Best Practices for Licensees Using ID Scanners

Responsible Management of Licensed VenuesWhere ID scanner technology is used by a licensed venue, the licensee collects valuable data which it needs to protect, and for which it must be accountable to patrons in accordance with key privacy principles:

  • The process of scanning IDs must be lawful, fair and not intrude unreasonably upon the patron.

  • Only personal information that is necessary for a function or activity of the licensee must be collected.

  • Avoid, if possible, collecting identifiers issued by Australian Government agencies, for example: Australian Passport numbers, Medicare numbers and tax file numbers.

  • At or before scanning, inform the patron of:

          -the primary purpose for collecting the information

         -whether the scanned information will be disclosed and to whom

      -the period for which the scanned information is stored and how it can be accessed or amended

     -the organisation’s name and how to contact it for any queries concerning either the scanning process or the information collected

      -the consequences if information is not provided by the patron (for example, refusal of entry)

        -the organisation’s retention and destruction policy

  • Only use the information for the primary purpose of collection and do not disclose the information outside of the licensed premises, unless:

        -the patron agrees to the other use or the disclosure, either explicitly or implicitly

       -the other use or the disclosure is necessary to lessen or prevent a serious and imminent threat to the patron’s life, health or safety or a serious threat to public health or safety

        -a law authorises or requires the other use or the disclosure

       -the venue reasonably suspects that unlawful activity has, is or may be occurring and uses or discloses the personal information in reporting its concerns to relevant authorities

   -the other use is reasonably necessary for the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of a law involving penalties or sanctions

  • Secure the collected information by:

   -taking reasonable steps to protect the personal information from misuse, loss, unauthorised access, modification or disclosure

       -destroying the personal information when it is no longer needed

  • Do not transfer the collected personal information outside Australia.