Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Identity and ID | Technologies

Privacy Commissioner tells pubs and clubs: Don't scan IDs unless you know your privacy obligations

The Australian Privacy Commissioner, Karen Curtis, has told pubs and clubs to familiarise themselves with their legal obligations when looking to collect patrons' identity information.

"ID scanning, fingerprinting and iris scans are becoming increasingly common at pubs and clubs, and I am not convinced that all venues understand what their privacy obligations are when using these technologies," Ms Curtis said.

"The digitised information these technologies offer has the potential to be used or disclosed for many other purposes, such as direct marketing and the creation of databases, as well as the risk of facilitating identity fraud.

"While the use of these technologies in some circumstances may help to prevent crime, the public's privacy expectations must also be respected, particularly as many - if not most - Australians want some control over who has access to their personal information."

Ms Curtis' comments coincide with the launch today by her Office of new guidance material on the issue as part of Privacy Awareness Week 2010. The document outlines what pubs and clubs should consider before collecting identity information, and what they must do if they choose to collect it.

"The Privacy Act says that organisations should give people the right to transact anonymously where at all possible. If, however, a pub or club has established a lawful need to identify patrons, then it can only collect identity information that is strictly necessary for its functions or activities.

"Pubs and clubs must tell patrons why they are collecting the information, what it will be used for and to whom it will be disclosed. They can only use or disclose the information in the way they have specified.

"They must have strict security measures in place to store the data, and they are required to destroy it securely when it is no longer needed."

Ms Curtis said that her Office continues to receive complaints from patrons about this issue, and is also undertaking investigations into the use of the technologies by several venues.

The guidance material can be viewed here.