The first details of a one-stop shop for Australians to prove their identity, check into hotels and even submit qualifications for job applications have been released by the federal government. This means businesses are obligated to use this Digital Identity as a “Trust Exchange” with QR code to check-in into venues, hotels and … by using a centralised system. (More info)
It is always a significant challenge for businesses that, in various ways, try to identify the identity of individuals. This information is commonly referred to as PII data, which stands for Personally Identifiable Information. However, with the advent and increased use of Digital Identity, we are entering a more complex realm known as SPII data. SPII stands for Sensitive Personally Identifiable Information, which, by definition, includes highly sensitive data such as biometric data, social security numbers, financial data, and medical data. These types of information were previously limited to certain special and essential services, such as banking and healthcare. Now, however, the broader use of digital identity is forcing businesses to handle and protect these sensitive types of data across a wider range of platforms and applications, necessitating stronger security measures and more comprehensive data protection strategies.
This, by nature, will cause a problem called “Honey Pot” fear, which refers to the concern that if this is a centralized system, it will become a highly attractive and lucrative target for attackers aiming to steal data. In essence, the centralized storage of sensitive information can create a single point of failure, making it an enticing target for malicious actors who seek to exploit any vulnerabilities. This heightened risk necessitates stringent security measures and constant vigilance to protect against potential breaches and data theft attempts.
In the detailed ABC report, it states that the potential solution might involve focusing on a de-centralised model for this particular implementation. However, a critical question arises from the enterprise perspective: does our current governance structure within legacy enterprises permit the adoption of this de-centralised model or not? Furthermore, it is important to note that, at present, many enterprises are actively promoting the creation of centres of excellence throughout the organisation. This approach of establishing centres of excellence is quite contrary to the principles of the de-centralisation paradigm, which further complicates the consideration of shifting towards a de-centralised model.
So in nutshell, I think we need to wait and see who this digital Identity will workout and what challenges and remedies it introduces to the technology in Australia.
Leave a Reply