E-Markets offer convenient platforms to provide access to products and services through government-enabled marketplaces. This Standard for E-Markets seeks to provide advice to Commonwealth entities developing business cases, new policy proposals, and Cabinet submissions to ensure they align with whole-of-government (WofG) digital and ICT policies and priorities.
Identify and address any applicable data and information privacy and legislative requirements
Commonwealth entities have responsibilities under the Privacy Act of 1988. The Australian Government Agencies Privacy Code helps build a consistent, high standard of personal information management across business practices and solutions.
Participating users of E-Markets should respect privacy when dealing with personal information and should provide clear and easily accessible information about the way they handle privacy and security of personal information.
Businesses should store and use personal information with discretion and sensitivity when providing services. Information should be used to improve the online experience and guide services only when the customer is informed and consenting, and the information is appropriately secured and, if needed, anonymised/obfuscated. This advice is in line with the Australian Privacy Principles (APP). The APP are principles-based guidelines that give agencies the flexibility to tailor their personal information handling practices to their business models and the diverse needs of individuals. They are also technology neutral, which allows adaptation to changing technologies.
There are two key legislative regimes governing digital information assets of Commonwealth entities:
- The Archives Act 1983 (Cth), aimed at imposing record keeping obligations in respect of Commonwealth records. Digital information assets used in government business are Commonwealth records to be managed in accordance with the Archives Act 1983 (Cth).
- The Data Availability and Transparency (DAT) Act 2002 (Cth) is intended to improve public sector data accessibility, facilitate its consistent sharing with privacy safeguards, enhance integrity and transparency, instil confidence in its use, and establish institutional sharing arrangements.
Beyond these key pieces of legislation, there are numerous others that may further apply depending on the operating context of an entity and a set of information. Each entity should review relevant federal, state, and local requirements to ensure full compliance.
For additional information, please refer to Information Asset Management.
Identify like type E-Markets, and thus opportunities for reuse, using cross-APS archetypes to identify best-fit solutions
Consideration must be given to minimising risk, improving consistency, accelerating delivery, and lowering total cost of E-Markets via reuse of existing investment. Across government, E-Market systems can be broadly categorised into either:
- Informational platforms: Offer advice, assistance, and best practice guidance on how to best source access to goods and services needed by entities or their clients, or;
- Transactional platforms: Offer direct access to the goods and services needed by agencies and their clients. These transactional platforms allow goods and services to be sourced and supplied directly to entities or their clients.
Understanding the use case requirements, and thus platform focus, allows comparability to previous investment across government and the potential avenues for reuse. Alignment to an archetype, can assist agencies in the rapid and most suitable selection of a reusable investment or capability.
Adhere to reuse principles
Numerous instances of E-Market solutions and platforms exist across government, several of which may be suitable for reuse through either shared service models, creating new instances of existing cloud implementations, or leveraging existing patterns. As a general rule, utilising existing e-marketplaces is preferred to the development of new platforms.
Reuse and reuse potential are also enhanced through achieving greater uniformity in data structures, specifically where data is organised and stored in a consistent manner, and uniformity in integration protocols is developed and maintained.
Existing designs that may be suitable for reuse are available on the AGA website, through direct contact with entities with comparable use cases, or via existing WofG arrangements and inter-government Memorandums of Understanding (MoU).
Reuse content on the AGA provides information for entities on reuse.
Ensure human-centred design practices are applied when building E-Markets
The Australian Public Service (APS) is tasked with supporting all Australians throughout their life journeys. To ensure that government services meet population needs, it is imperative that they are made as accessible and user friendly as possible through adoption of a human-centred design approach.
Guidelines laid out by the Digital Service Standard (DSS) v2.0 should be adhered to. The DSS v2.0 is a set of best-practice principles, intended to help entities design and build digital services that are simple, clear, and fast for Australians. By following the DSS, government is ensuring digital services provide public value and meet user needs, with ongoing service improvements based on evidence and learnings.
View: https://www.dta.gov.au/help-and-advice/about-digital-service-standard
Adopt a consistent, effective, and efficient approach for identifying businesses and individuals participating in E-Markets
E-Markets may facilitate the exchange of sensitive data between multiple parties who may previously have had no relationship with each other. As such, it is critical that both parties have been authorised, and where possible are identity-verified, to reduce the risk of inadvertent access or damage to sensitive data.
Businesses are encouraged to create authorisations for employees and other individuals to work on behalf of the business. It is a business’ responsibility to maintain the integrity of their records. It is recommended that businesses using E-Market platforms be authorised via global authentication gateways such as PRODA (Provider Digital Access).
Businesses and individuals using E-Markets should be verified by an identity system. An identify system can be defined as an online environment for identity management transactions governed by a set of system rules (also referred to as a trust framework) where individuals, organisations, services, and devices can trust each other because authoritative sources establish and authenticate their identities.
Relevant identity exchange/attribute provider accreditation standard models that should be considered in E-Market design include the Trusted Digital Identity Framework (TDIF), specifically:
- The TDIF Identity Exchange as an accreditation standard within the TDIF. An entity that has been accredited in accordance with the TDIF as an identity exchange and provides a service that conveys, manages, and coordinates the flow of data or other information between participants in an Identity Federation. This standard is applicable to both businesses and individuals.
View: https://www.digitalidentity.gov.au
- TDIF Attribute Provider as an accreditation standard within the TDIF. Attributes are additional information, such as entitlements or characteristics of an individual (e.g. a qualification or certification). Attribute providers generate and manage attributes and claims about an individual, business, or organisation that are providing services. This standard is applicable to both businesses and individuals related to personalisation.
View: https://www.digitalidentity.gov.au
User data is at the core of E-Markets. E-Market solutions should:
- protect user privacy by ensuring that practices relating to the collection and use of user data are lawful, transparent, fair, enable user participation and choice, and provide reasonable security safeguards.
- manage digital security risk and implement security measures for reducing or mitigating adverse effects relating to user participation in E-Markets.
The Australian Signals Directorate produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that entities can apply to protect their systems, including those related to E-Markets, and associated data from cyber threats. Details in the ISM can be accessed here: Information Security Manual (ISM) | Cyber.gov.au.
Ensure E-Markets are used to avail or provide products or services in a manner that prevents any conduct that could be considered unfair
Businesses and individuals should adopt fair practices when building and engaging in E-Markets by:
- not engaging in conduct that is unfair or deceptive or is likely to mislead or deceive
- not making false or misleading representations about the products or services they supply
- not engaging in unconscionable conduct (such as collecting data from competitors on price on products or services)
- ensuring that there is clear demonstration of intent to buy or sell products or offer services
- ensuring participating businesses are compliant with Fair Trading laws and operating fairly and competitively. Fair Trading laws ensure that businesses inform and protect customers.
The participating businesses should consider:
- Fair trading laws
- The Australian Consumer Law and your business
- The Competition and Consumer Act
- Australian standards
- Codes of conduct
When selling products or services, businesses need to understand and be compliant with:
- Australia's trade measurement laws
- Displaying prices
- Product labelling
- Secure card payments
- Warranties and refunds
Australian product safety laws apply to E-Markets and at every stage of the supply chain. These laws mean that participating businesses:
- must comply with Australian mandatory safety standards
- must not supply banned products
- must report the death or serious injury or illness of a person that occurred as a result of a consumer product supplied by the vendor
- should immediately recall a product if it is realised it may present a safety hazard, does not comply with a safety standard, or is banned – and notify the Australian Commonwealth Minister responsible
- must comply with any recall notices issued under the Australian Consumer Law
- should be aware that compliance with international or other trusted safety standards does not automatically mean compliance with Australian safety standards or bans.
It is businesses’ responsibility to understand Australian product safety laws and make sure they sell safe, compliant products. These obligations have been summarised by the Australian Competition and Consumer Commission.