Digital ministers agree to develop identity resilience strategy

A national identity resilience strategy will be developed in response to the recent spate of high-profile data breaches that have compromised the credentials of millions of Australians.

Commonwealth, state and territory ministers agreed to “collaborate” on the National Strategy for Identity Resilience at the Data and Digital Ministers Meeting in Canberra on Friday.

The strategy, which is expected to be finalised early next year, will seek to “support implementation of more resilient identities” and better support impacted individuals if compromise occurs.

Ministers have also agreed to “continue developing digital identity systems”, as was foreshadowed ahead of the meeting by Finance minister Katy Gallagher, although whether they are considered by the strategy is unclear.

The meeting – the first since the federal election – was attended by digital ministers from five state and territory governments. The Victorian government is currently in caretaker mode.

As reported by, Cybersecurity minister Clare O’Neil and Government Service minister Bill Shorten were also present, as the importance of cybersecurity grows among ministers.

With millions of customers impacted by the Optus and Medibank breaches, the ministers said there is an “urgent and growing need to protect the identities of Australians from identity-related theft”.

“Identity crime costs Australia more than $2 billion each year and causes major distress to individuals who fall victim. Australians’ digital identities need to be hard to steal and, if compromised, easy to restore,” the meeting communiqué reads.

“Our best defence is a nationally consistent approach to identity resilience, with all jurisdictions working together on common objectives, standards and practices.”

The strategy will seek to “support implementation of more resilient identities to reduce the likelihood and consequence of compromised identities, to improve how businesses and government respond, and to better support impacted individuals”.

It is as yet unclear whether the strategy will be a like-for-like replacement of the federal government’s national identity security strategy, which has not been updated since 2012.

The former Coalition government started down the path of updating the strategy in 2018, when it commissioned former Attorney-General’s Department secretary Roger Wilkins and IDCARE founder David Lacey to conduct a review.

But the review of identity protection and management arrangements, which was handed to government in mid-2019, was never published. It was finally released earlier this year following a Freedom of Information request.

The review endorsed an overhaul of identity verification to make better use of biometrics, and recommended the government create an Office for Identity Protection and Management in the Department Home Affairs.

Last week, the Department of Home Affairs said biometrically anchored digital identities such as myGovID would go a long way to preventing the loss of identity information experienced with the Optus data breach.

Ministers also used the meeting to agree to the second National Data Sharing Work Program to address “national priority data sharing areas and reform the Commonwealth, state and territory data sharing system”.

Two data initiatives will be “advanced”: a Multilateral Data Sharing Agreement to streamline data sharing between governments for the National Disability Data Asset; and a National Data Catalogue of public data assets that will support inter-jurisdictional data sharing, access and use.

The following ministers attended the latest meeting on Friday:

  • Senator Katy Gallagher (Commonwealth)
  • Bill Shorten MP (Commonwealth)
  • Clare O’Neil MP (Commonwealth)
  • Victor Dominello MP (New South Wales)
  • Leeanne Enoch MP (Queensland)
  • Madeleine Ogilvie MP (Tasmania)
  • Chris Steel MLA (Australian Capital Territory)
  • Ngaree Ah Kit MLA (Northern Territory)

Do you know more? Contact James Riley via Email.

1 Comment
  1. Biometrics can be copied and spoofed once compromised they place the user at extreme risk. Biometrics are something you are and consequently are in the public domain they should not be used for wide area network security as using them places the user at greater risk of identity theft.

Leave a Comment

Related stories