Australian Government: Attorney-General's Department
Australian Government: Attorney-General's DepartmentAchieving a Just and Secure Society

AusCheck Privacy Policy

This Privacy Policy explains:

  • why personal information is collected about you when you apply for an ASIC or MSIC
  • how your personal information will be used by AusCheck
  • what personal information will be included on your ASIC or MSIC card
  • how you can access or correct your personal information held by AusCheck
  • how AusCheck deals with ‘spent convictions’
  • how AusCheck secures your personal information, and
  • where you can find out more information.

AusCheck’s legal authority

The collection and use of your information is authorised under the AusCheck Regulations 2007, and the Aviation Transport Security Regulations 2005 (ASICs) and the Maritime Transport and Offshore Facilities Security Regulations 2003 (MSICs).

Why your personal information is collected by AusCheck

You have applied for an Aviation Security Identification Card (ASIC) or a Maritime Security Identification Card (MSIC).  ASICs and MSICs are only issued after AusCheck has conducted a background check on you.

Your Issuing Body will collect the information that AusCheck needs about you, in order to correctly identify you, and to conduct a background check.  For example, supplying your past addresses helps ensure AusCheck can exclude criminal records that relate to a different person with the same name as you.

What personal information is collected by AusCheck

The information that AusCheck needs about you is your:

  • identity information:  your name, date of birth, gender, any other names, your residential address, and current contact details; and
  • work information:  your employer contact details, and Issuing Body details; and maybe also
  • immigration information (but only if an immigration check is requested by your Issuing Body):  your date of arrival in Australia, port of arrival, and other details that may be relevant, such as your travel document or visa number, flight number or name of vessel, and the full name of your parent if you entered Australia on your parent’s passport.

Only your identity and immigration information is used during the background checking process.  Your work information is stored in the AusCheck database for other purposes, explained below.  Your Issuing Body will also need a photograph of you, which may also be supplied to AusCheck for the AusCheck database.

Any other personal information that your Issuing Body asks for is for their own purposes, not for AusCheck’s purposes.  If you have any concerns, you should ask your Issuing Body to explain why they need that extra information about you.

How AusCheck uses your personal information

AusCheck will coordinate a background check, by using the information you provide to your Issuing Body to ask the following Government agencies for information about you:

  • The Australian Security Intelligence Agency (ASIO): ASIO will check your name on a database of known persons involved with politically motivated violence.  ASIO will also keep your information and use it as necessary for national security purposes.
  • CrimTrac: If you are over 18, CrimTrac will check your criminal history in the databases of all Australian legal jurisdictions and supply a copy of your criminal record to AusCheck.  The CrimTrac will not use your information for any other purpose.
  • The Department of Immigration and Citizenship (DIAC): If your Issuing Body has not done so already, DIAC will check your citizenship status or your legal right to work in Australia.  DIAC may also use your information for immigration compliance purposes.

AusCheck will use the results of these checks to advise your Issuing Body whether you have an adverse criminal history, an adverse security assessment, or are prevented for immigration reasons from being issued with an ASIC or MSIC.  However AusCheck will only tell your Issuing Body what is necessary for your Issuing Body to decide whether or not to issue you with an ASIC or MSIC.  Your Issuing Body will not receive a copy of your security assessment.  Your Issuing Body will not receive a copy of your criminal history except if you have applied for an ASIC and you have a particular pattern of criminal convictions.  Your Issuing Body will be told about your immigration check results.

How AusCheck may disclose your personal information

Information from your application will be held on the AusCheck database, along with the outcome of your application, and your photo (where supplied).

The database can be accessed by all Issuing Bodies, and Maritime Industry Participants that have been authorised to issue temporary MSICs or that control access to secure areas, so they can check the validity of a card presented to them at any given time.  Only the information that is visible on your ASIC or MSIC card will be disclosed in these circumstances.  Only your own Issuing Body can see all the other information you supplied in your application, like your date of birth and address.

The database may also be accessed by Commonwealth Government authorities that have functions relating to law enforcement or national security.  Your personal information may be used by Commonwealth Government authorities for the purposes of:

  • responding to an incident that poses a threat to national security, or
  • the collection, correlation, analysis or dissemination of criminal intelligence or security intelligence.

What personal information will be included on your ASIC or MSIC card

Your ASIC or MSIC card is primarily an identification card, which shows who you are, and that you have passed the necessary background checks.

Your ASIC or MSIC card will show your name and colour photo, the card’s unique identifier, and the card’s expiry date.  ASICs may also indicate which airport(s) the card is valid for.

However some maritime and aviation sites or employers may also require you to use your ASIC or MSIC card like a key – for example, to enter or exit a site, to ‘clock in’ at work, or to access tools.  Cards used for these additional purposes may have extra features like magnetic stripes on the back, or computer chips inside them.  These extra features, and any extra personal information they hold about you, are unrelated to the ASIC or MSIC schemes.  AusCheck is not responsible for how your personal information is collected or used by maritime and aviation sites or employers.

How you can access or correct your personal information 

You have the right to access the personal information that AusCheck holds about you.  You also have the right to ask for any corrections needed to make your personal information correct, complete, and not misleading.

To make an access or correction request, contact Attorney-General’s Department Privacy Officer on (02) 6250 6666.

However AusCheck cannot change your criminal record, ASIO security assessment or DIAC immigration assessment.  If you believe the results of your criminal record check are incorrect, you will need to apply for correction with the relevant Police Service.  Challenges to your security assessment or immigration assessment should be made directly to ASIO or DIAC.

How AusCheck deals with ‘spent convictions’

The aim of the ‘spent convictions’ scheme is to prevent discrimination on the basis of old and minor criminal convictions, from anywhere in Australia or overseas, for people who have had a ‘clean’ record since.

If you have a ‘spent conviction’, you not have to disclose that conviction to anyone when you are asked about your criminal record.  Also, ‘spent convictions’ will not show up in your criminal record check.

Your conviction will be considered a ‘spent conviction’ if:

  • it is old - it is 10 years since the date of your conviction (or 5 years if you were a child at the time of your conviction), and
  • it was minor – you were sentenced to less than 30 months (2 ½ years) imprisonment (or you were not imprisoned at all), and
  • you have not re-offended during the 10 year waiting period (or 5 years if you were a child at the time of your conviction); and
  • an exclusion does not apply.

‘Spent convictions’ also include convictions that have been set aside or pardoned.

However there are a few exclusions that apply to you, as a person applying for an ASIC or MSIC.  This means that the details of any convictions for the offences listed below will still be used by AusCheck in its assessment of you.

The exclusions for ASIC applicants are:
(1)        Offences against Part 2 of the Crimes (Aviation) Act 1991 (except section 15)
(2)        Offences against Part 5.3 of the Criminal Code

The exclusions for MSIC applicants are:
(1)        Offences against Part 4 of the Australian Passports Act 2005
(2)        Offences against section 24AA, 24AB, 24C, 24D, 25, 27 or 29 of the Crimes Act 1914
(3)        Offences against Part 2 of the Crimes (Aviation) Act 1991
(4)        Offences against Division 73 of Chapter 4, Chapter 5, Division 145 of Part 7.7 or Division 400 of Part 10.2 of the Criminal Code
(5)        Offences against section 233, 233A, 233AC, 233B, 233BAA or 233BAB of the Customs Act 1901
(6)        Offences against Division 10 of Part IV of the Navigation Act 1912
(7)        Offences against section 9, 10, 11 or 14 of the Weapons of Mass Destruction (Prevention of Proliferation) Act 1995

All other ‘spent convictions’ are considered irrelevant to your application for an ASIC or MSIC, and so will be ignored by AusCheck.

If you believe the ‘spent convictions’ rules have been breached by AusCheck, you can apply to the Office of the Privacy Commissioner for an investigation.

How AusCheck secures your personal information

Your personal information is secured when it is entered, processed, transferred and stored by AusCheck.  The AusCheck System is secured using a number of methods appropriate for secure government systems.  The following provides some details of the data security arrangements.

Authorisation
Access is only granted to people who have been properly authorised to use the system.  System access is granted to individuals, not entire organisations.  Users must prove their need to access the system.

Issuing Body access will be authorised based on DOTARS accreditation and a port or airport security plan, and all Government access will be justified on a legislative basis.

Authentication
Access is only granted to people who can prove who they say they are.  AusCheck uses best practice standards for User IDs and passwords, and requires digital certificates to access system-to-system connections.

Access Control
System functions can only be accessed by authorised parties in authorised ways.  The system limits access to different functions and information for different users.  Users are granted access only to particular data and functions necessary to do their job.  All functions are secured by access control lists.

Transfer control
When information is transferred to or from other Government agencies, it is sent via special point-to-point closed networks that are not publicly accessible.  All internet sessions run in secure sessions similar to those used for internet banking.  When in transit, information is encrypted using methods approved by the Defence Signals Directorate.

Intrusion protection
The system uses substantial hacking and intrusion protection measures.  The databases and servers are hosted in a secure Attorney-General’s Department environment that exceeds the classification requirements of the AusCheck system.  The environment has been reviewed and certified by Defence Signals Directorate-accredited experts.

Audit and Logging
All system activity will be logged.  The system therefore maintains a non-repudiable record of activity, to deter and detect unauthorised system activity.

Data destruction
AusCheck only keeps your personal information for as long as it is needed, or where required by law to keep it.  When it is no longer needed, your personal information will be deleted or destroyed securely.

More information

For more information about how your personal information is handled by AusCheck, or to make a privacy complaint, call the Attorney-General’s Department Privacy Officer on (02) 6250 6666.