New Technology System Enhancing Security by Limiting Data Shared with Businesses,

New Technology System Enhancing Security by Limiting Data Shared with Businesses,

New Technology System Enhancing Security by Limiting Data Shared with Businesses,

Home ยป News ยป New Technology System Enhancing Security by Limiting Data Shared with Businesses,
Table of Contents

Australiaโ€™s Trust Exchange system would allow Australians to prove their identity or share select details about themselves using information already stored by the government within their centralised MyGov account. MyGov is the central portal and data repository through which Australians access Government services, such as taxation, health, or social security.

SEE: What Australiaโ€™s Digital ID means for businesses and citizens

For individuals, the government is promising more control over personal data. For businesses, it is offering benefits such as the ability to streamline customer onboarding and minimise data risks. The Trust Exchange system is being developed as a distinct project alongside Australiaโ€™s existing Digital ID project, which will see the creation of a digital ID for Australians.

How will the TEx system work in practice?

Three transaction categories have so far been identified by the government for TEx:

  • Proving a personโ€™s identity without handing over information.
  • Sharing select pieces of personal information.
  • Sharing a verified credential.

TEx will verify information using a โ€˜digital thumbs upโ€™

In cases where TEx is only verifying information, such as a personโ€™s identity, the system would pass a digital token to businesses rather than sensitive private information, such as a driverโ€™s licence.

Using a โ€œtap-to-payโ€ style system with a QR code, the system would โ€œdigitally shake handsโ€ with a business or service provider. While it would not pass on actual information, the system would provide assurance that the details are correct without needing to view them.

Individuals will choose what to share

When individuals need to pass data to a business or entity, the TEx system allows them to select what information they hand over and ensure they consent to the information being exchanged. It also maintains a record of which information has been exchanged with which businesses, allowing individuals to track their digital information.

Verification will be based on governmentโ€™s data pool

Verification will come from the pool of data held by Australian government agencies, in addition to information housed by Australian state governments, centralised via MyGov. The government has said that, rather than being in a central database, it was exploring a new decentralised model for citizen data that would have strong safety and security features.

What use cases will there be for Trust Exchange

Verified or shared information using the TEx system would include:

  • Age and date of birth.
  • Address.
  • Citizenship status.
  • Visa status.
  • Qualifications and occupational licences.
  • Working with children checks.
  • Veteran status.

The government has put forward potential applications of the TEx system, including:

Contracts and accounts: Large businesses like telcos or banks will be able to integrate with TEx for identity verification when people take out new contracts or create new accounts.

Pubs, clubs, and hotels: TEx can prove a personโ€™s age. Australians may not have to pass over ID documents such as driversโ€™ licences or passports to be copied and stored.

Rental applications: When a person rents a new apartment, key details about the applicant could be provided and verified by a real estate agent using the TEx system.

Applying for a job: The government has suggested the system may extend to include things like qualifications and certifications, making it easier for employers to verify job candidates.

What will the Trust Exchange mean for businesses?

The Australian government believes businesses will see TEx as a โ€œwin.โ€ Although a businessโ€™ systems will need to be configured to interface with the system, it could lead to operational efficiencies, reduced data risk, and savings on data management.

Businesses will outsource identity verification

The TEx system would relieve businesses of the operational burden of verifying someoneโ€™s identity, which had sometimes required multiple forms of ID. This could create process efficiencies in many areas, streamlining how businesses sell certain products and services.

Businesses will reduce some of data risks

When businesses hold PII data, they take on risk. With the government holding identification data, and the exchange of data limited to only what is required, businesses will be reducing risk in their data estates. They could end up holding less data they donโ€™t need, in line with best practice principles, or seeing less fines or legal costs due to data breaches.

Business systems will need to interface with TEx

Any information verified by the system will still need to be collected, stored, and managed. While it is unclear how this process might work โ€” and it may require IT to set up in-house systems to operate seamlessly with TExโ€™s public digital infrastructure โ€” it is likely to become a feature in most third-party vendor products.

Businesses may have less data on customers

In some cases, businesses may have less data on customers than they may want. For example, if a business only needs to verify a person is over 18, a TEx system may verify this is the case without providing the business a date of birth. This could limit the collection of demographic data that may help with marketing segmentation strategies.

Businesses will still need to deal with non-TEx customers

TEx will not be compulsory for consumers or businesses. Therefore, businesses that adopt the system must be set up for customers using TEx and for those who are not. While this may create further complexity, businesses find enough value from TEx customers to make it worthwhile, especially as TEx uptake increases over time.

What will it mean for personal data protection

PII data could be safer in less locations

The Trust Exchange system can reduce the number of times Australians need to hand out PII to identify themselves. As the number of businesses storing data reduces, individuals could warmly welcome a reduced risk of their data being breached.

SEE: Is Australiaโ€™s public sector ready for a major cyber security incident?

TEx could be the honeypot for hackers

Some experts fear that the Trust Exchange and MyGov would be attractive to criminals because they would essentially create a centralised location for data. Though hacks of Australian businesses like Optus and Medibank have been problematic, a breach of the TEx system could be even more disastrous.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog.ย 
share this article.

ADVERTISEMENT

ADVERTISEMENT

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name