|
Where am I now? Lawlink > privacynsw > NSW Privacy Laws > S41 Privacy Direction relating to the Document Verification Service-BDM
|
Print page
|
S41 Privacy Direction relating to the Document Verification Service-BDM
Privacy Direction relating to the Document Verification Service - NSW Registry of Births Deaths and Marriages
Privacy and Personal Information
Protection Act 1998
This is a direction under section 41(1) of the Privacy and Personal Information Protection Act 1998. It should be read in conjunctions with that Act.
Interpretation
In this Direction:
"DVS" means Document Verification Service.
"DVS Hub Manager" means the Agency engaged by the Commonwealth Attorney General's Department to co-ordinate the routing between Issuer Agencies and User Agencies of any verification requests made pursuant to the DVS;
"Issuer Agency" means an agency which:
(i) issues POI Documents; and
(ii) which participates in the DVS by supplying information verifying its Identifying Documents, through the DVS Hub Manager, to User Agencies.
"Personal Information" has the same meaning as in s. 4 of the PPIP Act.
“POI” means proof of identity.
"POI Document" means a document issued by an Issuing Agency which may be used to establish an individual's identity. In the case of the Registry, this includes any certificate issued under s. 49 of the Births Deaths and Marriages Registration Act 1995.
"PPIP Act" means the Privacy and Personal Information Protection Act 1998.
"Registry" means the New South Wales Registry of Births Deaths and Marriages and includes the office of the New South Wales Registrar of Births Deaths & Marriages and any staff employed in that Office.
"User Agency" means an agency that makes a request to have an Identifying Document verified by an Issuing Agency through the DVS and is
(i) The Commonwealth Department of Foreign Affairs and Trade (DFAT)
(ii) The Commonwealth Department of Immigration and Citizenship (DIAC)
(iii) The National Exchange of Vehicle and Driver Information Systems (NEVDIS)
Background
The Australian Government sees the establishment of a National Document Verification Service (DVS) as a key component in its efforts to enhance procedures for verifying the integrity of key identity documents. It is intended that the DVS be accessible to all Australian, State and Territory government document issuing agencies to strengthen and enhance existing proof of identity (POI) processes and systems.
The DVS is one element of a comprehensive package of initiatives under the National Identity Security Strategy (NISS) announced on 14 April 2005. The Council of Australian Government endorsed the NISS at its meeting in April 2007.
The DVS will utilise an online computer system to verify the accuracy of details contained in key documents (including documents held by the Registry), which are presented by customers as POI Documents when seeking to obtain services or benefits from a User Agency.
Information will be sent via a secure communications pathway and will be verified with a yes/no response indicating whether the information provided is identical to data recorded in the register in the relevant document issuing agencies.
Information passing through the DVS will not be stored but a log of traffic through the DVS will be maintained for auditing purposes.
Details to be verified from POI Documents held by the Registry (including birth certificates, marriage certificates, death certificates, birth cards and change of name certificates) , may be the state of issue, first, middle and last name and date of birth (day, month and year). Information sent from the Registry via the DVS will comprise of a yes/no response for verification of these details.
Public Interest
DVS will assist government agencies in introducing more rigorous client identification practices, including background checks on customer identity. Applicants to User Agencies will sign a declaration authorising the User Agency to verify the details of POI documents as part of their application. DVS will enable online document verification between Commonwealth and New South Wales government agencies instead of relying on manual checks. It will allow User Agencies to exchange personal information with the Issuer Agencies.
The DVS process will assist measures designed to reduce instances of identity fraud or identity theft. A significant issue related to these types of activities is the production and use of false identity documents.
I am satisfied that the public interest in making this direction outweighs the public interest in requiring the Registry to comply with the relevant Information Protection Principles, referred to in the provisions set out below.
Coverage
This Direction applies only to the accessing of information through the Registry. The Direction also only applies to the collection of personal information by the Registry and the Registry’s use and disclosure of personal information, when that collection, use and disclosure are solely for the purpose of enabling the Registry to assist in the verification of the validity of identity documents, which have been produced to a User Agency.
Provisions
(1). If the Registry collects personal information from a User Agency for the purpose of verifying the validity of the data provided by individuals, then the Registry need not comply with sections 9, 10, and 11 of the PPIP Act.
(2). If the Registry uses personal information it holds to confirm the correctness, or otherwise, of data, which has been presented to a User Agency, the Registry need not comply with section 17 of the PPIP Act.
(3). If the Registry discloses personal information it holds in the form of a ‘yes’ or ‘no’ response to a User Agency in order to verify a POI Document, the Registry need not comply with section 18 of the PPIP Act.
(4). The provisions of paragraphs 1, 2, 3 and 4 of this Direction are not intended to override and do not override any other legal requirement dealing with the collection, use or disclosure of personal information by a relevant agency.
Note: For example, this Direction does not override secrecy or confidentiality provisions in any other relevant Act.
(5). This Direction does not apply to “health information” as defined in section 6 of the Health Records and Information Privacy Act 2002 (the HRIP Act).
Duration
This Direction has effect for a period of six months from 9 July 2009.
Signed by me on 9 July 2009
Judge KV Taylor
Privacy Commissioner
|
|
