Where ID scanner technology is used by a licensed venue, the licensee collects valuable data which it needs to protect, and for which it must be accountable to patrons in accordance with key privacy principles:
The process of scanning IDs must be lawful, fair and not intrude unreasonably upon the patron.
Only personal information that is necessary for a function or activity of the licensee must be collected.
Avoid, if possible, collecting identifiers issued by Australian Government agencies, for example: Australian Passport numbers, Medicare numbers and tax file numbers.
At or before scanning, inform the patron of:
-the primary purpose for collecting the information
-whether the scanned information will be disclosed and to whom
-the period for which the scanned information is stored and how it can be accessed or amended
-the organisation’s name and how to contact it for any queries concerning either the scanning process or the information collected
-the consequences if information is not provided by the patron (for example, refusal of entry)
-the organisation’s retention and destruction policy
- Only use the information for the primary purpose of collection and do not disclose the information outside of the licensed premises, unless:
-the patron agrees to the other use or the disclosure, either explicitly or implicitly
-the other use or the disclosure is necessary to lessen or prevent a serious and imminent threat to the patron’s life, health or safety or a serious threat to public health or safety
-a law authorises or requires the other use or the disclosure
-the venue reasonably suspects that unlawful activity has, is or may be occurring and uses or discloses the personal information in reporting its concerns to relevant authorities
-the other use is reasonably necessary for the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of a law involving penalties or sanctions
- Secure the collected information by:
-taking reasonable steps to protect the personal information from misuse, loss, unauthorised access, modification or disclosure
-destroying the personal information when it is no longer needed
- Do not transfer the collected personal information outside Australia.