Data Protection
At One Click Verify, we are committed to protecting the privacy and confidentiality of all the identity verification information we collect on behalf of our customers, and their customers (you).
We have developed One Click Verify to provide the business community a means of safe commerce and to protect consumers identity.
The storage, secure processing and confidentiality of digital identity information is essential for reducing identity theft, fraud, and other exploitation.
How Your Data is Protected
One Click Verify has demonstrated compliance against the following requirements of the Digital Service Provider (DSP) Operational Security Framework, for products and services controlled by the DSP.
✓ Audit Logging
✓ Multi-Factor Authentication
✓ Certification (Independent Certification being obtained against iRAP)
✓ Data Hosting
✓ Encryption Key Management
✓ Encryption at Rest
✓ Encryption in Transit
✓ Entity Validation
✓ Personnel Security
✓ Security Monitoring Practices
✓ Supply Chain Visibility
✓ Third Party Add-on Marketplace
Our compliance certificates can be found here.
One Click Verify is required to comply with applicable Commonwealth, State and Territory Privacy Law. Under these privacy laws, we are required to comply with a set of privacy principles. The core principles are in the Privacy Act 1988 (CTH). More information about these principles and Australian privacy law can be found on the Australian Information Commissioner’s website www.oaic.gov.au.
Information Security Registered Assessors Program (iRAP)
The achievement of iRAP highlights One Click Group’s unwavering commitment to ensuring the utmost security for your data. IRAP empowers Australian Government customers to validate an organisations adherence to and maintenance of appropriate controls in line with the Australian Government Security Manual (ISM). In conjunction with the successful IRAP assessment, One Click Group is committed to ongoing improvement.
Digital Service Provider (DSP) Operational Security Framework
One Click Group conducts an Annual Operational Security Framework assessment by the Australian Taxation Office (ATO), for both its ATO Cloud Software’s One Click Life and One Click Verify to ensure compliance with government information technology security measures.
Storage of Data & Express Consent– Your identity data
One Click Verify stores certain data each time an identity is digitally verified. This data is stored in a secure encrypted environment only accessible by the business verifying your identity. You can ask a business to share your identity, but this can only be achieved by providing express consent by you at the time of sharing the identity.
To ensure maximum compatibility and flexibility with Consumer Data Rights (CDR) and General Data Protection Rights (GDPR), One Click Verify requests express consent from the identity owner before the transfer of data occurs to an Identity Recipient / Product Provider to ensure verification documents are only accessed by authorised Identity Recipient / Product Provider.
This express consent occurs at the time of sharing with an audit trail of the consent that can only be given by the identity owner. An email will be provided to the identity owner with information relating to the sharing request including.
✓ Identity recipient details
✓ Information being shared
✓ Reason for sharing the information
You will always have the option to accept (provide consent) or reject any identity share request. Importantly, we want you (the identity owners) to own and control your digital identity.
Removing Data
You can request erasure of the personal information we hold about you at any time by completing our Erasure Request Form. We will do our best to comply with any request, subject to our legal obligations and other allowable exceptions. Please note that we will retain metadata relating to account activity which may be provided to regulators, law enforcement and other parties in the future.
Anti-Phishing Code
One Click Verify will issue a unique Anti-Phishing code once you have registered with One Click Verify. Any communication either email or SMS will contain this Anti-Phishing code. This is a unique code to you (the identity owner), so you know that the communication has originated from One Click Verify.
Using One Click Verify
To create a digital identity through One Click Verify you will need to be invited by one of our customers. To see how to use One Click Verify, please see our user guide.