Guidelines will be updated, annual reports written, and detailed plans definitely developed under a new National Strategy for Identity Resilience signed off by the Minister for Finance and Australia’s state and territory Data and Digital Ministers.

The 2023 National Strategy for Identity Resilience, which replaces the 2012 National Identity Security Strategy, promises to “help to make Australia the most cyber secure nation by 2030”.

In pursuit of this seven-year timetable to protect the nation against Identity theft, described as a key enabler of terrorism and of serious and organised crime, the latter of which costs the Australian economy over $A60 billion annually, a series of initiatives will be attempted over the next 5 years.

In the first 12 months the strategy aims to roll out education and awareness programs, standardise Proofing Guidelines across Commonwealth, state and territory digital ID systems, and establish a national Centre of Excellence for data breaches.

Over the next 3 years, the Labor government will seek to improve the Credential Protection Register it established in October 2022 to prevent Identity Matching Services verifying a compromised credential that has already been listed on the Register.

“When a credential is discovered to have been compromised it can take a long time to remediate. During this time, criminals can continue to misuse the credential.”

The aim is by 2026 to eventually allow individuals to have better control of their credentials, and also to improve the sophistication of the Register.

There are also plans to develop a mobile phone trust score system to mitigate the use of multifactor authentication for fraud.

“A ‘Mobile phone trust score’ system would allow telecommunication providers to assign trust scores to mobile phone numbers based on risk factors such as recent sim swaps, tenure of phone plan and virtual private numbers.”

The Mobile phone trust score system could possibly be in place before 2027.

A series of longer-term initiatives have also been announced, estimated to take 3-5 years to implement), although this will require the re-election of the current Labor government.

These include:

• Enabling Digital Credentials (for example Working with Children Checks or mobile driver licences) to be issued through Digital wallets;
• Allowing Australians the ability to contact to one government organisation to recover their identity; and
• Improving links between identity records such as birth certificates/ immigration records with change of identity (e.g. change of name) processes in other jurisdictions.

According to the National Strategy for Identity Resilience, “In implementing this strategy, effectiveness will be assessed by progress made towards implementation of the initiatives, and the effectiveness of these outcomes. An annual report will be provided to the Data and Digital Ministers Meetings on the effectiveness of the Strategy, associated policy and legislation, and follow-on actions required to ensure that Australians’ identities are resilient.”