If your organisation applies for a USI on behalf of a student, you are required first to give to that student a privacy notice that seeks their permission.

The text contained in the Privacy Notice, which you are able to download and incorporate in your student information, is intended to assist your organisation in meeting this requirement.

If your organisation wishes to include information on the USI in your enrolment form and obtain a student’s authorisation for your training organisation to apply for a USI on their behalf, we have suggested text which you can use.

Organisations should also note the following:

• You may be an Australian Privacy Principle (APP) entity bound by the Privacy Act 1988 or an entity bound by State or Territory Privacy legislation. Please consider whether your organisation is bound by any privacy legislation and if so, what your organisations obligations under such legislation would be. You should seek independent legal advice as to what your privacy obligations may be.

• Please note, in addition to the above, if your organisation contravenes sections 11, 16 or 17 of the Student Identifiers Act 2014, then pursuant to section 23 of the Student Identifiers Act 2014, your organisation will be considered to be an APP entity bound by the Privacy Act 1988 and the contravention may be subject to investigation by the Information Commissioner.

• Where your organisation is bound by Commonwealth or State or Territory Privacy legislation, your organisation may need to provide students, either in connection with applying for the USI on their behalf or more generally as part of the enrolment information, advice about how the student’s information is stored and protected, such as for example secure server at the Registered Training Organisation, third-party server in the cloud, or if hard-copy, in a locked file/cupboard.