Identity Verification Services Privacy Statement

Purpose and overview

This privacy statement describes how we, the Attorney-General’s Department, collect, store, use and disclose your personal information when operating or providing the identity verification services under the Identity Verification Services Act 2023 (Cth) (IVS Act). 

The identity verification services compare personal information on an identity document (such as an Australian passport or driver licence) against Commonwealth, state and territory government records. They are used every day by industry and government to securely and efficiently verify the identity of their customers. The identity verification services include:

• the Document Verification Service (DVS)

• the Face Verification Service (FVS), and

• the Face Identification Service (FIS).

For information on how we generally handle personal information, please refer to our privacy policy. For information on how we handle personal information when you visit this website, please refer to our web privacy statement.

Types of personal information that we collect, use and disclose

In operating the identity verification services, we may collect, use and disclose personal information on your identity document. This personal information includes:

• biographic information, which includes your name, date of birth, government related identifier (such as a driver licence number)
• biometric information, such as a photograph or facial image, and
• a match response, such as a ‘yes’ response that a name and driver licence number matches the corresponding government record.

We do not collect any personal information beyond what is required to operate the identity verification services. 

For more information on the definition of personal information, see the Office of the Australian Information Commissioner's What is personal information? page.

Information we collect and use on the Credential Protection Register

We store de-identified representations of identity documents that are registered on the Credential Protection Register (CPR). The CPR is a central register of identity documents which are blocked or prevented from being verified through the DVS, but which the individual can still use for their primary purpose. 

A ‘hashing’ process is used to ensure information on the CPR is de-identified. Hashing is an automated process that transforms details on an identity document into a string of characters or a new, unintelligible value. These hash values cannot be easily reconstructed to provide the document details and are almost impossible to decode.

How we collect, use, store and disclose your personal information

We collect, use and disclose your personal information when a request is made for the identity verification services. 

When a request is made for an identity verification service, we will receive your personal information (via secure and encrypted communications) and will transmit that information to the relevant government database for matching purposes (e.g. if you provide information from your birth certificate, this will be matched in the database of your state or territory births, deaths and marriages registry). We then receive and transmit back the result of the match (usually as a ‘yes’ or ‘no’). A hypothetical example is included below to further explain how the services operate.

In limited circumstances where this automated system cannot verify your identity, we may (with your express consent) record, disclose or access your personal information in order to provide manual assistance.

We also operate and maintain the National Driver Licence Facial Recognition Solution (NDLFRS), which consists of an electronic database of information on state and territory issued identity documents and the technical systems to support biometric verification against that information. While we host the NDLFRS on behalf of all jurisdictions, the document issuer (e.g. a state or territory road authority) controls information in the database, and information provided to the NDLFRS is securely partitioned by jurisdiction. 

The NDLFRS is expected to become operational in 2025, and the information it holds and its future use will be subject to agreement with each state and territory. Once it is operational, the NDLFRS will allow Australians to use a driver licence or another state or territory issued document for verification through the FVS.

We may also record, disclose or use your personal information and other types of protected information, if it is:

• in accordance with a Commonwealth, state or territory law
• for a purpose under the IVS Act or when performing functions or duties related to the identity verification services
• necessary to lessen or prevent a serious and imminent threat to the life or health of an individual
• to an integrity agency (for example, the Commonwealth Ombudsman) for the purpose of that agency exercising a function or power, or
• with the express consent of the state or territory authorities that supplied the information to the NDLFRS. 

Who can use the identity verification services and for what purpose

All users of our services must be party to a participation agreement with us. We keep a register of all participation agreements. We also publish information on our users in the Identity Verification Services Annual Report. 

Verifying identity 

Government authorities and non-government entities that have entered into a participation agreement can use the DVS and/or FVS to verify your identity only after obtaining your express consent.

The DVS and FVS are both one-to-one matching services, which means they match your information against a specific government record. However, they have slightly different functionalities:

• The DVS is used to verify biographic information (such as a name or date of birth) on an identity document (for example, a passport or driver licence) against government records.
• The FVS is used to verify biometric information (in this case a photograph or facial image of an individual) against government records.

Protecting legally assumed identities 

Limited government agencies that have entered into a relevant participation agreement can also use the FVS or FIS to protect a ‘shielded person’ or someone associated with a shielded person. These agencies administer or have authority to acquire or use a legally assumed identity under an existing law. This includes certain Commonwealth, state and territory law enforcement and national security agencies, and anti-corruption agencies. A shielded person is someone with a legally assumed identity (such as an undercover officer or protected witness) obtained under a Commonwealth, state or territory law. 

The FIS may only be used for the purpose of protecting a shielded person. It is a one-to-many matching service, which means it compares a facial image against multiple facial images across government records. For this reason, and as an additional privacy safeguard, the use of the FIS must be authorised by an appropriately authorised officer within the relevant government agency. This ensures that the FIS is only used for appropriate and lawful purposes.

How we protect and secure your personal information

Privacy laws and obligations will apply 

To use the identity verification services, entities must satisfy one of the following:

• be subject to the Privacy Act 1988 (Cth)
• agree to comply with the Australian Privacy Principles
• be subject to a state or territory privacy law
• be a government authority prescribed in the Identity Verification Services Rules 2024, or
• be subject to the Privacy Act 2020 (NZ). 

Getting your express consent 

Your express consent is required before your identity can be verified through the DVS or FVS. When obtaining your express consent, the entity seeking to verify your identity must notify you of the following matters:

• how the entity uses the identity verification services
• how facial images collected for an identity verification service, or a response to a request, will be used and disposed of
• whether facial images will be retained for any other purposes
• what legal obligations the entity seeking to collect your information has in relation to that collection,
• what rights you have and the consequences of declining to consent, and
• where you can get information about making a complaint, and about the operation and management of the identity verification services.

Entities that use the identity verification services must also be subject to or covered by a Privacy Impact Assessment (PIA). We have commissioned an independent PIA on the standard use of the DVS to align its operation with best practice, and which users of that service could rely upon. This PIA is published at Resources | IDMatch. 

Please also refer to the relevant entities’ privacy policies, collection notices and any PIAs they may have conducted in relation to their collection, use and disclosure of your personal information.

Limitations on third party use of your information

To further protect your privacy, the IVS Act prevents your personal information that was provided for identity verification purposes from being used for data profiling, online tracking or marketing purposes. In addition, if your facial image has been provided for verification through the FVS, it must be destroyed once it is no longer required, unless specific circumstances apply.

Oversight and governance controls

The use and administration of the identity verification services is subject to a robust oversight and transparency framework. This includes: 

• an annual assessment by the Office of the Australian Information Commissioner
• annual reporting on the use and operation of the identity verification services, which is tabled in the Australian Parliament
• publication of all participation agreements, the NDLFRS hosting agreement and other relevant documents on our website
• annual compliance reporting against participation agreements, and
• an independent annual audit program. 

Security protections

We use best practice for our security frameworks and access arrangements to protect personal information from cyber-attacks and data breaches, and to meet legal requirements to protect the security of the information on our services. The use of encryption and authorisation procedures are approved by the Australian Signals Directorate to ensure data protection, security and confidentiality. Our systems are compliant with the Australian Government Protective Security Policy Framework and Information Security Manual, and are Information Security Registered Assessors Program (IRAP) certified. 

We have also implemented a ‘double blind’ design of the services to protect your privacy, which ensures that, as much as practicable, information is held in different systems. This means that:

• the user making a request to verify your identity is not required to store a copy of your identity document

• the document issuer will not know who has made a request for a verification service, and

• we will know the identity of parties to a transaction but not the content of requests we facilitate.

Disclosure of personal information to overseas recipients

The IVS Act allows approved organisations in New Zealand that are a party to a participation agreement to use the DVS. New Zealand organisations are not permitted to use the FVS or FIS.

This is as part of an arrangement that also allows Australian organisations to use the New Zealand Government’s Confirmation Service.

Organisations in other countries are not permitted to use any of the identity verification services. This means that we do not disclose any personal information overseas except as described above. 

How to access your information or ask for corrections

Individuals should contact the relevant requesting entity and/or document issuer in order to access or seek corrections to personal information on identity documents. We cannot view or modify your personal information on these documents in any way.  

While we host the NDLFRS, the images and biographic information in these records are controlled by the document issuer (e.g. a state or territory road authority). Participating states and territories have agreed to take reasonable steps to let you know if your information is on the NDLFRS, and to correct and provide access to their data which is replicated on the NDLFRS database.

We work closely with document issuers to conduct regular testing to ensure the accuracy of the identity verification services. If you believe your information is being incorrectly matched on our services, you may contact us directly. Additionally, you may contact us directly at IVS.Manager@ag.gov.au if you wish to access the information we store or ask for it to be corrected in relation to the manual verification assistance service.

How to lodge a complaint if you believe your information has been mishandled

If you have any questions about this statement or if you believe we have wrongly collected or handled your personal information, you can email our team directly at IVS.Manager@ag.gov.au.

You can lodge complaints with our Privacy Officer at:

Email: privacy@ag.gov.au 
Telephone: 02 6141 6666
Mail:
Privacy Officer
Freedom of Information and Privacy Section
Attorney-General's Department
3–5 National Circuit
BARTON ACT 2600

You can also address privacy complaints to the Office of the Australian Information Commissioner. If you do so, it may recommend you try to resolve your complaint directly with us in the first instance.

Document version

This is version 1.0 of the Identity Verification Services Privacy Statement and was published on 3 July 2025.