• Architecture of government

    Support digital transformation by aligning to the digital direction of government.

  • The Beta version of digital.gov.au incorporates new design elements, components and widgets to simplify user experience and improve digital communications. This is an open, transparent test to encourage user input.  

    Tell us what you think and help us make it better.

  • test

    content test

     

    dfs

    ffdsfdsfsfd

  • Explore the Digital Inclusion Standard

    • Content type
      Select a content type to filter by
    • Topics
      Select a topic to filter by.
    • Title
      Enter a keyword within the title

  • The digital.gov.au website is managed by the Digital Transformation Agency (DTA). In most instances, the DTA Privacy Officer will be the first point of contact for any queries, requests or issues relating to the site.

  • A privacy-by-design approach is built into digital.gov.au using best practice to comply with the Privacy Act. This approach embeds the latest security requirements, while providing for a fast, intuitive and inclusive user experience for all.

    This summary sets out key points about how digital.gov.au handles the collection of information, including personal or sensitive information.  

    Note: no information will be requested or published that is classified above Official Sensitive.

    When any information is collected, held, used, disclosed or stored, it is done so in accordance with the:

    More information can be found in the DTA's main privacy policy.

    Collection

    digital.gov.au may collect or hold personal information that is reasonably necessary for, or directly related to, the performance of its functions and activities. This may include your name, phone number, email and address and information about your interactions with the site through our services or the pages you visit.

    Note: Personal information will usually be collected directly from you, unless there is an exception in the Privacy Act that permits digital.gov.au to collect personal information from a third party.

    Site feedback

    There is the opportunity to make enquiries or provide feedback, commentary and comments throughout the site. This drive improvements and new features. No personal or identifying information is required from you to participate.

    Site interactions

    Some data may be collected that includes details about your interactions with digital.gov.au, site features or the pages you visit, for example Google Analytics, the Custom Satisfaction Tool, and so on. This is collected as de-identified information, with no capacity to trace the interactions back to you.

    Storage and protection

    All information received by the DTA is held in secure online systems. Physical access to our offices is restricted and limited to authorised personnel only. Staff have access to personal information on a need-to-know basis only.

    When personal information no longer needs to be retained as part of a Commonwealth record, it is generally destroyed in accordance with the Archives Act 1983.

    Use and disclosure

    Your personal information will primarily be used and disclosed for the purpose for which it was collected, unless you give your consent.

    However, there may be a requirement to use or disclose your personal information for another purpose in certain circumstances.

    For example, if required or permitted by law or for a purpose related to, or directly related to, the purpose of collection where you would reasonably expect that this to occur.

    Sometimes your personal information will be passed to other government agencies or organisations such as the Australian Taxation Office or Department of Home Affairs, including overseas governments or organisations, for the purpose of assisting with your enquiry or application.

    Access and correction

    You can request access to, or correction of, your personal information by contacting digital.gov.au using the details below.

    All request for access or correction will be actioned quickly, unless there is a sound reason under law to refuse.

    If your personal information is not corrected, reasonable steps will be taken to associate a statement with your file upon request.

    Complaints

    Your privacy is taken seriously. All efforts have been made to protect your personal information.

    To make a complaint about how your personal information is handled, please contact digital.gov.au using the details below.

    How to contact us

    • Telephone: 02 6120 8595 
    • Emailprivacy@dta.gov.au
    • Mail: Privacy Officer
      Digital Transformation Agency,
      PO Box 457
      Canberra City
      ACT 2601

    Privacy Impact Assessments

    The Australian Government Agencies Privacy Code requires agencies to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.

    Currently there are no projects associated with this site, that have required a PIA. If this should occur in the future, it will be captured on this page as part of a digital.gov.au Register of Privacy Impact Assessments.

    A PIA is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals. It sets out recommendations for managing, minimising or eliminating that impact.

    PIAs assess a project’s risk of non-compliance with privacy legislation and identifies controls to mitigate the risk. A PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to consider the broader privacy implications and risks, including whether the planned use of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives.

  • Historical training

    To get a copy of the following historical training, contact observatory@dta.gov.au

    • Google Analytics Privacy and Security Refresher
    • Google Cloud Platform Products
    • Future proofing for Google Analytics 4
    • Setting up your GA4 Report Library
    • Deep Dive into GA4 Reporting & Visualisations
    • Google Analytics 4 Event Tracking
    • Migrating Looker reports to GA4
    • Overview of Google Tag Manager
    • Campaign (UTM) Tracking in GA4
    • Deep dive into Looker Studio
    • What's new in GA4
    • Universal analytics data export

    Monthly training

    Find out more about monthly training and register for an upcoming event, visit Eventbrite.  

    Google training 

    Google offers a range of free training courses and certification programs from beginner to advanced levels.   
      
    Visit Google Marketing Platform Academy, Skill Shop and Google Cloud Courses to find out more.  

  • Managing Data Deletion Requests

    Why would you need to delete data?

    GA & your responsibilities

    • Managing accounts, properties, user access and data. It is a requirement under the Observatory Terms of Service to regularly review accounts and properties.
    • Ensuring that information captured in Google Analytics is not personally identifiable and that all employees and contractors comply with the Australian Privacy Principles and obligations under the Privacy Act 1988 (Cth).
    • Following the Observatory Terms of Service, Google Analytics Terms of Service and Google Cloud Platform Terms of Service information relating to privacy.
    • Undertaking an independent privacy threshold / impact assessment.
    • Compliance with the Information Security Manual (ISM), which includes not storing personal or sensitive information on Google Analytics or Google Cloud Platform Services, and protecting information from cyber threats.
    • Google is constantly changing and while we do our best to keep you informed, it is your responsibility to monitor for product, privacy and security updates which may impact your privacy and security assessments and agency risk tolerance.

    What is PII and where it can show up in GA4

    PII is any information that could be used on its own to directly identify, contact, or precisely locate an individual. This includes:

    • Email addresses
    • Mailing addresses
    • Phone numbers
    • Precise locations (such as GPS coordinates)
    • Full names or usernames

    PII may also include other types of information that are considered personal or sensitive under the Australian Privacy Act, such as:

    • A person’s name, signature, home address, email address, telephone number, personal IP address, date of birth
    • Health information, bank account details, credit information and employment details
    • Sensitive information’ (includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information)

    Why you should care:

    • You are obligated to comply with the Privacy Act, as previously discussed, and to protect user privacy
    • Google policies mandate that no data be passed to Google that Google could use or recognise as PII
    • Continued collection of PII data in a GA4 property can result in suspension and/or permanent deletion of that property by Google
    • As such, it’s crucial you regularly check your property for PII and delete any data that may contain it

    In GA4, PII may occur in:

    • Page URLs and titles
    • Campaign (UTM) dimensions (e.g. Source, Medium, Keyword, Campaign, Content, Term)
    • Site search dimensions
    • Event dimensions (e.g. Event Name and Event Parameters)
    • Any other fields where users can input information, and this is sent to GA4
    • Custom dimensions, if using
    • User IDs, if using
    • Data imports, if using

    As GA4 records all URLs visited by users, it will also record URLs that potentially have PII in them. This can happen on forms, or any sections of a website where the user is required to provide information. If the user submits PII such as their email address, name, etc. as part of a form submission, site search, and so on, that data may be sent to GA4 (within a page URL, an event or custom dimension, and so on). While on-site design features and GA configurations can be used to limit such vulnerabilities, individual agency Privacy Notices should clearly outline the type of data that could be collected, and also call out any potential inadvertent mechanisms for data collection.

    How to access the data deletion feature and what are the prerequisites?

    To access the data deletion feature in GA4, you need to have Editor or Admin access to the property. You can check your access level by going to Admin > Data Deletion Requests. If the option is greyed out, you do not have the required access level.

    If you have the required access level, you can click on Data Deletion Requests and then click on Schedule Data Deletion Request to start the process.

    How to make a data deletion request step-by-step

    There are four steps to make a data deletion request in GA4:

    1. Select the deletion type
    2. Select the deletion range
    3. Select the deletion filter
    4. Confirm the data deletion request

    Let’s go through each step in detail.

     

  • Step 1: Select the deletion type

    This is where you need to specify what type of data you want to delete from your GA4 property. There are four options to choose from:

    • Delete all parameters on all events
    • Delete all registered parameters on selected events
    • Delete all selected parameters on all events
    • Delete selected registered parameters on selected events
    • Delete selected user properties

    To understand these options, you need to have a basic understanding of the GA4 data structure, which consists of events and event parameters, and users and user properties.

    Events and event parameters

    Events are any user action on your site/app that is tracked in GA4. These can include page views, link clicks, downloads, video plays, or form submissions, and more. Event parameters are additional information that is associated with each event, such as the page title, page URL, link URL, engagement time, etc. For example, a page_view event fires each time a page is viewed on your site, and it may have parameters such as page_location, page_referrer, and page_title.

    Users and user properties

    Users are individual people who visit your site/app and are tracked in GA4. User properties are attributes that describe each user, such as their country, browser, language, device category, etc. For example, a user may have a user property of country with a value of Australia. User properties can also be customised to capture specific information about your users, such as their preferences, interests, or behaviours.

    Deletion type options

    Depending on what type of data you want to delete, you can choose one of the following options:

    • Delete all parameters on all events: This option will remove all the event parameters from all the events in your GA4 property. This means you will lose all the context and details about the events that happened on your site/app. You will only know how many events of each type occurred, but not any other information about them. This option is not recommended unless you want to delete all your data.
    • Delete all registered parameters on selected events: This option will remove all the event parameters from the events that you select in your GA4 property. This means you will lose all the context and details about the selected events that happened on your site/app. You will only know how many events of the selected types occurred, but not any other information about them. This option may be useful if you want to delete data from specific events that are not relevant or useful for your analysis.
    • Delete all selected parameters on all events: This option will remove the event parameters that you select from all the events in your GA4 property. This means you will lose some of the context and details about all the events that happened on your site/app. You will still know how many events of each type occurred, and some information about them, but not the information that is contained in the selected parameters. This option is recommended if you want to delete data that may contain PII or other unwanted data, such as page URLs, link URLs, site search terms, etc.
    • Delete selected registered parameters on selected events: This option will remove the event parameters that you select from the events that you select in your GA4 property. This means you will lose some of the context and details about the selected events that happened on your site/app. You will still know how many events of the selected types occurred, and some information about them, but not the information that is contained in the selected parameters. This option may be useful if you want to delete data that is specific to certain events, such as custom dimensions, custom parameters, etc.
    • Delete selected user properties: This option will remove the user properties that you select from all the users in your GA4 property. This means you will lose some of the attributes that describe your users, such as their country, browser, language, device category, etc. You will still know how many users visited your site/app, and some information about them, but not the information that is contained in the selected user properties. This option may be useful if you want to delete data that may contain PII or other unwanted data, such as user IDs, custom user properties, etc.
    Off
  • Step 2: Select the deletion range

    This is where you need to specify the time range for the data deletion request. You can choose a start date and an end date for the deletion, or select all time to delete all the data in your GA4 property. The time range must be within the data retention period of your GA4 property, which is usually 14 months by default. You can check your data retention settings by going to Admin > Data Settings > Data Retention.

    Off
  • Step 3: Select the deletion filter

    This is where you need to specify the filter for the data deletion request. You can choose to delete data from all streams in your GA4 property, or select specific streams to delete data from. Streams are the sources of data that are sent to your GA4 property, such as your website, app, or Firebase project. You can check your streams by going to Admin > Data Streams.

    If you choose to delete data from specific streams, you can also apply additional filters to narrow down the data deletion request. You can filter by:

    • Event name: The name of the event that you want to delete data from, such as page_view, click, scroll, etc.
    • Event parameter name: The name of the event parameter that you want to delete data from, such as page_location, link_url, engagement_time_msec, etc.
    • Event parameter value: The value of the event parameter that you want to delete data from, such as [URL], mailto:info@example.com, 3000, etc.
    • User property name: The name of the user property that you want to delete data from, such as country, browser, language, device_category, etc.
    • User property value: The value of the user property that you want to delete data from, such as Australia, Chrome, English, desktop, etc.

    You can use the filter operators to match the exact value, or use the contains, starts with, or ends with operators to match partial values. You can also use the and/or operators to combine multiple filters.

    Off
  • Step 4: Confirm the data deletion request

    Once you have selected the deletion type, range, and filter, you can click on Schedule Request to confirm the data deletion request. You will see a confirmation message that shows the details of your request and warns you that the data deletion is irreversible. You will also see a note that you have one week to review and cancel the data deletion request before it is permanent. Click on Confirm Data Deletion to proceed.

    Off

  • How to preview and cancel data deletion requests

    After you have confirmed the data deletion request, you can go back to the Data Deletion Requests page and see the status of your request. You will see a list of all the data deletion requests that you have made, and their status, such as:

    • Preview active: This means that the data deletion request is in the seven-day grace period, and you can preview the effect of the request on your reports before it is permanent. You can also cancel the request during this period.
    • Deletion in progress: This means that the data deletion request is being processed and the data is being removed from your GA4 property. You cannot cancel the request during this period.
    • Deletion completed: This means that the data deletion request has been completed and the data has been removed from your GA4 property. You cannot undo the request after this period.

    To preview the effect of a data deletion request, you can click on the Preview Active status and then click on Preview Request. You will be taken to the Analysis Hub, where you can see how the data deletion request will affect your reports. You can compare the data before and after the deletion, and check if the data that you want to delete is removed as intended. You can also use the Analysis Hub to create custom reports and analyses to preview the data deletion request.

    To cancel a data deletion request, you can click on the Preview Active status and then click on Cancel Request. You will see a confirmation message that asks you to confirm the cancellation. Click on Confirm Cancellation to proceed. You will see a message that says that the data deletion request has been cancelled and the data will not be deleted from your GA4 property.

    Best practice tips for data deletion and data quality

    Data deletion is a useful feature to remove unwanted data from your GA4 property, but it should not be the only way to ensure data quality and privacy. Here are some best practice tips to help you manage your data in GA4:

    • Regularly check your GA4 property for PII or other unwanted data, and delete it as soon as possible. You can use the Analysis Hub to create custom reports and analyses to identify PII or other unwanted data in your GA4 property.
    • Sanitise the tracking of forms and other data points on your website to ensure that any personal information submitted is either redacted or substituted before it is sent to GA4. You can use Google Tag Manager or other methods to modify the data before sending it to GA4.
    • Review your GA4 configuration and implementation to ensure that you are not collecting or sending any PII or other unwanted data to GA4. You can use the Debug View or the Tag Assistant to check the data that is being sent to GA4.
    • Review your GA4 account and property settings to ensure that you are following the best practices for data retention, data sharing, user access, and user consent. You can use the Admin section to check and update your settings.
    • Review your agency Privacy Notice and Terms of Service to ensure that they are clear and transparent about the type of data that you collect and use, and the potential mechanisms for data collection. You can also provide users with options to opt out of data collection or request data deletion.

     

  • This is a beta website. Tell us what you think.

  • Observatory news: July 2024 

  • Post-UA sunset!

  • Starting July 1, 2023, standard Universal Analytics properties stopped processing data. You'll be able to see your Universal Analytics reports for a period of time after July 1, 2023. However, new data will only flow into Google Analytics 4 properties.

    We hope agencies successfully extracted all their data before the UA sunset on June 30th and that the transition to GA4 is running smoothly.

    The new GA4 offers enhanced features such as improved event tracking, deeper insights and more robust cross-platform reporting capabilities. We encourage all users to fully explore GA4’s functionalities to drive more informed decision-making.

    What’s new in Google Analytics?

    Troubleshoot tag issues with Tag Diagnostics

    You can use the Tag Diagnostics tool to find and fix issues with your website’s tags, ensuring your data collection is accurate. You can access the Tag Diagnostics tool from the Google Tag sections of both Google Ads and Google Analytics, and through Google Tag Manager.

    Troubleshoot tag issues with Tag Diagnostics - Analytics Help (google.com)

    Key event rate metrics in user acquisitions and traffic acquisitions

    Google have updated the default user acquisition and traffic acquisition reports to include the user key event rate and session key event rate metrics If you've included these reports in your report navigation, you will see these key event rate metrics in the reports automatically.

    Learn more about the key event rate metrics

    Future training

    Using the comparisons feature in GA4 for Government: 10:30am Wed, 24 July.

    The 2024 Eventbrite training collection can be accessed at 2024 Observatory Training. 

    As always, if you have any requests for upcoming trainings, please send these through to observatory@dta.gov.au

  • Observatory news: May 2024 

  • Primary Observatory contact Kylie Lawrence

  • Observatory administrators 

    Effective from 6 May 2024, Kylie Lawrence will be your primary contact supported by Sasha Pan during peak periods. Please continue to direct any enquiries or support requests through observatory@dta.gov.au.

    Observatory website changes 

    The DTA website is currently undergoing a review with some changes expected to Observatory training content on the Observatory News page: Observatory News in the coming weeks. Copies of training will remain available by request via email to observatory@dta.gov.au
    Here is an overview of historical training for your records: 

    2024

    • 31 January 2024: Back to basics with Google Analytics 4 and Tag Manager
    • 14 February 2024: Privacy and Security Training
    • 28 February 2024: Google Analytics for Government
    • 20 March 2024: Tracking 404 Errors with Google Analytics 4 and Tag Manager 
    • 10 April 2024: Refresher: Universal Analytics Data Export
    • 24 April 2024: Tidying Acquisition Data with Custom Channel Groupings in GA4

    2023

    • Google Analytics Privacy and Security Refresher
    • Google Cloud Platform Products
    • Future proofing for Google Analytics 4
    • Setting up your GA4 Report Library
    • Deep Dive into GA4 Reporting & Visualisations
    • Google Analytics 4 Event Tracking
    • Migrating Looker reports to GA4
    • Overview of Google Tag Manager
    • Campaign (UTM) Tracking in GA4
    • Deep dive into Looker Studio
    • What's new in GA4
    • Universal analytics data export

    National Archives of Australia advice regarding Universal Analytics sunset

    Some of you may have seen this advice from Tatiana Antsoupova through the data and digital profession late yesterday however thought I would re-share just in case. 

    The National Archives of Australia has published the following advice on disposal of Universal Analytics data. 

    Google's Universal Analytics data to be decommissioned

    Many Australian Government agencies use Google Analytics data to monitor, track and report on the performance of their websites.

    Google Universal Analytics data for Australian Government agency websites that is created, retained and made available by Google on its servers as a service, is considered a Commonwealth record and must be managed as such.

    On 1 July 2023 Google's Universal Analytics product ceased collecting new data, when Google Analytics 4 succeeded it as the primary analytics platform. While this data currently remains accessible, agencies should be aware that on 1 July 2024 Google will be removing user access to the data previously collected by its Universal Analytics product. Agencies that do not export and download their Universal Analytics data before 1 July 2024 will lose access to it and it will be deleted by Google. This may place agencies in breach of the Archives Act 1983 for unlawful destruction of Commonwealth records, if the Universal Analytics data is destroyed before reaching the minimum approved retention period.

    Agencies are advised to identify any Google Universal Analytics data that may exist for their websites as a matter of urgency, and where necessary export and download this data for capture into their corporate recordkeeping system (eg EDRMS) where it can be retained and managed for as long as it is required.
     
    Universal Analytics data is essentially a website traffic/usage log that provides the source data used to generate periodic statistical website usage reports. These periodic reports often provide the best evidence of website usage and where they are retained as the primary record there is less likely to be an ongoing need to retain the source analytics data- which can potentially be treated as a supporting record facilitating the creation of the periodic report.

    Agencies should undertake a risk assessment of their Universal Analytics data to determine how long it will be required to be retained to meet business needs and identify ongoing evidential value – such as if it is required to conduct in-depth analysis of website traffic or to provide evidence to support audits of website usage reports.

    Where analytics data does not record information about access or change to data, it may be eligible for disposal in accordance with an agency's Normal Administrative Practice (NAP) Policy (as a facilitative record supporting the creation of periodic reports) and destroyed when no longer required to meet business and evidentiary purposes.

    If you determine that the analytics data is required to be retained, then it will need to be exported and captured into the agency corporate recordkeeping system so that the data is accessible and can be revisited in the future and sentenced in accordance with an appropriate class in AFDA Express Version 2 or the applicable agency-specific records authority. For example, where analytics data has been downloaded and used by the agency to support a business activity, such as the creation of a periodic report or other business outputs, it will need to be kept for the minimum retention period applicable to the business activity to which it relates.

    Upcoming Training

    The 2024 Eventbrite training collection can be accessed by clicking on this link: 2024 Observatory Training.  

    If you have any requests for upcoming trainings, please send these through to observatory@dta.gov.au

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession