Privacy
The Student Identifiers Act 2014 and the Privacy Act 1988 protects your privacy.
How your privacy is protected:
- USI data collection and use may occur only with account holder consent or as authorised by law
- the USI Registry System keeps minimal personal information
- students control access to their USI account.
Privacy Values
Learn more about our Privacy Values.
USI Privacy Policy
Learn more about our Privacy Policy
Privacy Obligations
Learn more about our Privacy Obligations
Privacy information for students
How to protect your USI account privacy
There are several ways you can protect your personal information:
- install security software on your computer
- don’t open email attachments from unknown senders
- be careful exchanging files with people you work with or friends
- only provide necessary personal information when completing online forms (you can skip fields marked as optional)
- never share or email your password
- make your password as strong as possible
- change your password regularly
- report suspicious activity to us
For more information about privacy, visit the Office of the Australian Information Commissioner.
The Student Identifiers Registrar’s Privacy Policy explains how:
- to access and correct personal information
- to make a breach of privacy complaint
- privacy complaints are handled.
Privacy notice: education or training providers applying for USI on behalf of student
Before an education or training provider applies for a USI on behalf of a student, they’re required under the Student Identifiers Registrar’s terms and conditions to give you a Privacy Notice explaining how your personal information will be used.
Student USI exemptions
If you have a genuine personal objection to being assigned a USI, you can apply for an exemption to the Student Identifiers Registrar.
How your personal information is used
The USI application process requires personal information, including:
- your name
- date and place of birth
- gender
- contact details
- a form of identification.
This information is to confirm your identity and ensure your USI is unique.
Your information may be disclosed for the purposes set out in our terms and conditions.
The USI Registry System only keeps information about your name, date and place of birth, gender, contact details and the type of identification provided.
The USI Registry System doesn’t retain details from the ID used to create your USI.
If you’ve authorised a third party to create a USI on your behalf, typically an education or training provider, they’re required by law to destroy your personal information as soon as possible after making the USI application.
Protecting your computer
To protect your computer:
- install security software that includes anti-virus, anti-spyware, firewall and anti-spam filters
- regularly scan your computer for viruses
- always run the current version of your security software.
Other steps you can take to protect your computer:
- check your internet browser’s security settings for ways to make your browsing more secure
- don’t open email attachments from unknown senders
- only download files from trusted websites
- be careful exchanging files with colleagues or friends
- never click on links in emails from unknown sources.
Protecting your password
To protect your personal details and privacy:
- never share your password
- never send your password via email
- make your password as strong as possible
- change it regularly.
Sharing your USI and VET transcript
Read about providing your VET transcript to your training organisations.
Privacy information for education or training providers
Education or training providers applying for a USI on behalf of an individual must give them a privacy notice explaining how their personal information will be used.
The Student Identifiers Registrar
The Registrar is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988.
The Act regulates how agencies collect, use, disclose, and store personal information and how people can access and correct their records and information.
The Student Identifiers Registrar’s Privacy Policy explains how information is protected, how to make a complaint about a breach of privacy, and how complaints are handled.
The Information Commissioner
The Act gives the Information Commissioner the power to investigate privacy breaches resulting from:
- failure to destroy information collected during the USI application process
- failure to protect USI records
- unauthorised collection, use, or disclosure of USIs.
The Act also gives the Information Commissioner the power to assess if the Registrar is properly maintaining or handling USIs.
The Information Commissioner can impose sanctions against anyone in breach of these laws.
Account security
A key principle of the USI initiative is that people control access to their USI account.
The USI can be created by an individual or they can authorise a third party to create one on their behalf.
The Provide your USI option includes a ‘Set up access to your USI account/permissions' function.
This allows people to give training and other authorised organisations permission to view their USI account and VET transcript or update their details.
Permission can be changed or cancelled at any time.
When updates to a USI account are made, the account owner is informed via their preferred contact method.
USI collection, use, and disclosure
The Student Identifiers Act 2014 (the Act) prevents anyone other than the USI account owner from collecting, using or disclosing USI information without consent unless permitted by the Act.
Purposes permitted by the Act include:
- enabling the Registrar to perform their functions
- research related to education or training that meets requirements specified by the Ministerial Council
- law enforcement purposes or in case of unlawful activities
- as authorised by the Student Identifiers Act 2014 (the Act).
The Act authorises various third parties to collect, use, and disclose USI data concerned with:
- delivery
- funding
- development
- regulation or administration of training
- preparation of statistics relating to training such as schools, registered training organisations, regulatory authorities, Commonwealth or state and territory agencies.
The Act requires third parties protect USI information from misuse, interference and loss or unauthorised access, modification, and disclosure.
The Act also states a USI account holder can’t consent to another party using their USI for any purpose.