Trusted and secure

By 2030, the Australian Government will partner with people and business to make decisions and deliver services which are trusted, transparent and ethical, and support people’s choices when engaging with public services.

Robust privacy and security settings and a culture of integrity and accountability will give people and business confidence their data is safe.

Through consultation on the initial Strategy, stakeholders recognised the importance of the Government having the right frameworks, accountabilities, and culture in place to support trust, privacy, and security. Community stakeholders were particularly interested in the Government being more transparent about data collection and use, and improving the ways people can give and withdraw consent. APS stakeholders considered public trust the most important factor for the Strategy’s success and emphasised the Government’s role in being an exemplar in data use and management.

Build and maintain trust

Digital services are increasingly the face of modern government. When done well, they build public trust in government. When they fail, frustrate, exclude people or put them or their information at risk, that trust is eroded. This can also have significant impacts on people’s safety and wellbeing.

The Government’s Survey of Trust in Australian Public Services provides transparency of people’s experiences and interactions with the APS. Survey results guide digital service delivery by identifying the types of services and interactions that work and the weak points in trust and customer experience. The APS can use those results to make changes to existing digital services and design new ones.

People trust government to collect, manage and use their data well. Providing people and businesses with more control over how their data is used and being transparent in how the Government uses the data it collects, is critical to building and maintaining public trust.

The Building Trust in the Public Record policy helps entities manage their information assets to better support, protect and serve the community. The DATA Scheme delivers strong arrangements to build trust and transparency when sharing data. Commitment to the Open Government Partnership will support new ways to engage with the Government and promote accountability using data and digital technologies.

The public expects personal information collected by the Government and other organisations to be kept safe and secure by appropriate and enforceable protections. Privacy and cyber security breaches damage trust that organisations, including the APS, can adequately manage and secure personal information.

The Government has made significant investments to safeguard the security and privacy of government-held data. Cornerstones of this investment include the secure environment of data centres and associated infrastructure that provide hosting services for entities. The Hosting Certification Framework helps entities identify and source hosting services that meet enhanced privacy, sovereignty and security requirements, including by requiring sensitive information to be stored within Australian borders. The Government is also investing in the Notifiable Data Breaches Scheme to ensure greater responsiveness, transparency and accountability when data breach incidents occur.

The 2023-2030 Australian Cyber Security Strategy, the appointment of a dedicated Minister for Cyber Security and the creation of a National Coordinator for Cyber Security, will further improve Australia’s national resilience to cyber threats as well as responses to cyber incidents. The Online Safety Act 2021 strengthens and expands existing laws for online safety, making internet service providers more accountable for the safety of their users.

By setting a best practical example, the Government can support public trust in emerging technologies and their safe and responsible adoption in the broader economy.

Modernise legislation

Australia’s legislation and regulations have not always kept pace with data and digital technologies and their uses. This is partly because legislative reform requires time and consideration and because data and digital issues develop rapidly and are complex. They can cross traditional legislative and jurisdictional boundaries, particularly as they relate to privacy.

The Government is committed to ensuring legislation is fit-for-purpose, can appropriately protect the public from emerging cyber and other threats, and allow for the effective use of data and digital technologies. The Government will continue to review and update relevant legislation to respond appropriately to data and digital developments. Several recent reviews, including the Review of the Privacy Act 1988 (Privacy Act), the Royal Commission into the Robodebt Scheme, the myGov User Audit and the Tune Review, have recommended potential reforms to laws related to privacy, data sharing, data security, digital ID and information management.

At the Commonwealth level, rules relating to use, sharing and management of information largely stem from the Archives Act 1983, the Freedom of Information Act 1982, the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and, most recently, the Data Availability and Transparency Act 2022 (the DAT Act).

Government entities are also subject to a range of legislation that govern their data collection, use and sharing. The Government’s Protective Security Policy Framework (PSPF) helps entities protect their people, information and assets, both at home and overseas. The PSPF is regularly reviewed with updated guidance for entities to meet their public data stewardship responsibilities under the PGPA Act.

A range of Commonwealth, state and territory laws combine to create a set of privacy rights for Australians and obligations for those who hold personal information. The Privacy Act is the principal Commonwealth legislation governing the protection of personal information. The Review of the Privacy Act released in 2023 prompted reforms to strengthen the act’s principles-based approach to protecting personal information. These reforms will help bring Australia more into line with international data protection standards such as the European Union’s General Data Protection Regulation. The Government will also engage with the states and territories to work towards harmonising key elements of Commonwealth, state and territory privacy laws.

The DAT Act establishes a new, best practice scheme for sharing Government data underpinned by strong safeguards and efficient processes, including in-built process requiring periodic reviews, with the first review scheduled to start in 2025. These reviews will support the Government to ensure the DAT Act remains fit-for-purpose and will provide opportunities to refine the DATA Scheme’s scope and operation to best serve the public interest by promoting better and simpler availability of government-held data.

The Government will also explore opportunities and challenges of emerging data and digital technologies, including artificial intelligence, through its legislative and regulatory frameworks to ensure Australians continue to have confidence in the Government’s use of data and digital technologies.

Connect data, digital and cyber security

Data, digital and cyber security are closely intertwined. The Government must foster a culture of privacy, security, and proactive monitoring across the APS, including for partners that operate within and access the Government’s data and digital ecosystem. Entities must collaborate and share information and expertise to actively manage the privacy and security of the ecosystem (including with industry partners) to support alignment and consistency, reduce unnecessary duplication, and protect the community from inappropriate access or use of their personal information.

The Australian Signals Directorate’s Annual Cyber Threat reports acknowledge the increasingly contested cyber environment and the need to build national cyber resilience. Monitoring and acting on security threats and challenges to protect the community requires collective cyber uplift effort from all departments and agencies.

While focusing on improvements in the APS, the Government has an equally important role to play in raising awareness about the need for improved cyber security practices and habits in the community. ASD’s Australian Cyber Security Centre provides advice and information to help people and business protect themselves online. ASD also works with business, government and academic partners and experts in Australia and overseas to investigate and develop solutions to cyber security threats.

The 2023-2030 Australian Cyber Security Strategy will help the Government achieve its vision to be a world leading cyber secure and resilient nation by 2030. It will be accompanied by a Commonwealth Cyber Security Uplift Plan which will drive a strategic and pragmatic approach to enhancing collective cyber resilience, building capabilities and lifting cyber security to help Australian people and business with cyber incidents. This Strategy aligns with the Cyber Security Strategy by improving Australia’s digital inclusion, and ensuring all people have access to the information and tools they need to stay safe online and protect their private data.

The Government’s work to expand and legislate the digital ID system will help to improve cyber enabled ID fraud and privacy protections, including for people accessing government services online. Digital ID protects Australians online, reduces the amount of personal information Australians need to share to access services and helps businesses keep their customers’ data safe.

The Government is also improving cyber security and privacy protections by strengthening investigation and enforcement actions under the Notifiable Data Breaches Scheme, supporting the establishment of the National Anti-Scam Centre, launching the National Strategy for Identity Resilience and ongoing rollout of the Hosting Certification Framework and the PSPF.