Explore the Digital Inclusion Standard
Showing 1 - 5 of 5
The Digital Transformation Agency's Guidance for AI proof of concept to scale.
A privacy-by-design approach is built into digital.gov.au using best practice to comply with the Privacy Act. This approach embeds the latest security requirements, while providing for a fast, intuitive and inclusive user experience for all.
This summary sets out key points about how digital.gov.au handles the collection of information, including personal or sensitive information.
Note: no information will be requested or published that is classified above Official Sensitive.
When any information is collected, held, used, disclosed or stored, it is done so in accordance with the:
- Privacy Act 1988 (Cth) (Privacy Act)
- Australian Privacy Principles (APPs)
- Privacy (Australian Government Agencies – Governance) APP Code 2017 (the Code).
More information can be found in the DTA's main privacy policy.
Collection
digital.gov.au may collect or hold personal information that is reasonably necessary for, or directly related to, the performance of its functions and activities. This may include your name, phone number, email and address and information about your interactions with the site through our services or the pages you visit.
Note: Personal information will usually be collected directly from you, unless there is an exception in the Privacy Act that permits digital.gov.au to collect personal information from a third party.
Site feedback
There is the opportunity to make enquiries or provide feedback, commentary and comments throughout the site. This drive improvements and new features. No personal or identifying information is required from you to participate.
Site interactions
Some data may be collected that includes details about your interactions with digital.gov.au, site features or the pages you visit, for example Google Analytics, the Custom Satisfaction Tool, and so on. This is collected as de-identified information, with no capacity to trace the interactions back to you.
Storage and protection
All information received by the DTA is held in secure online systems. Physical access to our offices is restricted and limited to authorised personnel only. Staff have access to personal information on a need-to-know basis only.
When personal information no longer needs to be retained as part of a Commonwealth record, it is generally destroyed in accordance with the Archives Act 1983.
Use and disclosure
Your personal information will primarily be used and disclosed for the purpose for which it was collected, unless you give your consent.
However, there may be a requirement to use or disclose your personal information for another purpose in certain circumstances.
For example, if required or permitted by law or for a purpose related to, or directly related to, the purpose of collection where you would reasonably expect that this to occur.
Sometimes your personal information will be passed to other government agencies or organisations such as the Australian Taxation Office or Department of Home Affairs, including overseas governments or organisations, for the purpose of assisting with your enquiry or application.
Access and correction
You can request access to, or correction of, your personal information by contacting digital.gov.au using the details below.
All request for access or correction will be actioned quickly, unless there is a sound reason under law to refuse.
If your personal information is not corrected, reasonable steps will be taken to associate a statement with your file upon request.
Complaints
Your privacy is taken seriously. All efforts have been made to protect your personal information.
To make a complaint about how your personal information is handled, please contact digital.gov.au using the details below.
How to contact us
- Telephone: 02 6120 8595
- Email: privacy@dta.gov.au
- Mail: Privacy Officer
Digital Transformation Agency,
PO Box 457
Canberra City
ACT 2601
Privacy Impact Assessments
The Australian Government Agencies Privacy Code requires agencies to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.
Currently there are no projects associated with this site, that have required a PIA. If this should occur in the future, it will be captured on this page as part of a digital.gov.au Register of Privacy Impact Assessments.
A PIA is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals. It sets out recommendations for managing, minimising or eliminating that impact.
PIAs assess a project’s risk of non-compliance with privacy legislation and identifies controls to mitigate the risk. A PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to consider the broader privacy implications and risks, including whether the planned use of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives.
Historical training
To get a copy of the following historical training, contact observatory@dta.gov.au:
- Google Analytics Privacy and Security Refresher
- Google Cloud Platform Products
- Future proofing for Google Analytics 4
- Setting up your GA4 Report Library
- Deep Dive into GA4 Reporting & Visualisations
- Google Analytics 4 Event Tracking
- Migrating Looker reports to GA4
- Overview of Google Tag Manager
- Campaign (UTM) Tracking in GA4
- Deep dive into Looker Studio
- What's new in GA4
- Universal analytics data export
Monthly training
Find out more about monthly training and register for an upcoming event, visit Eventbrite.
Google training
Google offers a range of free training courses and certification programs from beginner to advanced levels.
Visit Google Marketing Platform Academy, Skill Shop and Google Cloud Courses to find out more.
Managing Data Deletion Requests
Why would you need to delete data?
GA & your responsibilities
- Managing accounts, properties, user access and data. It is a requirement under the Observatory Terms of Service to regularly review accounts and properties.
- Ensuring that information captured in Google Analytics is not personally identifiable and that all employees and contractors comply with the Australian Privacy Principles and obligations under the Privacy Act 1988 (Cth).
- Following the Observatory Terms of Service, Google Analytics Terms of Service and Google Cloud Platform Terms of Service information relating to privacy.
- Undertaking an independent privacy threshold / impact assessment.
- Compliance with the Information Security Manual (ISM), which includes not storing personal or sensitive information on Google Analytics or Google Cloud Platform Services, and protecting information from cyber threats.
- Google is constantly changing and while we do our best to keep you informed, it is your responsibility to monitor for product, privacy and security updates which may impact your privacy and security assessments and agency risk tolerance.
What is PII and where it can show up in GA4
PII is any information that could be used on its own to directly identify, contact, or precisely locate an individual. This includes:
- Email addresses
- Mailing addresses
- Phone numbers
- Precise locations (such as GPS coordinates)
- Full names or usernames
PII may also include other types of information that are considered personal or sensitive under the Australian Privacy Act, such as:
- A person’s name, signature, home address, email address, telephone number, personal IP address, date of birth
- Health information, bank account details, credit information and employment details
- Sensitive information’ (includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information)
Why you should care:
- You are obligated to comply with the Privacy Act, as previously discussed, and to protect user privacy
- Google policies mandate that no data be passed to Google that Google could use or recognise as PII
- Continued collection of PII data in a GA4 property can result in suspension and/or permanent deletion of that property by Google
- As such, it’s crucial you regularly check your property for PII and delete any data that may contain it
In GA4, PII may occur in:
- Page URLs and titles
- Campaign (UTM) dimensions (e.g. Source, Medium, Keyword, Campaign, Content, Term)
- Site search dimensions
- Event dimensions (e.g. Event Name and Event Parameters)
- Any other fields where users can input information, and this is sent to GA4
- Custom dimensions, if using
- User IDs, if using
- Data imports, if using
As GA4 records all URLs visited by users, it will also record URLs that potentially have PII in them. This can happen on forms, or any sections of a website where the user is required to provide information. If the user submits PII such as their email address, name, etc. as part of a form submission, site search, and so on, that data may be sent to GA4 (within a page URL, an event or custom dimension, and so on). While on-site design features and GA configurations can be used to limit such vulnerabilities, individual agency Privacy Notices should clearly outline the type of data that could be collected, and also call out any potential inadvertent mechanisms for data collection.
How to access the data deletion feature and what are the prerequisites?
To access the data deletion feature in GA4, you need to have Editor or Admin access to the property. You can check your access level by going to Admin > Data Deletion Requests. If the option is greyed out, you do not have the required access level.
If you have the required access level, you can click on Data Deletion Requests and then click on Schedule Data Deletion Request to start the process.
How to make a data deletion request step-by-step
There are four steps to make a data deletion request in GA4:
- Select the deletion type
- Select the deletion range
- Select the deletion filter
- Confirm the data deletion request
Let’s go through each step in detail.
Step 1: Select the deletion type
This is where you need to specify what type of data you want to delete from your GA4 property. There are four options to choose from:
- Delete all parameters on all events
- Delete all registered parameters on selected events
- Delete all selected parameters on all events
- Delete selected registered parameters on selected events
- Delete selected user properties
To understand these options, you need to have a basic understanding of the GA4 data structure, which consists of events and event parameters, and users and user properties.
Events and event parameters
Events are any user action on your site/app that is tracked in GA4. These can include page views, link clicks, downloads, video plays, or form submissions, and more. Event parameters are additional information that is associated with each event, such as the page title, page URL, link URL, engagement time, etc. For example, a page_view event fires each time a page is viewed on your site, and it may have parameters such as page_location, page_referrer, and page_title.
Users and user properties
Users are individual people who visit your site/app and are tracked in GA4. User properties are attributes that describe each user, such as their country, browser, language, device category, etc. For example, a user may have a user property of country with a value of Australia. User properties can also be customised to capture specific information about your users, such as their preferences, interests, or behaviours.
Deletion type options
Depending on what type of data you want to delete, you can choose one of the following options:
- Delete all parameters on all events: This option will remove all the event parameters from all the events in your GA4 property. This means you will lose all the context and details about the events that happened on your site/app. You will only know how many events of each type occurred, but not any other information about them. This option is not recommended unless you want to delete all your data.
- Delete all registered parameters on selected events: This option will remove all the event parameters from the events that you select in your GA4 property. This means you will lose all the context and details about the selected events that happened on your site/app. You will only know how many events of the selected types occurred, but not any other information about them. This option may be useful if you want to delete data from specific events that are not relevant or useful for your analysis.
- Delete all selected parameters on all events: This option will remove the event parameters that you select from all the events in your GA4 property. This means you will lose some of the context and details about all the events that happened on your site/app. You will still know how many events of each type occurred, and some information about them, but not the information that is contained in the selected parameters. This option is recommended if you want to delete data that may contain PII or other unwanted data, such as page URLs, link URLs, site search terms, etc.
- Delete selected registered parameters on selected events: This option will remove the event parameters that you select from the events that you select in your GA4 property. This means you will lose some of the context and details about the selected events that happened on your site/app. You will still know how many events of the selected types occurred, and some information about them, but not the information that is contained in the selected parameters. This option may be useful if you want to delete data that is specific to certain events, such as custom dimensions, custom parameters, etc.
- Delete selected user properties: This option will remove the user properties that you select from all the users in your GA4 property. This means you will lose some of the attributes that describe your users, such as their country, browser, language, device category, etc. You will still know how many users visited your site/app, and some information about them, but not the information that is contained in the selected user properties. This option may be useful if you want to delete data that may contain PII or other unwanted data, such as user IDs, custom user properties, etc.
Step 2: Select the deletion range
This is where you need to specify the time range for the data deletion request. You can choose a start date and an end date for the deletion, or select all time to delete all the data in your GA4 property. The time range must be within the data retention period of your GA4 property, which is usually 14 months by default. You can check your data retention settings by going to Admin > Data Settings > Data Retention.
Off
Step 3: Select the deletion filter
This is where you need to specify the filter for the data deletion request. You can choose to delete data from all streams in your GA4 property, or select specific streams to delete data from. Streams are the sources of data that are sent to your GA4 property, such as your website, app, or Firebase project. You can check your streams by going to Admin > Data Streams.
If you choose to delete data from specific streams, you can also apply additional filters to narrow down the data deletion request. You can filter by:
- Event name: The name of the event that you want to delete data from, such as page_view, click, scroll, etc.
- Event parameter name: The name of the event parameter that you want to delete data from, such as page_location, link_url, engagement_time_msec, etc.
- Event parameter value: The value of the event parameter that you want to delete data from, such as [URL], mailto:info@example.com, 3000, etc.
- User property name: The name of the user property that you want to delete data from, such as country, browser, language, device_category, etc.
- User property value: The value of the user property that you want to delete data from, such as Australia, Chrome, English, desktop, etc.
You can use the filter operators to match the exact value, or use the contains, starts with, or ends with operators to match partial values. You can also use the and/or operators to combine multiple filters.
Off
Step 4: Confirm the data deletion request
Once you have selected the deletion type, range, and filter, you can click on Schedule Request to confirm the data deletion request. You will see a confirmation message that shows the details of your request and warns you that the data deletion is irreversible. You will also see a note that you have one week to review and cancel the data deletion request before it is permanent. Click on Confirm Data Deletion to proceed.
OffHow to preview and cancel data deletion requests
After you have confirmed the data deletion request, you can go back to the Data Deletion Requests page and see the status of your request. You will see a list of all the data deletion requests that you have made, and their status, such as:
- Preview active: This means that the data deletion request is in the seven-day grace period, and you can preview the effect of the request on your reports before it is permanent. You can also cancel the request during this period.
- Deletion in progress: This means that the data deletion request is being processed and the data is being removed from your GA4 property. You cannot cancel the request during this period.
- Deletion completed: This means that the data deletion request has been completed and the data has been removed from your GA4 property. You cannot undo the request after this period.
To preview the effect of a data deletion request, you can click on the Preview Active status and then click on Preview Request. You will be taken to the Analysis Hub, where you can see how the data deletion request will affect your reports. You can compare the data before and after the deletion, and check if the data that you want to delete is removed as intended. You can also use the Analysis Hub to create custom reports and analyses to preview the data deletion request.
To cancel a data deletion request, you can click on the Preview Active status and then click on Cancel Request. You will see a confirmation message that asks you to confirm the cancellation. Click on Confirm Cancellation to proceed. You will see a message that says that the data deletion request has been cancelled and the data will not be deleted from your GA4 property.
Best practice tips for data deletion and data quality
Data deletion is a useful feature to remove unwanted data from your GA4 property, but it should not be the only way to ensure data quality and privacy. Here are some best practice tips to help you manage your data in GA4:
- Regularly check your GA4 property for PII or other unwanted data, and delete it as soon as possible. You can use the Analysis Hub to create custom reports and analyses to identify PII or other unwanted data in your GA4 property.
- Sanitise the tracking of forms and other data points on your website to ensure that any personal information submitted is either redacted or substituted before it is sent to GA4. You can use Google Tag Manager or other methods to modify the data before sending it to GA4.
- Review your GA4 configuration and implementation to ensure that you are not collecting or sending any PII or other unwanted data to GA4. You can use the Debug View or the Tag Assistant to check the data that is being sent to GA4.
- Review your GA4 account and property settings to ensure that you are following the best practices for data retention, data sharing, user access, and user consent. You can use the Admin section to check and update your settings.
- Review your agency Privacy Notice and Terms of Service to ensure that they are clear and transparent about the type of data that you collect and use, and the potential mechanisms for data collection. You can also provide users with options to opt out of data collection or request data deletion.
This is a beta website. Tell us what you think.
Observatory news: July 2024
Starting July 1, 2023, standard Universal Analytics properties stopped processing data. You'll be able to see your Universal Analytics reports for a period of time after July 1, 2023. However, new data will only flow into Google Analytics 4 properties.
We hope agencies successfully extracted all their data before the UA sunset on June 30th and that the transition to GA4 is running smoothly.
The new GA4 offers enhanced features such as improved event tracking, deeper insights and more robust cross-platform reporting capabilities. We encourage all users to fully explore GA4’s functionalities to drive more informed decision-making.
What’s new in Google Analytics?
Troubleshoot tag issues with Tag Diagnostics
You can use the Tag Diagnostics tool to find and fix issues with your website’s tags, ensuring your data collection is accurate. You can access the Tag Diagnostics tool from the Google Tag sections of both Google Ads and Google Analytics, and through Google Tag Manager.
Troubleshoot tag issues with Tag Diagnostics - Analytics Help (google.com)
Key event rate metrics in user acquisitions and traffic acquisitions
Google have updated the default user acquisition and traffic acquisition reports to include the user key event rate and session key event rate metrics If you've included these reports in your report navigation, you will see these key event rate metrics in the reports automatically.
Learn more about the key event rate metrics
Future training
Using the comparisons feature in GA4 for Government: 10:30am Wed, 24 July.
The 2024 Eventbrite training collection can be accessed at 2024 Observatory Training.
As always, if you have any requests for upcoming trainings, please send these through to observatory@dta.gov.au.
Observatory news: May 2024
Observatory administrators
Effective from 6 May 2024, Kylie Lawrence will be your primary contact supported by Sasha Pan during peak periods. Please continue to direct any enquiries or support requests through observatory@dta.gov.au.
Observatory website changes
The DTA website is currently undergoing a review with some changes expected to Observatory training content on the Observatory News page: Observatory News in the coming weeks. Copies of training will remain available by request via email to observatory@dta.gov.au.
Here is an overview of historical training for your records:
2024
- 31 January 2024: Back to basics with Google Analytics 4 and Tag Manager
- 14 February 2024: Privacy and Security Training
- 28 February 2024: Google Analytics for Government
- 20 March 2024: Tracking 404 Errors with Google Analytics 4 and Tag Manager
- 10 April 2024: Refresher: Universal Analytics Data Export
- 24 April 2024: Tidying Acquisition Data with Custom Channel Groupings in GA4
2023
- Google Analytics Privacy and Security Refresher
- Google Cloud Platform Products
- Future proofing for Google Analytics 4
- Setting up your GA4 Report Library
- Deep Dive into GA4 Reporting & Visualisations
- Google Analytics 4 Event Tracking
- Migrating Looker reports to GA4
- Overview of Google Tag Manager
- Campaign (UTM) Tracking in GA4
- Deep dive into Looker Studio
- What's new in GA4
- Universal analytics data export
National Archives of Australia advice regarding Universal Analytics sunset
Some of you may have seen this advice from Tatiana Antsoupova through the data and digital profession late yesterday however thought I would re-share just in case.
The National Archives of Australia has published the following advice on disposal of Universal Analytics data.
Google's Universal Analytics data to be decommissioned
Many Australian Government agencies use Google Analytics data to monitor, track and report on the performance of their websites.
Google Universal Analytics data for Australian Government agency websites that is created, retained and made available by Google on its servers as a service, is considered a Commonwealth record and must be managed as such.
On 1 July 2023 Google's Universal Analytics product ceased collecting new data, when Google Analytics 4 succeeded it as the primary analytics platform. While this data currently remains accessible, agencies should be aware that on 1 July 2024 Google will be removing user access to the data previously collected by its Universal Analytics product. Agencies that do not export and download their Universal Analytics data before 1 July 2024 will lose access to it and it will be deleted by Google. This may place agencies in breach of the Archives Act 1983 for unlawful destruction of Commonwealth records, if the Universal Analytics data is destroyed before reaching the minimum approved retention period.
Agencies are advised to identify any Google Universal Analytics data that may exist for their websites as a matter of urgency, and where necessary export and download this data for capture into their corporate recordkeeping system (eg EDRMS) where it can be retained and managed for as long as it is required.
Universal Analytics data is essentially a website traffic/usage log that provides the source data used to generate periodic statistical website usage reports. These periodic reports often provide the best evidence of website usage and where they are retained as the primary record there is less likely to be an ongoing need to retain the source analytics data- which can potentially be treated as a supporting record facilitating the creation of the periodic report.
Agencies should undertake a risk assessment of their Universal Analytics data to determine how long it will be required to be retained to meet business needs and identify ongoing evidential value – such as if it is required to conduct in-depth analysis of website traffic or to provide evidence to support audits of website usage reports.
Where analytics data does not record information about access or change to data, it may be eligible for disposal in accordance with an agency's Normal Administrative Practice (NAP) Policy (as a facilitative record supporting the creation of periodic reports) and destroyed when no longer required to meet business and evidentiary purposes.
If you determine that the analytics data is required to be retained, then it will need to be exported and captured into the agency corporate recordkeeping system so that the data is accessible and can be revisited in the future and sentenced in accordance with an appropriate class in AFDA Express Version 2 or the applicable agency-specific records authority. For example, where analytics data has been downloaded and used by the agency to support a business activity, such as the creation of a periodic report or other business outputs, it will need to be kept for the minimum retention period applicable to the business activity to which it relates.
Upcoming Training
The 2024 Eventbrite training collection can be accessed by clicking on this link: 2024 Observatory Training.
If you have any requests for upcoming trainings, please send these through to observatory@dta.gov.au.
Observatory news: January 2024
Thank you for a wonderful year of learning together
As we reflect on 2023, the Observatory team and Jellyfish want to express our gratitude to each and every one of you who made our Google Analytics training webinars and drop-in sessions a success, turning our virtual gatherings into vibrant hubs of learning and collaboration.
Together, through 13 virtual training sessions, 4 drop-in sessions and countless GA4 discussions, we delved into the intricacies of Google Analytics, Google Tag Manager, Looker Studio and beyond, exploring new features that elevated our collective understanding of how web analytics can be leveraged for government.
As we reflect on the milestones we achieved together, we look forward to the continued growth that 2024 promises. You’ll find a round-up of the training delivered within this document, and we look forward to further exploring the exciting possibilities of Google Analytics with you over the next 12 months.
The 2024 Eventbrite training collection can be accessed by clicking on this link: