Galexia is undertaking a Second Privacy Impact Assessment (PIA) for the Digital Transformation Agency (DTA) on the proposal to establish the Trusted Digital Identity Framework (TDIF).
The purpose of this PIA is to assist in identifying and managing privacy issues that are raised by the establishment of the TDIF.
This PIA is the second step in a multi-phase and independent PIA process commissioned by the Digital Transformation Agency, incorporating:
- An initial public independent PIA undertaken by Galexia on the overall concept and design of the Trusted Digital Identity Framework (TDIF) and some of its key components (December 2016);
- A second independent public PIA on the planned implementation of the Trusted Digital Identity Framework (TDIF) as at September 2018 (this PIA); and
- Individual PIAs for each Identity Provider (IdP) that applies to be accredited under the Trusted Digital Identity Framework (TDIF) (as required)1 ; and
- Individual PIAs for other accredited TDIF Participants (such as the Identity Exchange, Attribute Providers and Credential Providers) (as required).
This PIA is the second public PIA undertaken in relation to the TDIF. Many issues were the subject of findings and recommendations in the first PIA.
This second public PIA builds on work undertaken in the initial PIA and uses the consistent section headings and follow-on recommendation numbering system, ensuring integrity and traceability across a series of public PIAs
This PIA considers compliance with privacy legislation and relevant privacy measures contained in the TDIF documentation. The PIA also briefly considers issues around overall privacy management and governance. The currency of this PIA is as at end of September 2018.