Through our Digital Identity Working Group, DSPANZ has worked in collaboration with members and government to produce best practice
guidance and materials to support DSPs in navigating identity verification practices.
Privacy and Identity Verification Best Practice Guidance
The Privacy and Identity Verification: Best Practice Guidance for Digital Service Providers supports the implementation of privacy-centric, digital-first identity verification processes that protect end users, comply with legislation, and minimise data retention risks. The best practice guidance was first published on 18 December 2025 and is current as at 18 December 2025.
The best practice guidance supplements Australian and Aotearoa New Zealand legislative and regulatory requirements for identity verification, as well as best practice security requirements. It provides recommendations on how DSPs continue to support their customers in recording that an identity verification has occurred, without storing identity documents in the process.
The guidance provides best practice recommendations for meeting the key principles outlined in the document, including:
- Enable digital-first verification
- Prevent the upload or storage or identity documents
- Delete identity documents after verification
- Retain metadata only
- Protect verification data (security, audit, and assurance)
- Be transparent with users.
Access a copy of the guidance below. DSPANZ members can exclusively access supporting materials here.