Australiaโs Trust Exchange system would allow Australians to prove their identity or share select details about themselves using information already stored by the government within their centralised MyGov account. MyGov is the central portal and data repository through which Australians access Government services, such as taxation, health, or social security.
SEE: What Australiaโs Digital ID means for businesses and citizens
For individuals, the government is promising more control over personal data. For businesses, it is offering benefits such as the ability to streamline customer onboarding and minimise data risks. The Trust Exchange system is being developed as a distinct project alongside Australiaโs existing Digital ID project, which will see the creation of a digital ID for Australians.
How will the TEx system work in practice?
Three transaction categories have so far been identified by the government for TEx:
- Proving a personโs identity without handing over information.
- Sharing select pieces of personal information.
- Sharing a verified credential.
TEx will verify information using a โdigital thumbs upโ
In cases where TEx is only verifying information, such as a personโs identity, the system would pass a digital token to businesses rather than sensitive private information, such as a driverโs licence.
Using a โtap-to-payโ style system with a QR code, the system would โdigitally shake handsโ with a business or service provider. While it would not pass on actual information, the system would provide assurance that the details are correct without needing to view them.
Individuals will choose what to share
When individuals need to pass data to a business or entity, the TEx system allows them to select what information they hand over and ensure they consent to the information being exchanged. It also maintains a record of which information has been exchanged with which businesses, allowing individuals to track their digital information.
Verification will be based on governmentโs data pool
Verification will come from the pool of data held by Australian government agencies, in addition to information housed by Australian state governments, centralised via MyGov. The government has said that, rather than being in a central database, it was exploring a new decentralised model for citizen data that would have strong safety and security features.
What use cases will there be for Trust Exchange
Verified or shared information using the TEx system would include:
- Age and date of birth.
- Address.
- Citizenship status.
- Visa status.
- Qualifications and occupational licences.
- Working with children checks.
- Veteran status.
The government has put forward potential applications of the TEx system, including:
Contracts and accounts: Large businesses like telcos or banks will be able to integrate with TEx for identity verification when people take out new contracts or create new accounts.
Pubs, clubs, and hotels: TEx can prove a personโs age. Australians may not have to pass over ID documents such as driversโ licences or passports to be copied and stored.
Rental applications: When a person rents a new apartment, key details about the applicant could be provided and verified by a real estate agent using the TEx system.
Applying for a job: The government has suggested the system may extend to include things like qualifications and certifications, making it easier for employers to verify job candidates.
What will the Trust Exchange mean for businesses?
The Australian government believes businesses will see TEx as a โwin.โ Although a businessโ systems will need to be configured to interface with the system, it could lead to operational efficiencies, reduced data risk, and savings on data management.
Businesses will outsource identity verification
The TEx system would relieve businesses of the operational burden of verifying someoneโs identity, which had sometimes required multiple forms of ID. This could create process efficiencies in many areas, streamlining how businesses sell certain products and services.
Businesses will reduce some of data risks
When businesses hold PII data, they take on risk. With the government holding identification data, and the exchange of data limited to only what is required, businesses will be reducing risk in their data estates. They could end up holding less data they donโt need, in line with best practice principles, or seeing less fines or legal costs due to data breaches.
Business systems will need to interface with TEx
Any information verified by the system will still need to be collected, stored, and managed. While it is unclear how this process might work โ and it may require IT to set up in-house systems to operate seamlessly with TExโs public digital infrastructure โ it is likely to become a feature in most third-party vendor products.
Businesses may have less data on customers
In some cases, businesses may have less data on customers than they may want. For example, if a business only needs to verify a person is over 18, a TEx system may verify this is the case without providing the business a date of birth. This could limit the collection of demographic data that may help with marketing segmentation strategies.
Businesses will still need to deal with non-TEx customers
TEx will not be compulsory for consumers or businesses. Therefore, businesses that adopt the system must be set up for customers using TEx and for those who are not. While this may create further complexity, businesses find enough value from TEx customers to make it worthwhile, especially as TEx uptake increases over time.
What will it mean for personal data protection
PII data could be safer in less locations
The Trust Exchange system can reduce the number of times Australians need to hand out PII to identify themselves. As the number of businesses storing data reduces, individuals could warmly welcome a reduced risk of their data being breached.
SEE: Is Australiaโs public sector ready for a major cyber security incident?
TEx could be the honeypot for hackers
Some experts fear that the Trust Exchange and MyGov would be attractive to criminals because they would essentially create a centralised location for data. Though hacks of Australian businesses like Optus and Medibank have been problematic, a breach of the TEx system could be even more disastrous.
No Comment! Be the first one.