Strengthening the protection of Australians’ personal information
Australians engage with online services for a wide range of activities and expect to conduct these transactions safely and securely without their personal information being at risk from cyber threats. Australians reported more than 216,00 scams to the National Anti-Scam Centre between January and October 2024, amounting to more than $261 million in losses.
To counter this, the Government is building on robust privacy and security settings and a culture of integrity and accountability, to give people and business confidence that their information will be safe. Passage of the Privacy and Other Legislation Amendment Bill 2024 on 29 November 2024 strengthened privacy protections for all Australians and outlaws an individual's personal data being intentionally and maliciously exposed online. The new legislation gives people the ability to seek compensation from perpetrators for harms resulting from a serious invasion of their privacy and gives stronger enforcement and investigative powers to the Office of the Australian Information Commissioner to respond to privacy and data breaches. In addition, the Government introduced the Identity Verification Service Credential Protection Register in response to recent national data breaches. This register protects people whose personal details and credentials have been stolen from suffering additional harm by ‘locking down’ the stolen credentials. This register has already blocked over 300,000 attempts to use stolen credentials for fraudulent purposes.
The Privacy Act 1988 reform works hand in hand with the 2023-2030 Australian Cyber Security Strategy to improve Australia’s cyber security, manage cyber risks and better support people and business to manage the cyber environment around them. These settings allow Australians to harness opportunities from data and digital technologies to achieve their objectives while keeping their information and data safe.
The Executive Cyber Council continues to be a key forum for genuine and transparent co-leadership between the Government and industry leaders on a range of key cyber security issues. This includes taking a unified approach to elevate cyber security awareness and resilience among small and medium-sized businesses.
Building public trust in a secure digital government
The Government is focused on being an exemplar in using data and digital technologies to support people’s decisions and choices when engaging with public services. This includes having the right frameworks, accountabilities and culture in place to support public trust, privacy and security. To achieve this, the Government is committed to delivering services that are trusted, transparent and ethical and support peoples’ choices.
One way the Government is driving this is by expanding the use of Digital ID across the economy as a convenient, voluntary and inclusive way for people to verify their ID. From 1 December 2024, the Digital ID Act 2024 establishes a nationally consistent set of standards, allowing a simpler and safer way for people to verify their ID. It will reduce the need for people to continuously produce their physical ID documents and share their personal information when changing jobs, applying for a rental property or accessing many government services. It will also reduce the amount of personal information or data that businesses need to hold about people, as well as the costs in managing and se curing that data. The Government will continue to partner with state and territory governments to make it easier, safer and voluntary for people to access and use government services across Australia using Digital ID.
212 services using Digital ID meet the required security and privacy standards (2024)
This is a new metric and is an indicator of trust in Australia's Digital ID system.
The Government is building its protective security maturity and fostering a culture of privacy, security, and proactive monitoring across the APS, including for partners that operate within the Government’s data and digital ecosystem. The 2023-24 PSPF Assessment Report found that the Government’s overall protective security maturity remains at Maturity Level 2 (67% of agencies), which indicates substantial implementation of protective security requirements. Agencies will continue to collaborate and share information and expertise to actively manage the privacy and security of their ecosystems. This will support alignment and consistency, reduce unnecessary duplication, and protect Australians from inappropriate access or use of their personal information when using government services.