Galexia has completed this initial Privacy Impact Assessment (PIA) for the Digital Transformation Agency (DTA) on the proposal to establish a Trusted Digital Identity Framework (TDIF). This initial PIA is the first step in a multi-phase and independent PIA process commissioned by the Digital Transformation Agency, incorporating:

1. An initial PIA on the overall concept and design of the Trusted Digital Identity Framework (TDIF) and some of its key components (November 2016);
2. A full PIA on the planned implementation of the Trusted Digital Identity Framework (TDIF) and some of its key components (estimated March 2017); and
3. Individual PIAs for each Identity Provider (IdP) that applies to be accredited under the Trusted Digital Identity Framework (TDIF) (as required); and
4. Individual PIAs for other accredited TDIF Participants (such as the Identity Exchange, Attribute Providers and Credential Providers) (as required).

This initial PIA has been conducted in accordance with PIA Guidelines issued by the Office of the Australian Information Commissioner.

The purpose of this PIA is to assist in identifying and managing privacy issues that are raised by the broad concept and design of the overall Trusted Digital Identity Framework (TDIF) and some of its components. The key components are:

1. The proposed development of mandatory standards, policies and agreements for all TDIF participants;
2. The proposed development of an Identity Exchange; and
3. The proposed development of a Commonwealth Identity Provider (IdP).

Each of the components raises different privacy issues.

This PIA considers compliance with privacy legislation, user acceptance and public perception issues. As it is an initial PIA on the high level concept and design, the PIA makes a broad range of recommendations for mediating privacy risks, including changes to the design, practical privacy compliance steps, further research and privacy governance arrangements.

*Please note: the second PIA, released in November 2018, can be access here