Australian Government Architecture


This summary sets out key points about how the Digital Transformation Agency (DTA) handles personal information. We collect, hold, use, disclose and store personal information to carry out our functions or activities in accordance with the:

More information can be found in our main privacy policy.


We may collect or hold personal information that is reasonably necessary for, or directly related to, the performance of our functions and activities. This may include your name, phone number, email and address, and information about your interactions with us through our services or the pages you visit.

We collect personal information for many purposes, including to providing strategic leadership on whole-of-government and shared ICT and digital services, including sourcing and capability development.

We will usually collect information directly from you, unless there is an exception in the Privacy Act that permits us to collect personal information from a third party.

Storage and protection

Our electronic information is held in secure online systems. We restrict physical access to our offices and limit access to authorised personnel only. DTA staff have access to personal information on a need to know basis only.

When personal information is no longer required to be retained as part of a Commonwealth record, it is generally destroyed in accordance with the Archives Act 1983.

Use and disclosure

We will ordinarily use and disclose your personal information for the primary purpose for which it was collected.

However, we may also use or disclose your personal information for another purpose in certain circumstances. For example, if required or permitted by law or for a purpose related to, or directly related to, the purpose of collection where you would reasonably expect that this would occur.

Sometimes we will pass your personal information to other government agencies or organisations (such as the Australian Taxation Office or Department of Home Affairs), including overseas governments or organisations, for the purpose of assisting with your enquiry or application.

We may disclose some of your personal information to overseas recipients for business, systems administration, and systems maintenance purposes.

Access and correction

You can request access to, or correction of, your personal information by contacting us on the details below.

We will allow access or correct personal information upon request, unless we consider there is a sound reason under law to refuse. If we do not correct your personal information, we will take reasonable steps to associate a statement with your file upon request.


We take your privacy seriously and make all efforts to protect your personal information. If you wish to make a complaint about how DTA handles your personal information, you can contact us on the details below.

How to contact us

  • Telephone: 02 6120 8595 
  • Mail: Privacy Officer

    Digital Transformation Agency,

    PO Box 457

    Canberra City

    ACT 2601

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.

While PIAs assess a project’s risk of non-compliance with privacy legislation and identify controls to mitigate the risk, a PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to also consider the broader privacy implications and risks, including whether the planned uses of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives.

From 1 July 2018, the Australian Government Agencies Privacy Code require agencies to conduct a PIA for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.

A register of PIAs completed by the DTA can be found below.

Register of Privacy Impact Assessments (PIAs) - Last reviewed 29 August 2022





Digital Identity

Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha

December 2016


  Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) September 2018 Galexia
  3rd Independent Privacy Impact Assessment (PIA) on the TDIF and related Digital Identity Eco-system March 2021 Galexia
  Privacy Impact Assessment Report for the draft TDI Legislation February 2022 HWL Ebsworth


While DTA has exercised due care in ensuring the accuracy of the material contained on this website, the information on the site is made available on the understanding that DTA is not engaged in rendering professional advice here. The website may not cover all the information available on a particular issue.

Get in touch

You can send requests for information or complaints to You can also send your request or complaint by post to Digital Transformation Agency, GPO Box 457, Canberra, ACT 2601.

Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page