Australian Government: Attorney-General's Department
Australian Government: Attorney-General's DepartmentAchieving a Just and Secure Society

AusCheck privacy policy

This Privacy Policy explains:

  • why personal information is collected about you when you apply for an ASIC, MSIC or NHS background check
  • how your personal information will be used by AusCheck
  • what personal information will be included on your ASIC or MSIC card
  • how you can access or correct your personal information held by AusCheck
  • how AusCheck deals with ‘spent convictions’
  • how AusCheck secures your personal information, and
  • where you can find out more information.

AusCheck’s legal authority

The collection and use of your information is authorised under the AusCheck Regulations 2007, and the Aviation Transport Security Regulations 2005 (ASICs), the Maritime Transport and Offshore Facilities Security Regulations 2003 (MSICs) and, theNational Health Security Regulations 2008 (NHS Background Checks).

Why your personal information is collected by AusCheck

Your issuing body/ entity will collect the information that AusCheck needs about you, in order to correctly identify you, and to conduct a background check. For example, supplying your past addresses helps ensure AusCheck can exclude criminal records that relate to a different person with the same name as you.

What personal information is collected by AusCheck

The information that AusCheck needs about you is your:

  • identity information:  Your name, date of birth, gender, any other names, your residential address, and current contact details, and
  • work information:  Your employer contact details, and issuing body/ entity details, and if required for the ASICs and MSIC scheme
  • immigration information (but only if an immigration check is requested by your ASIC or MSIC issuing body):  Your date of arrival in Australia, port of arrival, and other details that may be relevant, such as your travel document or visa number, flight number or name of vessel, and the full name of your parent if you entered Australia on your parent’s passport. An NHS Check will not require a immigration information.

Only your identity and immigration information are used during the background checking process. Your work information is stored in the AusCheck database for other purposes explained below. Your issuing body/ entity will also need a photograph of you, which will be supplied to AusCheck for the AusCheck database.

Any other personal information that your issuing body /entity asks for is for their own purposes, not for AusCheck’s purposes.  If you have any concerns, you should ask your issuing body /entity to explain why they need that extra information about you.

How AusCheck uses your personal information

AusCheck will coordinate a background check, by using the information you provide to ask the following Government agencies for information about you:

  • The Australian Security Intelligence Organisation (ASIO): ASIO will conduct a counter-terrorism check.
  • CrimTrac Agency: CrimTrac will check your criminal history in the databases of all Australian police services and supply details of releasable criminal history information to AusCheck. CrimTrac will not use your information for any other purpose.
  • If requested by an ASIC or MSIC issuing body, The Department of Immigration and Citizenship (DIAC): If your issuing body has not done so already, DIAC will check your citizenship status or your legal right to work in Australia. DIAC may also use your information for immigration compliance purposes. Immigration checks will not be conducted as part of the NHS scheme.

AusCheck will use the results of these checks to advise your issuing body /entity whether you have an adverse criminal history, an adverse security assessment, or are prevented for immigration reasons from accessing aviation, maritime or registered SSBA facilities. However, AusCheck will only reveal the information necessary for your issuing body or entity to decide whether or not to issue you with an ASIC or MSIC, or access to a secure facilities handling SSBAs.

  • Your MSIC issuing body will not receive a copy of your security assessment.
  • Your ASIC issuing body or NHS entity will not receive a copy of your criminal history, except if you receive a ‘qualified’ finding.
  • ASIC and MSIC issuing bodies will be told about your immigration check results.

How AusCheck may disclose your personal information

All information provided to AusCheck (application information, checking partner information, and any additional information provided by the individual) forms part of the AusCheck database as established under section 14(1) of the AusCheck Act.

The database can be accessed by all issuing bodies, entities and maritime industry participants that have been authorised to issue temporary MSICs or that control access to secure areas, so they can check the validity of an individual at any given time.

ASICs and MSICs

Only the information that is visible on an ASIC or MSIC card will be disclosed in these circumstances. Only your own issuing body can see all the other information you supplied in your application, like your date of birth and address.

Transferring an NHS check result

Under the SSBA Standards, you can consent to an existing NHS check with a result of ‘eligible’ or ‘qualified’ conducted in connection with one entity being taken into account by another entity when deciding whether to give you an authorisation. However, an entity can only provide an authorisation based on a qualified check result within the last 12 months, if you have chosen to consent to that entity being advised on whether you have been convicted of a health‑security‑relevant offence and the details of any such convictions.

Commonwealth Government authorities

The database may also be accessed by Commonwealth Government authorities that have functions relating to law enforcement or national security. Your personal information may be used by Commonwealth Government authorities for the purposes of:

  • responding to an incident that poses a threat to national security, or
  • the collection, correlation, analysis or dissemination of criminal intelligence or security intelligence.

What personal information will be on your ASIC or MSIC card

Your ASIC or MSIC card is primarily an identification card, which shows who you are, and that you have passed the necessary background checks.

Your ASIC or MSIC card will show your name and colour photo, the card’s unique identifier, and the card’s expiry date. ASICs may also indicate which airport(s) the card is valid for.

Some maritime and aviation sites or employers may also require you to use your ASIC or MSIC card like a key – for example, to enter or exit a site, to ‘clock in’ at work, or to access tools. Cards used for these additional purposes may have extra features like magnetic stripes on the back, or computer chips inside them. These extra features, and any extra personal information they hold about you, are unrelated to the ASIC or MSIC schemes. AusCheck is not responsible for how your personal information is collected or used by maritime and aviation sites or employers.

The NHS check scheme does not issue cards.

How you can access or correct your personal information 

You have the right to access the personal information that AusCheck holds about you. You also have the right to ask for any corrections needed to make your personal information correct, complete, and not misleading.

To make an access or correction request, contact Attorney-General’s Department Privacy Officer on (02) 6250 6666.

However AusCheck cannot change your criminal record, ASIO security assessment or DIAC immigration assessment. If you believe the results of your criminal record check are incorrect, you will need to apply for correction with the relevant Police Service. Challenges to your security assessment or immigration assessment should be made directly to ASIO or DIAC.

How AusCheck deals with ‘spent convictions’

The aim of the ‘spent convictions’ scheme is to prevent discrimination on the basis of old and minor criminal convictions, from anywhere in Australia or overseas, for people who have had a ‘clean’ record since.

If you have a ‘spent conviction’, you not have to disclose that conviction to anyone when you are asked about your criminal record. Also, ‘spent convictions’ will not show up in your criminal record check.

Your conviction will be considered a ‘spent conviction’ if:

  • it is old - it is 10 years since the date of your conviction (or 5 years if you were a child at the time of your conviction), and
  • it was minor – you were sentenced to less than 30 months (2 ½ years) imprisonment (or you were not imprisoned at all), and
  • you have not re-offended during the 10 year waiting period (or 5 years if you were a child at the time of your conviction); and
  • an exclusion does not apply.

‘Spent convictions’ also include convictions that have been set aside or pardoned.

However there are a few exclusions that apply. The details of any convictions for the offences listed below will still be used by AusCheck in its assessment of you.

The exclusions for ASIC applicants are:

(1)        Offences against Part 2 of the Crimes (Aviation) Act 1991 (except section 15)
(2)        Offences against Part 5.3 of the Criminal Code

The exclusions for MSIC applicants are:

(1)        Offences against Part 4 of the Australian Passports Act 2005
(2)        Offences against section 24AA, 24AB, 24C, 24D, 25, 27 or 29 of the Crimes Act 1914
(3)        Offences against Part 2 of the Crimes (Aviation) Act 1991
(4)        Offences against Division 73 of Chapter 4, Chapter 5, Division 145 of Part 7.7 or Division 400 of Part 10.2 of the Criminal Code
(5)        Offences against section 233, 233A, 233AC, 233B, 233BAA or 233BAB of the Customs Act 1901
(6)        Offences against Division 10 of Part IV of the Navigation Act 1912
(7)        Offences against section 9, 10, 11 or 14 of the Weapons of Mass Destruction (Prevention of Proliferation) Act 1995

The exclusions for NHS applicants are:

(1)        An offence involving the hijacking or destruction of an aircraft or vessel
(2)        An offence involving the supply of goods (such as weapons or missiles) for a Weapons of Mass Destruction program as mentioned in the Weapons of Mass Destruction (Prevention of Proliferation) Act 1995
(3)        An offence mentioned in Chapter 5 of the Criminal Code
(4)        An offence: a) involving treachery, sabotage, sedition, inciting mutiny, unlawful drilling, or destroying or damaging Commonwealth property; and b) mentioned in Part II of the Crimes Act 1914

All other ‘spent convictions’ are considered irrelevant and will be ignored by AusCheck.

If you believe the ‘spent convictions’ rules have been breached by AusCheck, you can apply to the Office of the Privacy Commissioner for an investigation.

How AusCheck secures your personal information

Your personal information is secured when it is entered, processed, transferred and stored by AusCheck. The AusCheck System is secured using a number of methods appropriate for secure government systems. The following provides some details of the data security arrangements.

Authorisation

Access is only granted to people who have been properly authorised to use the system. System access is granted to individuals, not entire organisations. Users must prove their need to access the system.

Issuing body /entity access will be authorised based on Department of Infrastructure, Transport, Regional Development and Local Government, and Department of Health Ageing accreditation. Government access will be justified on a legislative basis.

Authentication

Access is only granted to people who can prove who they say they are. AusCheck uses best practice standards for User IDs and passwords, and requires digital certificates to access system-to-system connections.

Access control

System functions can only be accessed by authorised parties in authorised ways. The system limits access to different functions and information for different users. Users are granted access only to particular data and functions necessary to do their job. All functions are secured by access control lists.

Transfer control

When information is transferred to or from other Government agencies, it is sent via closed point-to-point networks that are not publicly accessible. All internet sessions run in secure sessions similar to those used for internet banking. When in transit, information is encrypted using methods approved by the Defence Signals Directorate.

Intrusion protection

The system uses substantial hacking and intrusion protection measures. The databases and servers are hosted in a secure Attorney-General’s Department environment that exceeds the classification requirements of the AusCheck system. The environment has been reviewed and certified by Defence Signals Directorate-accredited experts.

Audit and logging

All system activity will be logged. The system therefore maintains a non-repudiable record of activity, to deter and detect unauthorised system activity.

Data destruction

AusCheck only keeps your personal information for as long as it is needed, or where required by law to keep it. When it is no longer needed, your personal information will be deleted or destroyed securely.

More information

For more information about how your personal information is handled by AusCheck, or to make a privacy complaint, call the Attorney-General’s Department Privacy Officer on (02) 6141 6666.