Privacy Policy
We are committed to handling your personal information in accordance with the Privacy Act 1988 ('Privacy Act'). We are an 'APP entity' that must comply with the Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act. The Privacy Act and APPs regulates how we must collect, use, disclose and hold personal information, and how you may access and correct your personal information.
This privacy policy has been developed in accordance with APP 1. The purpose of this privacy policy is to explain:
- the personal information we collect, use and disclose
- how we collect, use, disclose and hold your personal information
- why we collect, use and disclose your personal information
- how you can access your personal information we hold and ask for the information to be corrected (if necessary)
- what you can do if you have a query, concern or complaint about our handling of your personal information.
This privacy policy also provides information about accessing information under the Freedom of Information Act 1982.
What personal information we collect and hold
We collect a broad range of personal information that is reasonably necessary for, or directly related to, our functions and activities under the Student Identifiers Act 2014.
Personal information we collect includes:
- full name
- preferred name
- mailing address which could be the physical/street address and/or postal address
- email address
- telephone numbers
- date of birth
- city or town of birth
- country of birth
- gender
- the services you have received or have asked about
- cookie and clickstream data (e.g. information about a website you have visited (We only collect some personal information from cookies and clickstream data, People who do not wish to receive cookies can turn this function off in their web browser)
- we temporarily hold transcript data for third parties to view
- answers to personal account security (check) questions
- data from previous revoked accounts
- details of identification (such as the state and number listed on a driver's license).
Where we hold a mailing address for a student, it may be a postal address rather than the physical/street address. Only the type of your identification document you have provided is stored, not the document itself.
We know that sometimes you might not want to give us your personal information. In some cases, you can remain anonymous or use a pseudonym. However, there are instances when without your personal information we will not be able to assist you, such as creating a USI for you.
For students who are undertaking Vocational Education & Training (VET) studies, the National Centre for Vocational Education and Research (NCVER) holds your training information, which is used to electronically create authenticated VET transcripts.
We do not hold or store the information received from the NCVER for this purpose.
How we collect your personal information
We collect your personal information in a few different ways. For example:
- directly from you, when you access and use our website and online systems
- indirectly from you when you use our website and online systems such as cookies and clickstream data
- when we or someone on our behalf talks to you on the telephone and in person such as through the contact centre or customer surveys
- in writing, for example by letter or via email
- when you apply, or someone on your behalf applies, for a USI.
We may also collect your personal information from other people (relevant third parties), including:
- other government agencies
- law enforcement agencies
- education or training providers
- entities that provide services to us
- individuals who assist you in creating a USI.
We will usually collect your personal information directly from you. However, we may collect your personal information from a third party if:
- you consent (including where you have authorised an entity under Section 9 of the Student Identifiers Act to apply for a USI on your behalf)
- we are required or authorised to collect the information by or under an Australian law, or a court or tribunal order
- it is unreasonable or impractical for us to collect personal information directly from you.
When we collect personal information, we are required under the APPs to notify you of:
- the purposes for which we collect the information
- whether the collection is required or authorised by law
- any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our forms and website.
Personal information is sometimes provided to us without us having requested it. This is called ‘unsolicited personal information.’ When we receive unsolicited personal information we will consider if we could have collected the information if we asked for it and if so, we will follow the Privacy Act in handling that information. If we determine that we could not have collected the information, subject to the requirements of the Archives Act 1983, we will destroy or de-identify the information.
Why we collect, use and disclose your personal information
We collect, use and disclose your personal information for a variety of different purposes relating to our functions and activities under the Student Identifiers Act, to:
- identify you
- process your application for a USI
- verify and or assign a USI
- resolve problems with a USI
- create an authenticated VET transcript
- provide services to you and to send system generated notifications to you
- answer questions, and provide information or advice about existing and new services
- give you access to protected areas of our website
- assess how our website is working and to make it work better
- conduct business processing functions
- update our records and keep your contact details up to date
- process and respond to any complaint you make.
There are some circumstances in which we are permitted to use or disclose personal information for another purpose, such as where a permitted general situation exists as set out in section 16A of the Privacy Act (e.g., to lessen or prevent a serious threat to life, health or safety).
For additional information regarding use or disclosure of personal information, please refer to the Office of the Australian Information Commissioner APP 6 Guideline.
Likely secondary purposes for which we may use or disclose your personal information include (but is not limited to):
- conduct planning, service and policy development; program evaluation; complaints handling; quality control and assurance
- to conduct research
- to investigate fraud or misconduct
- give information to our contractors or service providers to allow them to assist in providing our services to you
- administer our obligations under legislation, for example in relation to freedom of information and privacy.
Who we may disclose your personal information to
We may disclose your personal information to several authorised organisations, departments, regulators and other persons where it is reasonably necessary for the purposes of performing functions or exercising powers
Detailed information about the use of your information can be found in Division 5 - Collection, use or disclosure of student identifiers of the Student Identifiers Act 2014.
Disclosure of personal information overseas
Sometimes, we may disclose your personal information to third parties who are located overseas. Situations in which this may occur will usually be limited to circumstances where you authorise us to do so.
Before disclosing your personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information, unless at least one of the following applies:
- the recipient is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement
- you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure the overseas recipient does not breach the APPs
- a permitted general situation exists as set out in section 16A of the Privacy Act (e.g. to lessen or prevent a serious threat to life, health or safety)
- disclosure is required or authorised by or under an Australian law, a court or tribunal order, or an international agreement relating to information sharing to which Australia is a party
- disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.
If you would like further information regarding this, including to find out which countries’ (if any) recipients your personal information has been given to are located, please contact us at PolicyDataCompliance@usi.gov.au.
Security and storage
We take all reasonable steps to ensure your personal information in our possession is protected from:
- misuse, interference and loss
- unauthorised access, modification or disclosure.
We may keep your information in either electronic or hard copy form, including cloud storage. Storage of personal information (and the disposal of information when no longer required for business purposes) is managed in accordance with the Archives Act 1983.
Electronic and paper records containing personal information are protected in accordance with the Australian Government security policies including the Attorney-General’s Department Protective Security Policy Framework.
Our website might link to websites that belong to third parties. We do not know about the privacy practices of any third-party websites, and we are not responsible for the privacy policies or the information on any third-party websites. Third party websites should tell you about their own privacy practices. We encourage you to look at each third-party website’s privacy policy.
If you are worried about the security of your personal information, please contact us at PolicyDataCompliance@usi.gov.au.
How you can access and correct your personal information
Subject to certain exceptions, you have a right under the Privacy Act to access personal information we hold about you and to request corrections of your personal information if you think the information is inaccurate, out of date, incomplete, irrelevant or misleading (for example, updating your contact details). We will investigate your request and take any reasonable steps to correct the information, having regard to the purpose for which it is held.
You can ask to see any personal information we have about you at any time. If you can see the information, we will tell you how to do this. You do not have to pay to get your personal information or for any changes you ask us to make to your information.
Sometimes we cannot give you access to the personal information we hold. If that happens, within 30 days after we receive your request, we will write and tell you why we cannot give you access. We will also tell you how you can complain if you are not happy with our decision.
We will let you know the outcome of your request, how we made the decision and how to ask us to reconsider our decision if you do not agree.
What to do if you think your privacy was breached
If you think your privacy has been breached please complete a privacy incident form. Privacy complaints are dealt with under our Privacy Policy.
We will be in contact with you to discuss your privacy concerns once we receive your enquiry.
If you are not happy with the outcome of the investigation into your privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC website tells you how to make a complaint to the OAIC.
Privacy Impact Assessment
The Privacy (Australian Government Agencies – Governance) APP Code 2017 commenced on 1 July 2018 and requires agencies to conduct privacy impact assessments (PIAs) for all ‘high privacy risk’ projects.
A PIA is a systematic assessment of an activity or function that identifies the impact that the activity of function might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
A high-risk privacy project is one that involves new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
Privacy Impact Assessment Register
Our Privacy Impact Assessment (PIA) register has been prepared in accordance with section 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017.
Completed PIAs
Title | Completed |
---|---|
Unique Student Identifier I | June 2012 |
Unique Student Identifier II | November 2012 |
Unique Student Identifier III | August 2013 |
Authenticated VET transcripts | March 2018 |
Third party access to authenticated VET transcripts | October 2019 |
Parent led model and automation of forms | September 2023 |
Schools Unique Student Identifier (Schools USI) | April 2024 |
Freedom of Information
The Freedom of Information Act 1982 (FOI Act) gives you the right to request access to government-held information. This includes information we hold about you.
What you can access under FOI
You can request access to a document held by an Australia Government agency or minister, such as:
- a document that contains your personal information
- a policy-making document
- an administrative decision-making document.
You can also ask an agency or minister to amend or annotate the personal information they hold about you.
What you can’t access under FOI
You can’t access a document an Australian Government agency or minister holds that is:
- exempt under the FOI Act
- conditionally exempt under the FOI Act
- accessible to the public under other arrangements for a fee.
You can’t access a document held by an agency exempt from the FOI Act.
For further information regarding the FOI process, refer to the Office of the Australian Information Commissioner website.
If you would like to access documents under the FOI, your application must:
- be in writing
- state that you’re requesting access to information under the FOI Act
- state the document(s) you want, giving enough information as it reasonably necessary for us to identify the document(s)
- give an address or email address where we can send you the document/s.
You don’t need to give any reasons why you want the information.
Email your request to: PolicyDataCompliance@usi.gov.au or via post to:
Attention: Policy, Data & Compliance
Office of the Student Identifiers Registrar
GPO Box 9828
Adelaide SA 5001
Australia
Changes to our privacy policy
We might sometimes change this privacy policy. If we do, we will share the new version on our website.
This privacy policy was last reviewed on 13 September 2022