstrate key areas that will be explored to ensure the NSW Government continues to deliver a protected, safe and easy ‘you’.
As the NSW Identity Strategy relates to identity as a whole, it provides a policy framework upon which digital identity products and services can be built.