Protection of your privacy
The USI scheme has been designed to protect the privacy of individual USI account holders in a number of ways:
- only minimal personal information is retained in the USI Registry System
- individuals have control over access to their USI account
- the USI can be collected, used and disclosed only if permitted by law or authorised by the individual
Safeguarding your personal information
The USI application process requires individuals to provide some personal information, such as name, date and place of birth and contact details, as well as some items of information from a form of ID. This information is required in order to determine the identity of the individual and to ensure that the USI which is assigned is unique to that individual. This information may be disclosed for the purpose set out in the Terms and Conditions.
The USI Registry System, which is managed by the Student Identifiers Registrar (the Registrar), only retains information about the name, date and place of birth and contact details of the individual, as well as an indication of the type of document that was used to create the USI. The USI Registry System does not retain any of the details from the ID used to create a USI.
Similarly, where the individual has authorised another entity to create a USI on their behalf, typically a training organisation, that entity is required by law to destroy the personal information collected solely for that purpose as soon as possible after the USI application has been made or it is no longer needed for that purpose. The only exception to this requirement is where the entity that applies for a USI is required under or by another law to retain the information.
Another important privacy safeguard is the separation of the personal details of individual USI account holders, which are stored in the USI Registry System, from the records of the training undertaken by individuals, which is stored in the data collection maintained by the National Centre for Vocational Education and Research (NCVER). The USI is the link between the USI Registry System and the NCVER data collection which enables individuals to obtain a consolidated transcript of all the nationally recognised training they have undertaken after obtaining a USI.
Role of the Student Identifiers Registrar
The Registrar is also bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), which regulates how agencies collect, use, disclose and store personal information and how individuals may access and correct records containing their personal information.
Who can access a USI Account?
A key principle of the USI scheme is that individuals have control over who has access to their USI account.
The USI can be created by the individual concerned by providing the required information. Alternatively, individuals can authorise another entity to do so on their behalf. This means that a USI can be created only by the individual or by others with the individual’s express authorisation.
The USI account includes a ‘Manage Permissions’ function which allows individuals to grant one or more organisations permission to view their USI account or update their personal and contact details.
If an individual gives permission to an organisation to their USI account they can also choose:
- if they can see both personal and contact information
- just personal information and NOT contact information
- for how long a training organisation may see records and results
In addition, the individual can change or remove any permission at any time. Whenever updates to a USI account are made the individual is informed via the contact details in their USI account that a change has been made and of the entity that made it.
Collection, use and disclosure of the USI
The Student Identifiers Act 2014 (the Act) prevents anyone other than the individual from collecting, using or disclosing the USI without the express or implied consent of the individual unless this is permitted by the Act.
The purposes permitted by the Act include:
- to enable the Registrar to perform his or her functions;
- for research related to education or training, where the purposes of the research meets the requirements specified by the Industry and Skills Council of Ministers;
- for law enforcement purposes or in case of unlawful activities; or
- as authorised by the Student Identifiers Regulation 2014 (the Regulation).
The Regulation authorises various entities concerned with the delivery, funding, development, regulation or administration of training and the preparation of statistics relating to training, such as schools, registered training organisations, regulatory authorities, Commonwealth or state and territory agencies, to collect, use and disclose the USI for several specific purposes. A key objective of the Regulation is to enable the day to day delivery of vocational education and training.
The Act requires that any entity which has an individual’s USI must protect it from misuse, interference and loss or unauthorised access, modification and disclosure. The Act also states that the individual cannot consent to another party using the USI as their own identifier of the individual, such as on a student card issued by a training organisation. This is so that the USI is not misused or disclosed in an unauthorised way.
Role of the Information Commissioner
The Act gives the Information Commissioner the power to investigate breaches of individuals’ privacy arising from failure to destroy information collected for the purpose of applying for a USI when required; failure to protect USI records; or the unauthorised collection, use or disclosure of USIs. The Act also gives the Information Commissioner the power to assess if the Registrar is maintaining or handling USIs in accordance with the requirements of the Act. The Information Commissioner can impose a range of sanctions against anyone in breach of these laws.
Individuals who have a genuine personal objection to being assigned a USI will be able to apply for an exemption to the Student Identifiers Registrar.
Protecting your computer
To protect your computer you should:
- install and activate security software on your computer.
- ensure your security software includes anti-virus, anti-spyware, firewall and anti-spam filter.
- run regular scans of your computer for viruses.
- remember to update your security software to ensure you are always running the current version.
Other steps you should take help protect your computer include:
- check your Internet browser’s security settings for ways to make your browsing more secure.
- do not open email attachments if you do not know the sender.
- only download files from reputable Internet sites.
- be wary when exchanging files with colleagues or friends.
- never click on hyperlinks in emails received from unknown sources.
Protecting your password
To protect your personal details and privacy you should:
- never share your password with anyone.
- never send your password via email.
- make your password as strong as possible.
- change it periodically.
Report any suspicious or unauthorised activity
If you see any suspicious or unauthorised activity relating to your USI account please contact the USI Office immediately by email firstname.lastname@example.org or phone on 1300 857 536.