​​​​​​​
You are here: Skip breadcrumbAttorney-General's Department >> Crime and corruption >> AusCheck >> Privacy policy

Privacy policy

AusCheck coordinates background checks for the Aviation Security Identification Card (ASIC), Maritime Security Identification Card (MSIC), and National Health Security (NHS) schemes. We will use the information provided in your application to ask the following government agencies for information about you:

  • Australian Security Intelligence Agency (ASIO) – ASIO will check your name on a database of known persons involved with politically motivated violence. ASIO will also keep your information and use it as necessary for national security purposes.
  • Australian Criminal Intelligence Commission (ACIC) - If you are over 18, ACIC will check your criminal history in the databases of all Australian legal jurisdictions and supply a copy of your criminal record to AusCheck. ACIC will not use your information for any other purpose.

If requested, issuing bodies for the ASIC and MSIC schemes may also request that your information be sent to:

If you are under 18 years of age, only the national security component of the background check will be undertaken. AusCheck will disclose your personal information to ASIO in conducting this check.

If you are under 14 years of age, your parent or legal guardian will be required to provide written consent to your issuing body for the background check to be undertaken. AusCheck will only provide your personal information for other purposes where specifically required or permitted by law.

AusCheck's legal authority

The collection and use of your information is authorised under the AusCheck Regulations 2017, Aviation Transport Security Regulations 2005, Maritime Transport and Offshore Facilities Security Regulations 2003, and National Health Security Regulations 2008.

Why personal information is being collected by AusCheck

Your issuing body/entity will collect the information that AusCheck needs about you in order to correctly identify you and to conduct a background check. The information required by you is set out in section 5 of the AusCheck Regulations 2017. For example, supplying a name that you are, or have been known, by helps ensure AusCheck can exclude criminal records that relate to a different person with the same name as you.

Back to top

What personal information is required?

AusCheck will need information about:

  • identity – your full name, other names previously used, date of birth, place of birth, gender, your current residential address, previous residential addresses for the last 10 years, and current contact details
  • work/study – contact details of your employer/place of study and issuing body/entity details if required for the ASIC and MSIC scheme
  • immigration (only if requested by your ASIC or MSIC issuing body) – date of arrival in Australia, port of arrival and other relevant details, such as your travel document or visa number, flight number or name of vessel, and the full name of your parent if you entered Australia on your parent's passport.

Only your identity and immigration information are used during the background checking process. Your work/study information is stored in the AusCheck database for other purposes explained below. Your issuing body/entity will also need a photograph of you.

Any other personal information that your issuing body/entity asks for is for their own purposes, not for AusCheck. If you have any concerns, you should ask your issuing body/entity to explain why they need that extra information about you.

How AusCheck will use personal information

AusCheck uses your personal information to undertake a background check. Before AusCheck provides the results of your background check to your issuing body/entity, you will have an opportunity to make representations on your preliminary unfavourable assessment.

Once the time period to make representations is finished and your assessment is finalised, AusCheck will use the results of your background check to advise your issuing body/entity whether you:

  • have an adverse criminal history
  • have a qualified criminal history for the ASIC and NHS schemes
  • have an adverse security assessment
  • are prevented by immigration reasons from accessing aviation or maritime facilities for the ASIC and MSIC schemes.

AusCheck will only reveal the information necessary for your issuing body/entity to decide whether or not to issue you with an ASIC or MSIC or allow you to access a secure facility handling Security Sensitive Biological Agents (SSBAs).

It is important to note that:

  • an ASIC or MSIC issuing body or NHS entity will not receive a copy of your security assessment
  • an MSIC issuing body will not receive a copy of your criminal history
  • an ASIC issuing body or NHS entity will not receive a copy of your criminal history, unless you receive a 'qualified' finding
  • ASIC and MSIC issuing bodies will be told about your immigration check results
  • the NHS check scheme does not issue cards.

If you receive an adverse or qualified security assessment, AusCheck will provide a copy of this assessment to you.

How AusCheck discloses personal information

All information provided to AusCheck (including application information, checking partner information, and any additional information provided by the individual) forms part of the AusCheck database established under subsection 14(1) of the AusCheck Act 2007. Your personal information will only be disclosed in accordance with the AusCheck Act or another applicable law in the ways set out below, and would not ordinarily be disclosed overseas.

What personal information is on an ASIC or MSIC?

The requirements for what personal information is displayed on an ASIC or MSIC is the responsibility of the Office of Transport Security. Further information can be found on the Office of Transport Security website.

How AusCheck deals with spent convictions

The Commonwealth spent convictions scheme allows an individual not to disclose certain criminal convictions in particular circumstances, and prohibits unauthorised use or disclosure of information about the conviction.

You generally do not have to disclose spent convictions to anyone when you are asked about your criminal record. Further, spent convictions will not show up in your criminal record check.

Your conviction will be considered a spent conviction if all of the following conditions are met:

  • it is old—it is 10 years since the date of your conviction (or 5 years if you were a child at the time of your conviction)
  • it was minor—you were sentenced to no more than 30 months (2½ years) imprisonment (or you were not imprisoned at all)
  • you have not re-offended during the 10 year waiting period (or 5 years if you were a child at the time of your conviction)
  • an exclusion does not apply.

Spent convictions also include convictions that have been set aside or pardoned.

There are a few exclusions that apply. The details of any convictions for the offences listed below will still be used by AusCheck in its assessment of you.

Convictions for security‑relevant‑offences do not become spent if they fall within the scope of the ASIC, MSIC or NHS Scheme exemptions listed in Schedule 4 of the Crimes Regulations 1990.

All other spent convictions are considered irrelevant and cannot prevent you from being eligible. If you believe the spent convictions rules have been breached by AusCheck, you can apply to the Office of the Privacy Commissioner for an investigation.

Back to top

Transferring an NHS check result

If you require authorisation at another SSBA facility and your most recent background check is less than two years old, you are able to consent to your findings being reused if your background check produced an 'eligible' finding. However, if your background check produced a 'qualified' finding, your most recent background check must not be more than 12 months old. You must consent for your new entity to be advised on whether you have been convicted of a health security relevant offence and be provided with the details of your criminal history.

Access to the AusCheck database

Issuing body access to the database     

Issuing bodies and maritime industry participants authorised to issue temporary MSICs or that control access to secure areas have limited access to the AusCheck database. This is to allow them to check the validity of an ASIC or MSIC at any given time. Only the information that is visible on an ASIC or MSIC will be disclosed in these circumstances.

Government authorities' access to the database

Information about you may be disclosed to Commonwealth, state, and territory authorities if they require access for the purpose of performing functions relating to law enforcement or national security.

How you can access or update personal information

You have the right to access the personal information that AusCheck holds about you. You also have the right to ask for any changes needed to make your personal information correct, complete, and not misleading.

To make an access or correction request, contact Attorney-General's Department Privacy Contact Officer at privacy@ag.gov.au.

AusCheck cannot change your criminal record, ASIO security assessment, or DIBP immigration assessment. If you believe the results of your criminal record check are incorrect, you need to apply for correction with the relevant police service. Challenges to your security assessment or immigration status should be made directly to ASIO or DIBP.

How AusCheck secures personal information

Your personal information is secure when it is entered, processed, transferred, and stored by AusCheck. The AusCheck system is secured using a number of methods appropriate for secure government systems. The following list provides some details of the data security arrangements.

Authorisation

Access is only granted to people who have been properly authorised to use the system. System access is granted to individuals, not entire organisations. Users must demonstrate their need to access the system.

Issuing bodies and entities can only gain access if they have been accredited by the Department of Infrastructure and Regional Development or the Department of Health. Other government agencies may access the system in certain circumstances—this access is strictly limited and may only be granted subject to the agency meeting the requirements prescribed by legislation.

Authentication

Access is only granted to people who can prove they are who they say they are. AusCheck uses best practice standards for user IDs and passwords, and requires digital certificates to access system-to-system connections.

Access control

System functions can only be accessed by authorised parties in authorised ways. The system limits access to different functions and information for different users. Users are granted access only to particular data and functions necessary to do their job. All functions are secured by access control lists.

Transfer control

When processing your application, information is sent to and from AusCheck's checking partners through secure communication networks that are not publicly accessible. When in transit, information is encrypted using methods approved by the Defence Signals Directorate.

Intrusion protection

The system uses hacking and intrusion protection measures. The databases and servers are hosted in a secure Attorney-General's Department environment that exceeds the classification requirements of the AusCheck system.

Audit and logging

All system activity is logged. The system maintains a non-repudiable record of activity to deter and detect unauthorised system activity.

Data destruction

AusCheck only keeps your personal information for as long as it is needed, or where required by law to keep it. When it is no longer needed, your personal information will be deleted or destroyed securely.

Back to top

AusCheck's Privacy Notice

The Privacy Notice explains what personal information is collected about you when you apply for a background check under the ASIC, MSIC, and NHS schemes, how your personal information will be used, and where you can find out more information.

The Privacy Notice is available in the following downloads:

Australian Privacy Principles

AusCheck is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988. If you believe that AusCheck may have breached the APPs or you wish to make a privacy complaint, email the Attorney-General's Department Privacy Contact Officer at privacy@ag.gov.au.

The Privacy Contact Officer will then discuss your complaint with you and will attempt to resolve the issue. If this is not possible you can make a formal privacy complaint and the Attorney-General's Department will initiate a review into the issue or alleged breach of the APPs. You will be provided with a formal response from the department to your complaint within 30 days. If this does not resolve your complaint, you may then contact the Office of the Australian Information Commissioner for further review on 1300 363 992.

You may complain directly to the Office of the Australian Information Commissioner on 1300 363 992 at any time, though it is likely they will request you use our complaints process before they review your complaint further.

More information

For further information about AusCheck, call (02) 6141 2000 or email AusCheck@ag.gov.au.

Back to top