Loading
pop-up content starts
pop-up content ends
KEEPING YOUR INFORMATION PRIVATE AND SECURE

Privacy and Security for the Identity Matching Services

​​​​​How the Identity Matching Services keep your data private and secure

The privacy and security information on this page relates to the Identity Matching Services. For information about website privacy, please visit the Home Affairs website Privacy page.

How we protect your privacy

'Privacy by design' is a guiding principle of the Identity Matching Services. We work to proactively embed privacy into the design, network infrastructure and operation of the services. 

We have conducted numerous Privacy Impact Assess​ments (PIAs) to ensure our systems comply with Australian privacy principles and will continue to do so into the future. 

This means that the Identity Matching Services protect your personal information every step of the way.

To find out more about how the Identity Matching Services protect your privacy, see our: 

Consent

In most circumstances, the Identity Matching Services will be used to verify your identity based on your consent. If you choose not to give consent for your identity to be verified in this way, you may be asked to complete an alternate method for verifying your identity that may not be as fast or secure.

We may also disclose your personal information without your consent to law enforcement or security agencies under certain circumstances, where this is required or authorised by law.

While it is important for individuals to have control over their personal information, it would be impractical to allow persons to opt-out of having their personal information shared in this way. To do so would effectively provide criminals with the ability to ‘opt-out’ of their information being made available to law enforcement agencies that are investigating criminal offences, or allow people using fraudulent identity documents to avoid detection.

How we protect your information

In most cases, the government agency that originally issued your identity information will continue to hold it. The agency will also have their own system to ensure the safety of your data.

The Identity Matching Services use encryption and authorisation procedures approved by the Australian Signals Directorate to ensure data protection, security and confidentiality.

Our services are assessed and accredited in accordance with the Australian Cyber Security Centre’s Information Security Manual, and the Commonwealth’s Protective Security Policy Framework.

In the unlikely event of a data breach to the National Driver Licence Facial Recognition Solution (NDLFRS), we will notify you. If your personal information is revealed accidentally, you will be notified of the steps you should take in response.

There are also strict penalties for exposing personal information without a lawful authority. Staff with access to your personal information may be liable to criminal charges or workplace disciplinary sanctions.

Where your information is kept

The Identity Matching Services use what we call hubs, which are technical systems that act as ‘routers’ to securely transmit matching requests between the organisation which using the service and the agency which holds your information used on your identity document.

Our hubs do not retain your personal information or conduct any matching.

In the case of driver licences, the DVS hub checks your information with the National Exchange of Vehicle and Driver Information System (NEVDIS).  NEVDIS is operated by Austroads Ltd on behalf of driver licencing authorities. The DVS hub does not transmit facial images.

Facial images on driver licences will over time be provided by driver licencing authorities and stored in the NDLFRS, hosted on behalf of the States and Teritories by the Department of Home Affairs.

Who can access your information

Approved organisations in Australia and New Zealand can use the DVS, while only approved Australian organisations can access the Face Verification Service (FVS) or the Face Identification Service (FIS). Use of the services must be reasonable, necessary and proportionate to a user’s functions or activities.

The DVS is currently used by more than 120 Commonwealth, state and territory agencies and more than 1100 private sector organisations.

At present, only government agencies can use the FVS and FIS, with FIS access restricted to law enforcement agencies only.

Driver licence information is not yet available through the FVS or FIS.

In future, private sector organisations may be able to access the FVS (but not the FIS) along the same lines as the DVS.

For more details on the conditions of access to the FVS and FIS see our access policies below