Task back to top Scenario The Department of Administrative Services (DAS) provides a number of services to other departments in an Australian State Government. These services include HR and personnel management, payroll, contract tendering management, contractor management, and procurement. These services have all been provided from the Department’s own data centres.  As a result of a change in Government policy, DAS is moving to a “Shared Services” approach. This approach will mean that DAS will centralise a number of services for the whole of Government (WofG). This means that each Department or Agency that runs one of these services for its own users, will be required to migrate its data to DAS so that it can be consolidated into the DAS centralised database. DAS will then provide these consolidated services to all other Departments and Agencies within the Government. The Government has now decided that they want to centralise the application and renewal of licences from a number of different agencies into one single portal. The portal will be branded as MyLicence.  The Government’s strategy is that the process of licence application or renewal for virtually all licences follows an almost identical workflow, even though some of the data may differ for different types of licences.  Their aim is to have a single workflow for all licences, with some additional steps in case of special requirements for a particular type of licence.  The Government also sees the opportunity to gain a better view of what licences each citizen holds, and wants to link that data to other data that they hold about each citizen. In order to achieve this, the Government plans to encourage citizens to register on the MyLicence portal and create their own informal digital identity. This will allow all the licences, renewal dates, and other associated information for that digital identity to be available for viewing on a single page.  This data, particularly when linked to a citizen’s digital identity, can then be used for more effective planning and decision making by Government and other public agencies.  The plan also has the advantage of simplifying the process of acquiring and renewing licences for its citizens so that they only need to go to a single web portal to acquire the licenses that they require.  The Government proposes, in line with its “Cloud First” policy, to use a public cloud provider to host the MyLicence portal, processing and databases. The Government also wants to ensure that all data remains on Australian soil so that it can ensure that data sovereignty does not cause any issues with MyLicence. Tasks After your successful engagement to develop privacy and personal data protection strategies for DAS, you have again been engaged to develop a Personally Identifiable Information (PII) privacy and personal data protection strategy for the MyLicence portal.  You are to: Develop a Threat and Risk Assessment (TRA) for PII data for the MyLice.

1. Task
back to top
Scenario
The Department of Administrative Services (DAS) provides a
number of services to other departments in an Australian State
Government. These services include HR and personnel
management, payroll, contract tendering management,
contractor management, and procurement. These services have
all been provided from the Department’s own data centres.
As a result of a change in Government policy, DAS is moving to
a “Shared Services” approach. This approach will mean that
DAS will centralise a number of services for the whole of
Government (WofG). This means that each Department or
Agency that runs one of these services for its own users, will be
required to migrate its data to DAS so that it can be
consolidated into the DAS centralised database. DAS will then
provide these consolidated services to all other Departments and
Agencies within the Government.
The Government has now decided that they want to centralise
the application and renewal of licences from a number of
different agencies into one single portal. The portal will be
branded as MyLicence. The Government’s strategy is that the
process of licence application or renewal for virtually all
licences follows an almost identical workflow, even though
some of the data may differ for different types of licences.
Their aim is to have a single workflow for all licences, with
some additional steps in case of special requirements for a
particular type of licence.

2. The Government also sees the opportunity to gain a better view
of what licences each citizen holds, and wants to link that data
to other data that they hold about each citizen. In order to
achieve this, the Government plans to encourage citizens to
register on the MyLicence portal and create their own informal
digital identity. This will allow all the licences, renewal dates,
and other associated information for that digital identity to be
available for viewing on a single page. This data, particularly
when linked to a citizen’s digital identity, can then be used for
more effective planning and decision making by Government
and other public agencies.
The plan also has the advantage of simplifying the process of
acquiring and renewing licences for its citizens so that they
only need to go to a single web portal to acquire the licenses
that they require.
The Government proposes, in line with its “Cloud First” policy,
to use a public cloud provider to host the MyLicence portal,
processing and databases. The Government also wants to ensure
that all data remains on Australian soil so that it can ensure that
data sovereignty does not cause any issues with MyLicence.
Tasks
After your successful engagement to develop privacy and
personal data protection strategies for DAS, you have again
been engaged to develop a Personally Identifiable Information
(PII) privacy and personal data protection strategy for the
MyLicence portal.
You are to:
Develop a Threat and Risk Assessment (TRA) for PII data for

3. the MyLicence portal. This TRA should consider both the
privacy and data protection aspects of PII data in the portal. (30
marks)
Develop a PII strategy proposal for the DAS MyLicence portal.
The strategy should consider the threats and risks to both
Privacy and data protection for the PII data collected in the
MyLicence portal as well as possible controls to mitigate the
identified risks. (30 marks)
Develop a strategy to protect the informal Digital Identity that a
user may create in the MyLicence portal. You should consider
both the privacy and data protection aspects for a digital
identity as well as possible controls to mitigate the identified
risks. (40 marks)
Presentation
You are to submit the following documents to complete this
assessment:
A PowerPoint presentation that gives a comprehensive overview
of the three (3) tasks.
The presentation should be a maximum of 30 slides, including
introduction, conclusions and recommendations.
Each slide should have speaking notes in the Notes section
which expand on the information in the slide.
The slides should give refer to the additional information
contained in the appendices.

4. Images and quotations used in slides must be referenced on that
slide.
The slide deck does require a reference list. References are to
be included on a Reference list slide(s), but these are not
counted as part of the slide deck limit.
The TRA is to be attached in a separate Word document. The
TRA can be presented in tabular format, but must be in Word
format. This document title is to be:
Appendix A, TRA for MyLicence
.
The PII strategy is to be attached in a separate Word document.
This document should be fully referenced in APA 6th edition
format, and should not exceed 3 pages. This document title is to
be:
Appendix B: PII Strategy for MyLicence.
The Digital Identity is to be attached in a separate Word
document. This document should be fully referenced in APA 6th
edition format, and should not exceed 3 pages. This document
title is to be:
Appendix C: Digital Identity Strategy
.
All documents are to be submitted through Turnitin.
Rationale