For IT and cybersecurity teams, collecting and storing personally identifiable information can be a significant burden. When dealing with millions of customer records, it becomes a costly and risky task to manage and protect the data from hackers, as well as handle the repercussions if a breach occurs.
This could change with the upcoming launch of a new digital verification system in Australia, which will move into a pilot phase in January 2025.
Currently in the proof-of-concept stage, the Trust Exchange system, or TEx, would allow Australians to provide their personal information through a digital wallet. Personally identifiable information would not always need to be shared with a business when a customer needs to verify their identity.
The Australian government hopes TEx will reduce the number of Australians who fall victim to data breaches. For businesses, the system could offer a streamlined and more secure way to interact with their customers.
What is the Australian Planned Trust Exchange?
Australia’s Trust Exchange system would allow Australians to prove their identity or share certain details about themselves using information already stored by the government in its centralised MyGov account. MyGov is the central portal and data repository through which Australians access government services, such as tax, health or social security.
WATCH: What Australia's digital ID means for businesses and citizens
The government promises individuals greater control over personal data. For businesses, it offers benefits such as the ability to streamline customer onboarding and minimise data-related risks. The Trust Exchange system is being developed as a stand-alone project alongside Australia’s Digital ID project, which envisions the creation of a digital ID for Australians.
How will the TEx system work in practice?
So far the Government has identified three categories of transactions for TEx:
- Prove a person's identity without providing information.
- Sharing selected personal information.
- Share a verified credential.
TEx will verify information using a 'digital thumbs up'
In cases where TEx only verifies information, such as a person's identity, the system would pass a digital token to businesses instead of sensitive private information, such as a driver's license.
Using a tap-to-pay system with a QR code, the system would “digitally shake hands” with a business or service provider. While it would not transmit actual information, the system would provide assurance that the data is correct without needing to see it.
Individuals will choose what to share
When people need to pass data to a company or entity, the TEx system allows them to select what information to hand over and ensure they consent to that information being exchanged. It also keeps a record of what information has been exchanged with which companies, allowing people to track their digital information.
Verification will be based on the government's data set
The verification will be done from a pool of data held by Australian government agencies, in addition to information held by Australian state governments, centralised through MyGov. The government has said that rather than being in a central database, it was exploring a new decentralised model for citizen data that would have strong security features.
What use cases will there be for Trust Exchange?
Information verified or shared through the TEx system would include:
- Age and date of birth.
- ADDRESS.
- State of citizenship.
- Visa status.
- Professional qualifications and licenses.
- Working with child controls.
- Veteran status.
The Government has proposed possible applications of the TEx system, including:
Contracts and accountsLarge companies, such as telecom companies or banks, will be able to integrate with TEx for identity verification when people sign up for new contracts or create new accounts.
Pubs, clubs and hotels:The TEx can prove a person's age. Australians do not have to hand over identity documents, such as driver's licenses or passports, to be copied and stored.
Rental RequestsWhen a person rents a new apartment, a real estate agent could provide and verify key details about the applicant using the TEx system.
Apply for a jobThe government has suggested that the system could be expanded to include things like qualifications and certifications, making it easier for employers to verify job candidates.
What will Trust Exchange mean for businesses?
The Australian government believes businesses will view TEx as a “win.” While a company’s systems will need to be configured to interact with the system, this could lead to operational efficiencies, reduced data risk and savings in data management.
Companies will outsource identity verification
The TEx system would relieve businesses of the operational burden of verifying a person’s identity, which sometimes required multiple forms of identification. This could create process efficiencies in many areas, streamlining the way businesses sell certain products and services.
Companies will reduce some of the data risks
When companies possess personally identifiable data, they take on risks. If the government possesses personally identifiable data and data sharing is limited to only what is required, companies will reduce the risk in their data files. They could end up having less data they don’t need, in line with best practice principles, or facing fewer fines or legal costs due to data breaches.
Enterprise systems will need to interact with TEx
All information verified by the system will still need to be collected, stored, and managed. While it’s unclear how this process might work (and may require IT to set up internal systems to work seamlessly with TEx’s public digital infrastructure), it’s likely to become a feature of most third-party products.
Companies may have less data on customers
In some cases, businesses may have less customer data than they would like. For example, if a business only needs to verify that a person is over 18, a TEx system can verify that this is the case without providing the business with a date of birth. This could limit the collection of demographic data that can help with marketing segmentation strategies.
Companies will still have to deal with non-TEX customers
TEx will not be mandatory for consumers or businesses. Therefore, businesses that adopt the system must be prepared for both customers who use TEx and those who don’t. While this may lead to added complexity, businesses find enough value in TEx customers to make it worthwhile, especially as TEx adoption increases over time.
What will this mean for the protection of personal data?
PII data could be safer in fewer places
The Trust Exchange system could reduce the number of times Australians need to provide personally identifiable information to identify themselves. As the number of companies storing data is reduced, individuals may welcome the reduced risk of their data being breached.
WATCH: Is Australia's public sector prepared for a major cybersecurity incident?
TEx could be a trap for hackers
Some experts fear that Trust Exchange and MyGov would be attractive to criminals because they would essentially create a centralised location for data. While attacks on Australian companies such as Optus and Medibank have been problematic, a breach of the TEx system could be even more disastrous.
