We are committed to ensuring the proper handling of your personal information in accordance with the Privacy Act 1988 ('Privacy Act'). We are an 'APP entity' that must comply with the Australian Privacy Principles (APPs) which are set out in Schedule 1 of the Privacy Act. The Privacy Act and APPs regulates how entities must collect, use, disclose and hold personal information, and how people may access and correct their personal information.  

The privacy policy has been developed in accordance with APP 1, and the purpose of this privacy policy is to explain: 

• what kinds of personal information we collect, use and disclose 

• how we collect, use, disclose and hold your personal information 

• the purposes for which we collect, use and disclose your personal information 

• how you can access your personal information held by us and seek correction of that information (if necessary) 

• what you can do if you have a query, concern or complaint regarding our handling of your personal information. 

The privacy policy also provides information about accessing information under the Freedom of Information Act 1982. 

What personal information we collect and hold

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: 

• whether the information or opinion is true or not 

• whether the information or opinion is recorded in a material form or not. 

We collect a broad range of personal information that is reasonably necessary for, or directly related to, our functions and activities, including our role under the Student Identifiers Act 2014 . 

Personal information we collect may include and hold (but is not limited) to the following: 

• full name 

• preferred name 

• mailing address which could be the physical/street address and/or postal address 

• email address 

• telephone numbers 

• date of birth 

• city or town of birth 

• country of birth

• gender 

• what services you have obtained or which you have asked about 

• cookie and clickstream data (eg information about the websites a person has visited)
  
  We only collect some personal information from cookies and clickstream data and people who do not wish to receive cookies can turn this function off on their web browser

• we temporarily hold transcript data for third party viewing

• answers to personal account security (check) questions

• data from previous revoked accounts

• details of identification (such as the state and number listed on a driver's license).

• any other information we need to deliver services to you and to respond to your questions. 

Where we hold a mailing address for a student, it may be a postal address rather than the physical/street address. Only the type of your identification documents will be stored indefinitely.

We know that sometimes you might not want to give your personal information to us. In some cases, you will be able to remain anonymous or use a pseudonym, however, there will be occasions where it is impracticable for you to remain anonymous or use a pseudonym.  

For example, without your personal information, we may not be able to provide you the services you want. We normally ask for your identity so that we can reply to your request and carry out our roles and activities. 

For students who are undertaking Vocational Education & Training (VET) studies, the National Centre for Vocational Education and Research (NCVER) holds your training information, which is used to electronically create authenticated VET transcripts.  

We do not hold or store the information received from the NCVER for this purpose. 

How we collect your personal information 

We collect your personal information in a few different ways. For example: 

• directly from you, when you access and use our website and online systems 

• indirectly from you when you use our website and online systems such as cookies and clickstream data 

• when we or someone on our behalf talks to you on the telephone and in person such as  through the contact centre or customer surveys 

• in writing, for example by letter or via email 

• when you apply, or someone on your behalf applies, for a USI. 

We may also collect your personal information from other people (relevant third parties), including: 

• other government agencies 

• law enforcement agencies 

• education or training providers 

• entities that provide services to us 

• individuals who assist you in creating a USI. 

We will usually collect your personal information directly from you. However, we may collect your personal information from a third party if: 

• you consent (including where you have authorised an entity under Section 9 of the Student Identifiers Act to apply for a USI on your behalf) 

• we are required or authorised to collect the information by or under an Australian law, or a court or tribunal order 

• it is unreasonable or impractical for us to collect personal information directly from you. 

When we collect personal information, we are required under the APPs to notify you of several matters. These include: 

• the purposes for which we collect the information 

• whether the collection is required or authorised by law 

• any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our forms and website. 

Personal information is sometimes provided to us without us having requested it. This is called ‘unsolicited personal information.’ When we receive unsolicited personal information we will consider if we could have collected the information if we asked for it and if so, we will follow the Privacy Act in handling that information. If we determine that we could not have collected the information, subject to the requirements of the Archives Act 1983, we will destroy or de-identify the information. 

Why we collect, use and disclose your personal information 

We collect, use and disclose your personal information for a variety of different purposes relating to our functions and activities, including our role under the Student Identifiers Act, to: 

• identify you 

• process your application for a USI 

• verify and or assign a USI 

• resolve problems with a USI 

• create an authenticated VET transcript 

• provide services to you and to send system generated notifications to you 

• answer questions, and provide information or advice about existing and new services 

• give you access to protected areas of our website 

• assess how our website is working and to make it work better 

• conduct business processing functions 

• update our records and keep your contact details up to date 

• process and respond to any complaint you make. 

We will usually only use or disclose your personal information for the purpose for which it was collected, which you would be notified of at the time your information is collected.  

There are some circumstances in which we are permitted to use or disclose personal information for another purpose, such as where a permitted general situation exists as set out in section 16A of the Privacy Act (e.g. to lessen or prevent a serious threat to life, health or safety).  

For additional information regarding use or disclosure of personal information, please refer to the Office of the Australian Information Commissioner APP 6 Guideline. 

Likely secondary purposes for which we may use or disclose your personal information include (but is not limited to): 

• conduct planning, service and policy development; program evaluation; complaints handling; quality control and assurance 

• to conduct research 

• to investigate fraud or misconduct 

• give information to our contractors or service providers to allow them to assist in providing our services to you 

• administer our obligations under legislation, for example in relation to freedom of information and privacy. 

Who we may disclose your personal information to 

We may disclose your personal information to several authorised organisations, departments, regulators and other persons where it is reasonably necessary for the purposes of performing functions or exercising powers 

Detailed information about the use of your information can be found in Division 5 - Collection, use or disclosure of student identifiers of the Student Identifiers Act 2014. 

Disclosure of personal information overseas 

Sometimes, we may disclose your personal information to third parties who are located overseas. Situations in which this may occur will usually be limited to circumstances where you authorise us to do so. 

Before disclosing your personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information, unless at least one of the following applies: 

• the recipient is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement 

• you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure the overseas recipient does not breach the APPs 

• a permitted general situation exists as set out in section 16A of the Privacy Act (e.g. to lessen or prevent a serious threat to life, health or safety) 

• disclosure is required or authorised by or under an Australian law, a court or tribunal order, or an international agreement relating to information sharing to which Australia is a party 

• disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions. 

It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances. 

If you would like further information regarding this, including to find out which countries’ (if any) recipients your personal information has been given to are located, please contact us at BusinessStrategy@usi.gov.au 

Security and storage 

We take all reasonable steps to ensure your personal information in our possession is protected from: 

• misuse, interference and loss 

• unauthorised access, modification or disclosure. 

We may keep your information in either electronic or hard copy form, including cloud storage. Storage of personal information (and the disposal of information when no longer required for business purposes) is managed in accordance with the Archives Act 1983. 

Electronic and paper records containing personal information are protected in accordance with the Australian Government security policies including the Attorney-General’s Department Protective Security Policy Framework. 

Our website might link to websites that belong to third parties. We do not know about the privacy practices of any third-party websites and we are not responsible for the privacy policies or the information on any third-party websites. Third party websites should tell you about their own privacy practices. We encourage you to look at each third-party website’s privacy policy. 

If you are worried about the security of your personal information, please contact us at BusinessStrategy@usi.gov.au. 

How you can access and correct your personal information 

Subject to certain exceptions, you have a right under the Privacy Act to access personal information we hold about you and to request corrections of any of your personal information if you think the information is inaccurate, out of date, incomplete, irrelevant or misleading (for example, updating your contact details).  

We recommend that you keep your details up to date. 

You can ask to see any personal information we have about you at any time. If you can see the information, we will tell you how to do this. You do not have to pay to get your personal information or for any changes you ask us to make to your information. 

Sometimes we cannot give you access to the personal information we hold. If that happens, within 30 days after we receive your request, we will write and tell you why we cannot give you access. We will also tell you how you can complain if you are not happy with our decision. 

You can ask us to correct the personal information we have about you if you think that personal information is inaccurate, out of date, incomplete, irrelevant or misleading. We will investigate your request and take any reasonable steps in the circumstances to correct the information, having regard to the purpose for which it is held.  

We will also write to you and let you know the outcome of your request, and where your request for correction has been refused, we will also tell you how we made the decision and how to ask for our decision to be reconsidered if you do not agree with us. 

What to do if you think your privacy was breached 

If you think your privacy has been breached please complete a privacy incident form. Privacy complaints are dealt with under our Privacy Policy. 

We will be in contact with you to discuss your privacy concerns once we receive your enquiry. 

If you are not happy with the outcome of the investigation into your privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC website tells you how to make a complaint to the OAIC. 

Privacy Impact Assessment 

The Privacy (Australian Government Agencies – Governance) APP Code 2017 commenced on 1 July 2018 and requires agencies to conduct privacy impact assessments (PIAs) for all ‘high privacy risk’ projects.  

A PIA is a systematic assessment of an activity or function that identifies the impact that the activity of function might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.  

A high-risk privacy project is one that involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals. 

Privacy Impact Assessment Register 

Our Privacy Impact Assessment (PIA) register has been prepared in accordance with section 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017. 

Completed PIAs 

Title	Completed
Unique Student Identifier I	June 2012
Unique Student Identifier II	November 2012
Unique Student Identifier III	August 2013
Authenticated VET transcripts	March 2018
Third party access to authenticated VET transcripts	October 2019

Freedom of Information 

The Freedom of Information Act 1982  (FOI Act) gives you the right to request access to government-held information. This includes information we hold about you. 

What you can access under FOI 

You can request access to a document held by an Australia Government agency or minister, such as: 

• a document that contains your personal information 

• a policy-making document 

• an administrative decision-making document. 

You can also ask an agency or minister to amend or annotate the personal information they hold about you. 

What you can’t access under FOI 

You can’t access a document an Australian Government agency or minister holds that is: 

• exempt under the FOI Act 

• conditionally exempt under the FOI Act 

• accessible to the public under other arrangements for a fee. 

You can’t access a document held by an agency exempt from the FOI Act. 

For further information regarding the FOI process, refer to the Office of the Australian Information Commissioner website. 

If you would like to access documents under the FOI, your application must: 

• be in writing 

• state that you’re requesting access to information under the FOI Act 

• state the document(s) you want, giving enough information as it reasonably necessary for us to identify the document(s) 

• give an address or email address where we can send you the document/s. 

You don’t need to give any reasons why you want the information. 

Email your request to: businessstrategy@usi.gov.au or via post to: 

Attention: Business Strategy 
Office of the Student Identifiers Registrar 
GPO Box 9880 
Adelaide SA 5001 
Australia 

Changes to our privacy policy 

We might sometimes change this privacy policy. If we do, we will share the new version on our website. 

This privacy policy was last reviewed on 28 September 2020 

We are committed to maintaining the privacy of all personal information given to us and our practices protect the privacy of your information and act in your best interests. You have a right to know how we collect, use and disclose personal information and that it remains accurate, confidential and secure.

Privacy as the default 

• privacy by design is embedded in our business practices and in the design and architecture of its systems
• business processes and system initiatives, revisions, or upgrades will be consistent and compliant with mandatory requirements, including the Australian Privacy Principles and associated policies 
• third party entities authorised under the Student Identifiers legislative framework to collect and use USIs must meet the privacy requirements of the Student Identifiers legislative framework.

Transparent and Visible

We:

• give individuals reasonable notice of information, policies and practices for collecting, using, disclosing, retaining and disposing of personal information
• expect entities authorised to collect, use and disclose information about individuals under the Student Identifiers legislative framework to publish privacy notices clearly informing individuals about the purposes and scope of information collected.

Accountable

We:

• maintain a compliance program of regular audits, reviews and assessments of access (by our staff and other authorised entities) of our operations and systems
• monitor and keep adequate records of compliance efforts, privacy infringements and breaches.

Care and diligence

We:

• handle any requests or complaints with care and diligence
• appropriately destroy personal information in accordance with the student identifiers legislative framework and any Australian Government retention requirements
• keep personal information in a way to protect it from misuse, interference and loss and from unauthorised access, modification or disclosure and always in accordance with mandatory requirements.

Respectful

We:

• respect the privacy and rights of all individuals in all aspects of business and treat all personal and sensitive data as confidential 
• adequately inform Individuals about the processing of their personal data, their rights and access to that data.

Ethical

We will act with integrity in:

• dealing with personal and sensitive information and data that is collected, used or disclosed in the assignment and verification of USIs or as a result of the Transcript Service
• collecting, using, disclosing, and retaining only the minimum amount of information about individuals as necessary for the specified purpose.

Find out more

• Privacy policy
• Our privacy obligations

The information you provide through the USI application process: 

• is collected by the Student Identifiers Registrar for a number of purposes 
• may be disclosed to a number of organisations, departments, regulators and other persons where it is reasonably necessary for the purposes of performing functions or exercising powers 
• will not otherwise be disclosed without their consent unless authorised or required by or under law. 

Detailed information on the use of your information can be found in Division 5 - Collection, use or disclosure of student identifiers of the Student Identifiers Act 2014 and in our Privacy Policy 

Privacy policies and complaints 

Students can find out more about how the Student Identifiers Registrar collects, uses and discloses their personal information: 

• in the Student Identifiers Registrar’s Privacy Policy  
• by emailing the Registrar  
• by calling 1300 857 536 or from outside Australia +61 2 6240 8740

The Student Identifiers Registrar’s Privacy Policy contains information about: 

• how students can access and seek correction of the personal information held about them 
• how to make a complaint about a breach of privacy by the Registrar in connection with the USI 
• how complaints are handled 

The student can also make a complaint to the Information Commissioner about an interference with privacy pursuant to the Privacy Act 1988. This includes the misuse or interference of or unauthorised collection, use, access, modification or disclosure of USIs. 

These entities may apply for a USI on behalf of a student under sub-section 9(2) of the Student Identifiers Act 2014: 

• Registered Training Organisations (RTO) 
   
• VET admission bodies 
   
• registered Higher Education Providers 
   
• Tertiary Admission Centres 

If your organisation is eligible, you are required to give the student a privacy notice explaining how their personal information will be used. 

Privacy notice for your students 

To help you meet this requirement, we have developed a Privacy Notice you can give to students. 

Privacy text to include in enrolment forms 

Use the following suggested text in your enrolment forms to: 

• seek authorisation to apply for a USI on behalf of a student 
   
• advise students of their privacy rights and requirements 

Privacy text for RTO enrolment forms 

From 1 January 2015, we [insert RTO name] can be prevented from issuing you with a nationally recognised VET qualification or statement of attainment when you complete your course if you do not have a Unique Student Identifier (USI).  Get your USI now at www.usi.gov.au/create-your-USI/ 

If you would like us [insert RTO name] to apply for a USI on your behalf you must authorise us to do so and declare that you have read the suggested text for inclusion in enrolment form. 

I [NAME] …………………………………………………………………………………………..authorise 

[insert RTO name]…………………………………………………………………………………. to apply pursuant to sub-section 9(2) of the Student Identifiers Act 2014, for a USI on my behalf. I have read and I consent to the collection, use and disclosure of my personal information as outlined by the Student Identifiers Registrar. 

[SIGNATURE]                               [DATE] 

Privacy text for higher education enrolment forms 

By 2023, all higher education students will need to have a USI if they expect to receive their award in 2023 or beyond. This includes all students who started before 2021, as well as, all international onshore students. Get your USI now at www.usi.gov.au/create-your-USI/ 

If you would like us [Higher Education Provider or Tertiary Admission Centre] to apply for a USI on your behalf you must authorise us to do so and declare that you have read the relevant privacy information.  

 I [NAME] …………………………………………………………………………………………..authorise 

[insert HEP or TAC name]…………………………………………………………………………………. to apply pursuant to sub-section 9(2) of the Student Identifiers Act 2014, for a USI on my behalf. I have read and I consent to the collection, use and disclosure of my personal information pursuant to the information detailed within the Privacy Notice. 

[SIGNATURE]                               [DATE] 

Relevant privacy legislation 

If you are an Australian Privacy Principle (APP) entity bound by the Privacy Act 1988 or an entity bound by State or Territory Privacy legislation:  

• consider whether your organisation is bound by any privacy legislation and what your obligations would be under this legislation 
   
• seek independent legal advice about your privacy obligations

If your organisation contravenes sections 11, 16 or 17 of the Student Identifiers Act 2014, then pursuant to section 23 of the Act:  

• your organisation will be considered to be an APP entity bound by the Privacy Act 1988 
   
• the contravention may be subject to investigation by the Information Commissioner 

Where your organisation is bound by Commonwealth or State or Territory Privacy legislation, you may need to tell students how their information is stored and protected, such as:  

• secure server at the education or training provider 
   
• third-party server in the cloud 
   
• if hard-copy – in a locked file/cupboard