Migration Amendment (Strengthening Biometrics Integrity) Bill 2015

Privacy Impact
Assessment
Migration Amendment (Strengthening Biometrics
Integrity) Bill 2015
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|1
Contents
PART A - EXECUTIVE SUMMARY ................................................................................................. 3
Summary of findings ..................................................................................................................... 3
Recommendations ........................................................................................................................ 4
PART B - BACKGROUND ............................................................................................................... 5
Introduction ................................................................................................................................... 5
Existing legislative framework ...................................................................................................... 5
Overview of measures in the bill ................................................................................................... 6
PART C - PRIVACY IMPACT ANALYSIS AND COMPLIANCE CHECK ........................................ 7
APP1 – Open and transparent management of personal information ......................................... 7
APP2 – Anonymity and pseudonymity ......................................................................................... 8
APP3 – Collection of solicited personal information ..................................................................... 8
APP4 – Dealing with unsolicted personal information ................................................................ 14
APP5 – Notification of the collection of personal information ..................................................... 15
APP6 – Use or disclosure of personal information ..................................................................... 17
APP7 – Direct marketing ............................................................................................................ 18
APP8 – Cross-border disclosure of personal information .......................................................... 18
APP9 – Adoption, use or disclosure of government related identifiers ...................................... 19
APP10 – Quality of personal information ................................................................................... 19
APP11 – Security of personal information .................................................................................. 20
APP12 – Access to personal information ................................................................................... 23
APP13 – Correction of personal information .............................................................................. 24
PART D – SUPPORTING MATERIALS ......................................................................................... 27
Definitions ................................................................................................................................... 27
The difference between an identification test and a verification check ...................................... 28
Acronyms .................................................................................................................................... 29
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|2
Part A - Executive summary
The Department of Immigration and Border Protection, plays a critical national and international
role in identifying individuals who cross Australia’s border. This role has been strengthened in
recent years as a result of security threats and increasing incidents of identity theft. The increased
focus on determining who an individual is, and detecting related immigration, security or law
enforcement histories, has resulted in substantial growth in the collection and use of biometrics.
The term Biometrics refers to physical features, physiological features, or behavioural traits that
represent something an individual is. This is distinct from something an individual holds, for
example, an identity document or credential, or private information, for example, a password.
Once linked to an individual’s biographical details, biometrics are considered to provide a more
robust confirmation of that individual’s identity than paper-based credentials.
This Privacy Impact Assessment (PIA) examines the privacy impacts of the Migration Amendment
(Strengthening Biometrics Integrity) Bill 2015 (the Bill). The Bill amends the Migration Act 1958
(the Migration Act) to implement a number of reforms that address gaps and shortcomings in the
Department’s current legislative framework to collect biometrics (termed ‘personal identifiers’ in
the Migration Act and ‘personal information’ for the purposes of the Privacy Act 1988).
Summary of findings
The Bill’s purpose is to address gaps and restrictions in the Department’s authority to collect
personal identifiers, and to provide a more flexible framework to collect personal identifiers in the
future to keep up with changing technology and threats to national security. This PIA finds that
while the privacy of individuals may be affected by the Bill, the expansion of the powers to collect
personal identifiers is necessary and proportional to achieve the purpose of the Bill.
Measures in the Bill provide flexibility on the types of personal identifiers authorised to be
collected under the Migration Act. The Bill will enable personal identifiers to be provided either by
way of an identification test carried out by an authorised officer or an authorised system, or by
another specified way. The Bill will continue to maintain identification test procedures set out in
the Migration Act. Under the Bill, personal identifiers may be required to be provided in ‘another
specified way’ via a verification check. A verification check enables the Department to verify the
identity of an individual of concern in a quick and non-intrusive way.
While, the volume of personal identifiers collected by the Department will increase under the Bill,
personal identifiers collected through a verification check will not be retained at the completion of
the check. The Bill is anticipated to provide additional privacy benefits that result from conducting
fewer identification tests in favour of conducting ‘light-touch’ verification checks. Any increase in
the volume of personal identifiers collected by the Department is consistent with the Bill’s purpose
to conduct more effective biometric-based checks of individuals identified to be of higher risk,
whether this is at the time of visa application, at Australia’s border, or after arrival in Australia.
Measures in the Bill are consistent with addressing increasing risks that are evident from the
recent terrorism-related events in Australia and other countries.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|3
Part 4A of the Migration Act creates a series of rules and offences that govern the access,
disclosure, modification and destruction of identifying information. These existing provisions will
continue to apply and provide robust protections for personal identifiers collected under the Bill. In
addition to the safeguards in the Migration Act, there are safeguards relating to personal
identifiers in the Australian Citizenship Act 2007 and in the Privacy Act 1988 relating to personal
information.
Part 6 of the Australian Border Force Act 2015 creates a secrecy and disclosure framework that
restricts the disclosure of protected information, including personal information, obtained by an
employee of the Department.
The Department is developing additional policy guidelines and training to provide guidance to
officers on how the new power to collect personal identifiers is to be exercised. The policy
guidance will cover how personal identifiers are to be collected from minors and incapable
persons, and will ensure that this is done in a respectful way. This policy guidance will be made
publicly available.
In order to effectively manage the border, legislation, policies and procedures that govern the
Department must be sufficiently flexible to keep up with advances offered by technology. Overall,
the breadth of the new collection power in the Bill is a necessary and proportionate response that
provides authority to the Department to effectively and efficiently use current technology. The Bill
establishes a more flexible and simple framework for the collection of personal identifiers for
purposes set out in the Migration Act and the Migration Regulations 1994. The Department seeks
to avoid repeating the current legislative framework, which is based on expressly and exhaustively
legislating specific circumstances where personal identifiers are authorised to be collected and
how those personal identifiers can be provided. The rigidity of this approach prevents the
Department from using existing biometric technology to more rapidly respond to new and
emerging threats to national security.
Recommendations
The following actions are recommended to mitigate privacy risks:
1. APP3 - To ensure staff compliance with legislative requirements in the Bill, appropriate
training must be provided, in addition to new policy and procedural guidelines on the
collection of personal identifiers under the Bill.
2. APP5 - That the following forms are reviewed and updated as required to ensure APP5
requirements are met:
 1243i Your identifying information
 1442i Privacy notice
 any other forms relating to collection of personal identifiers from minors or incapable
persons
 signs at airports where verification checks are conducted.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|4
Part B - Background
Introduction
In 2013-14, over 35 million passengers arrived and departed from Australia’s border and nearly 5
million visas were granted. Passenger numbers travelling in and out of Australia are estimated to
rise to 50 million by 2020. The increasing number of travellers requires effective methods to
quickly and accurately establish identity.
The collection of personal identifiers is essential to establish the identity of people. Checks using
personal identifiers are more accurate than document-based checks of biographic details, such as
name, date of birth and nationality. Measures in the Bill strengthen border controls and the visa
application decision-making processes. These reforms build the Department’s capacity to verify
identity and provide flexibility to respond on a case by case basis to higher risk individuals while
allowing the majority of travellers to move seamlessly and quickly across the border.
The Department understands that collecting biometrics has significant implications for an
individual’s privacy. When implemented and managed appropriately, however, biometric
technologies can both improve security and enhance privacy.
Existing legislative framework
The Department has authority under the Migration Act and the Migration Regulations to collect
personal information to carry out its functions.
At Australia’s border, the Department may collect facial images, a signature and a type of
identifier contained in a person’s passport from a citizen under section 166, s. 170 and s. 175 of
the Migration Act. On entry a citizen can also be required to provide fingerprints or an iris scan.
The Bill does not expand the circumstances where Australian citizens can be required to provide
personal identifiers. Australian citizens will only be required to provide personal identifiers under
the Bill when at Australia’s border; both on arrival and departure, and when travelling from port to
port.
Under s. 40 and s. 46 of the Migration Act, the Department currently has the authority to collect
personal information from a non-citizen for visa decision-making. The Department is authorised to
collect personal information from a non-citizen at Australia’s border, and on entry or departure
from Australia, or travel from port to port on an overseas vessel under s. 166, and s. 175 of the
Migration Act. The Department may collect personal identifiers under s. 188, of the Migration Act
where evidence exists that a non-citizen holds a lawful visa. The Department may also collect
personal identifiers under s. 192 when a non-citizen is being detained on the basis that they hold
a visa that is liable to cancellation on certain grounds. In addition, the Department is permitted to
collect personal identifiers in immigration detention under s. 261AA of the Migration Act.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|5
Overview of measures in the Bill
The Bill introduces a new single power to collect personal identifiers that replaces seven existing
collection powers in the Migration Act. Sections 40, s. 46, s. 166, s. 170, s. 175, s. 188 and s. 192
and the associated legislative framework have been amended during the past 10 years to
authorise the collection of specific types of personal identifiers in particular circumstances.
Streamlining these seven existing provisions will remove inconsistency and duplication, and
enhance the Department’s efforts to achieve important government policy objectives, including
removing current restrictions on the circumstances where personal identifiers may be collected.
New section 257A is the key measure in the Bill. The Bill will:






Consolidate existing collection powers (with the exception of the power relating to the
collection of personal identifiers from detainees under section 261AA1) into a single broad
power, s. 257A, that will allow the Minister (or delegate) or an officer to require, orally or in
writing, personal identifiers, including fingerprints, from a person for the purposes of the
Migration Act or Migration Regulations. These purposes include enhancing the
Department’s ability to identify non-citizens who have a criminal history or who are of
character concern, and to assist in identifying persons who may be a security concern to
Australia or a foreign country.
Provide the flexibility to require personal identifiers, unless the particular circumstances
warrant, for example, from visa applicants who are part of an identified higher risk cohort
or in lower risk cohorts of visa applicants where there are reasonable grounds to suspect
identity fraud.
Allow the Minister (or delegate) or an officer to specify that personal identifiers can be
provided in a way other than by way of an identification test carried out by an authorised
officer or an authorised system.
Remove current requirements relating to the consent and presence of a parent/guardian
or independent person when collecting personal identifiers from minors and incapable
persons when a personal identifier is required under s. 257A. The relevant limitations will
continue to apply if the requirement to provide personal identifiers is being made because
the non-citizen is an immigration detainee (see footnote one).
Clarify that personal identifiers can be required to be provided more than once, for
example at the temporary visa application stage, and then again at the permanent visa
application stage; even if the person has previously complied with a requirement to
provide one or more personal identifiers.
Provide that the Minister can, by legislative instrument, remove the requirement for
specified persons, or a person included in a specified class of persons:
o to provide any, or a specified kind of, personal identifier under section 257A
in specified circumstances, to provide any, or a specified kind, of personal
identifier under section 257A.
The Department will support implementation of the new section 257A by developing new policy.
The policy will be made publicly available.
1
The legislative framework that provides that a non-citizen in immigration detention must provide personal
identifiers and the rules and safeguards that apply when collecting those personal identifiers will be retained.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|6
Part C - Privacy Impact Analysis and
Compliance Check
APP1 – OPEN AND TRANSPARENT MANAGEMENT OF
PERSONAL INFORMATION
The APP entity must have ongoing practices and policies in place to ensure that they manage
personal information in an open and transparent way. The APP entity must:




take reasonable steps to implement practices, procedures and systems that will ensure it
complies with the APPs and any binding registered APP code, and is able to deal with
related inquiries and complaints
have a clearly expressed and up-to-date APP Privacy Policy about how it manages
personal information
take reasonable steps to make its APP Privacy Policy available free of charge and in an
appropriate form (usually on its website)
upon request, take reasonable steps to provide a person or body with a copy of its APP
Privacy Policy in the particular form requested.
Discussion
The Department has sound practices and procedures to ensure compliance with the requirements
of APP1. Undertaking PIA’s where new collection or changes to collection of personal information
is proposed, as in the case of new powers contained in the Bill, is part of the Department’s
process for ensuring that the Department’s information handling practices comply with the APPs.
The Department’s Privacy Policy is publicly available on the Department’s website. The policy
details how the Department manages the personal information it collects and the information flows
associated with that personal information. The Department maintains a clearly expressed and upto-date privacy notice – Form 1442i – Privacy Notice. That includes notification matters required
under APP1 and APP5 which the Department must advise persons of when collecting their
personal information, including personal identifiers. The Department’s Privacy Policy informs
individuals how they may lodge a complaint if they believe the Department has wrongly collected
or handled their personal information. If not satisfied with the Department’s response, individuals
are advised that it is open to them to contact the Australian Privacy Commissioner.
The Department also has a separate notice, Form 1243i –Your personal identifying information,
which explains the Department’s authority to collect personal identifiers, how they may be
collected, the purposes of collection and the purposes for which they are permitted to be
disclosed. Form 1243i - Your personal identifying information is publicly available on the
Department’s website.
Analysis of privacy risk
The Department publishes Form 1442i – Privacy Notice and Form 1243i – Your personal
identifying information specific to the handling of personal identifiers, on the Department’s
website. Signs at airports where verification checks are conducted also provide information about
the collection of personal identifiers.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|7
APP2 – ANONYMITY AND PSEUDONYMITY


Individuals must have the option of not identifying themselves, or of using a pseudonym,
when dealing with an APP entity in relation to a particular matter, unless an exception applies.
Exception 2.2(a): does not apply if, in relation to that matter the APP entity is required or
authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who
have identified themselves.
Discussion
Anonymity or pseudonymity is not possible where the Department collects personal identifiers for
purposes under the Migration Act or Migration Regulations.
Analysis of privacy risk
The Migration Act authorises the Department to collect personal information. Form 1442i - Privacy
Notice addresses the basis of lawful collection of personal information under the Migration Act or
Migration Regulations, and the consequences if personal information is not collected to further
explain why anonymity or pseudonymity is not possible.
APP3 – COLLECTION OF SOLICITED PERSONAL
INFORMATION




Any personal information collected (other than sensitive information) must be reasonably
necessary for (or if the APP entity is an agency, reasonably necessary for or directly related
to) one or more of the APP entity’s functions or activities.
An APP entity must not collect sensitive information about an individual unless one of the
exceptions listed in APP 3.3 or APP 3.4 applies, such as if the individual consents and the
information is reasonably necessary for (or if the APP entity is an agency, reasonably
necessary for or directly related to) one of more of the entity’s functions or activities.
Personal information can only be collected by lawful and fair means.
Personal information about an individual must only be collected from the individual unless one
of the exceptions in APP 3.6 applies.
Purposes of collection
The Department collects personal identifiers because of their significant value in resolving identity,
security, law enforcement and other immigration concerns. The Department collects personal
identifiers under Migration legislation in only a defined number of specific circumstances, as set
out in sections 40, s. 46, s. 166, s. 170, s. 175, s. 188, s. 192 and s. 261AA of the Migration Act
and the associated Migration Regulations:
 when a non-citizen applies for a visa
 at Australia’s border when a person is arriving, travelling from port to port, or departing
the country
 where an officer reasonably suspects a person is a non-citizen and requires them to
present certain evidence of being a lawful non-citizen
 when a non-citizen is detained as their visa is liable to cancellation
 when a non-citizen is detained in immigration detention.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|8
The Bill does not expand the circumstances where Australian citizens can be required to provide
personal identifiers. Australian citizens can, as is currently the case, only be required to provide
one or more personal identifiers when at Australia’s border.
The Bill authorises the Department to collect personal identifiers from non-citizens in additional
circumstances to those that currently apply. This collection is required to address known integrity
gaps, including:
 a non-citizen who holds a valid visa who is subject to an investigation
 a non-citizen whose identity or history becomes of concern after visa grant
 a non-citizen who becomes of concern after arrival in Australia.
Types of personal identifiers collected
The types of personal identifiers as defined in section 5A(1) of the Migration Act remain
unchanged. In circumstances where personal identifiers can be required under new section 257A,
any personal identifier as defined in section 5A(1) can be required. The Department is currently
authorised to collect:

fingerprints or handprints of a person (including those taken using paper and ink
or digital live-scanning technologies)

a measurement of a person's height and weight

a photograph or other image of a person's face and shoulders

an audio or a video recording of a person

an iris scan

a person's signature

any other identifier prescribed by the regulations, other than an identifier the
obtaining of which would involve the carrying out of an intimate forensic
procedure within the meaning of section 23WA of the Crimes Act 1914. (There
are no personal identifiers prescribed for this).
Volume of personal identifiers collected
Under the Bill, a greater volume of personal identifiers, particularly fingerprints, will be authorised
to be collected. It is not possible to quantify the expected increase at this time.
The impact of the Bill will be most evident in the greater volume of finger scans conducted at
Australia’s airports by way of a verification check. Finger print scans of an individual obtained by
way of a verification check will not be retained after the check is complete (see discussion below
under ‘means of collection’). Verification checks are currently conducted on a consent basis at two
international airports, the purpose of which is to confirm the identity of non-citizens who applied
for a visa offshore (outside Australia) in a higher risk location. This important integrity check will
be expanded to all eight international airports. Verification checks will be conducted to confirm
identity and conduct security checks on both arriving and departing travellers (both citizens and
non-citizens).
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
|9
Any additional collection and retention of facial images and fingerprints collected by way of an
identification test is anticipated to be small. The Department currently collects personal identifiers
by way of an identification test for well-defined and permitted purposes, which will continue under
the Bill, such as:

assessing higher risk visa applications (onshore (in Australia) and offshore
(outside Australia))

at the border, after a non-citizen is refused entry and ‘turned-around’ on the next
available flight

immigration detention.
Means of collection
APP3 stipulates that information should be collected from the individual concerned unless an
exception applies, including where it is unreasonable or impracticable to do so. Personal
identifiers are by necessity only collected from the individual concerned.
The Bill largely retains the current identification test procedures set out in the Migration Act. In
addition, to provide flexibility to be able to collect personal identifiers where the current
identification test procedures are impractical or not appropriate, the Bill provides an alternative to
an identification test for collecting personal identifiers.
The Migration Act currently allows for collecting personal identifiers by other means than an
identification test. The Bill will continue to permit the arrangements that apply offshore (outside
Australia), as well as provide for more flexibility to collect personal identifiers onshore (in
Australia), in another way. The Bill will:

reduce the legislative complexity in collecting personal identifiers offshore
(outside Australia)

provide for more flexibility onshore (in Australia) to collect personal identifiers,
particularly at Australia’s borders

authorise the expansion of the current consent-based verification check
procedure, which is already in use in a limited way at Australia’s border to verify
identity and detect persons of concern.
The Bill authorises the Department to collect fingerprints in another specified way
including by way of a verification check. Collecting personal identifiers by a means
other than an identification test, provides the Department with flexibility to meet
increasing challenges, to identify persons of concern accurately and quickly, and in a
way that does not burden legitimate travellers passing through Australia’s border.
It is impractical and inefficient to use the full identification test procedure at Australia’s
border because it is time consuming and intrusive. The current process that involves
collecting both facial image and 10 fingerprints may take up to 60 minutes to
complete. The identification test is more complicated than necessary to fulfil the
purpose of collecting personal identifiers. The purpose of collecting personal
identifiers at Australia’s border is to quickly confirm a person’s identity and conduct
appropriate checks before a person is permitted to depart, arrive or travel from port to
port. It is also impractical and unnecessarily burdensome for the Department to delay
large numbers of travellers at the border to conduct the identification test.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 10
A verification check is an efficient, quick and unobtrusive method of verifying an
individual’s identity. Rather than a ‘one-to-one’ check directly against an individual’s
fingerprint data, the expanded verification check will involve a ‘one-to-many’ check,
which involves searching a single biometric against thousands of biometrics in a
database. The Department’s checks with partner countries are a current example of a
‘one-to-many’ search conducted by the Department. The verification check improves
speed, accuracy and efficiency with results available in real-time. Rather than taking
up to 60 minutes to complete via an identification test, the check will take seconds to
complete. This allows the Department to strengthen the integrity of protecting
Australia’s border, and conduct more checks than is currently possible. Under the
Bill, only those individuals identified as being of higher risk would be subject to a
verification check. Checks will be conducted in public; only two to four fingers will be
scanned.
In addition to being used at Australia’s border, verification checks can support the
Department to identify non-citizens in the Australian community who may be working
in breach of their visa conditions or have remained in Australia beyond the date of
their visa, or have come to the attention of law enforcement while living in the
Australian community.
The technological capability to conduct a verification check using a mobile, hand-held
scanner device has only recently offered the opportunity to implement a relatively
non-expensive, rapid and accurate tool to effectively and efficiently resolve identity.
The Bill provides the flexibility to collect personal identifiers in situations that require a
fast, accurate and predominantly non-intrusive method of collection. This approach is
consistent with other technology-enabled checks currently conducted in public at
airports, for example, the explosives trace detection test that are accepted by the
travelling public as a necessary part of the overall security apparatus at airports.
When appropriate, the Department will continue to conduct the current identification tests using
standard operating procedures and in accordance with legislative requirements.
Minors and incapable persons
To address the complexities of confirming the identity of minors and incapable persons, the Bill
will remove some of the current limitations on the collection of personal identifiers from minors
and incapable persons. For example, under the broad power fingerprints will now be able to be
collected from minors under 15 years of age.
Under the current Migration Act, personal identifiers cannot be collected from a minor or an
incapable person, in particular circumstances, if a parent, guardian or an independent person
refuses to consent to the collection. This is contrary to the lawful purpose of collection, and
prevents detecting identity fraud, and conducting appropriate security, law enforcement and
immigration checks. It is important that where an officer requires a minor or incapable person to
provide personal identifiers, that the requirement is not circumvented by a parent or guardian
refusing consent.
Establishing identity is essential to ensure the safety and wellbeing of minors and incapable
persons. The ability to collect all types of personal identifiers, as defined in the Migration Act, from
minors and incapable persons is necessary in circumstances where there is an indication of
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 11
trafficking, smuggling or exploitation. There are child trafficking cases where minors have been
brought into Australia as part of a family unit of which they are not a member.
The Department has identified a need to obtain an additional level of identity assurance before
allowing travel to and from Australia or changing visa status. There are also security concerns
including the involvement of minors in conflicts and terrorist activities that demonstrate how
identifying minors is a matter of national security. The Bill will also resolve an issue where the age
limit in the Migration Act for the collection of fingerprints from minors and incapable persons is
currently inconsistent with all other Five Country Conference Partners.
Under the Bill not all minors and incapable persons will be required to provide personal identifiers.
It is anticipated that the Bill will effect only a small number of minors and incapable persons in
specific circumstances, including:

offshore (outside Australia) to protect minors from people smugglers and
traffickers

on entry and departure at Australia’s border in certain circumstances where a
minor or incapable person is identified as of concern

applicants from the Refugee and Humanitarian cohort, who are a particularly
vulnerable group.
Safeguards
Policy guidance for Departmental staff on collecting personal identifiers under the Bill is under
development. Appropriate training will be provided to departmental staff to ensure that the
implementation of the policy complies with the APPs. Collection will not be undertaken by any
unlawful, deceptive or overly intrusive means.
For an identification test conducted at the border, the minor will be removed to a separate place
and the test will be conducted by two authorised officers, in accordance with sections 258B-258G
of the Migration Act. As a matter of policy, a departmental officer will seek the consent and
presence of the minor’s parent or guardian for a verification check or identification test to be
conducted. In the case of an unaccompanied minor, where an identification test is required, the
test will be conducted in the presence of two authorised officers, at least one of whom will be a
female. This is consistent with frisk search practices.
Where cooperation for a verification check or identification test is not provided, a departmental
officer will advise the parent or guardian and the minor of the consequences of refusing to provide
personal identifiers. Where consent remains withheld, the relevant consequence/s will
follow. Consequences may include conducting further checks with other agencies or alternative
checks to resolve the issue of concern. Other consequences may be delays that result in missed
flights or refused border clearance for non-citizens. The Bill does not introduce any provisions that
will allow the use of force to collect personal identifiers.
Policy guidance will be made publicly available to provide assurances to the public that the
process of collecting personal identifiers from minors and incapable persons is transparent.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 12
Analysis of privacy risk
A key privacy principle is that agencies should only collect the minimum information that is
reasonably necessary in relation to the primary purpose for collecting the information. The
Department currently collects a single personal identifier, a facial image, from the overwhelming
majority of travellers who cross Australia’s border.
Automated collection via SmartGates or manual check of a facial image for comparison with a
passport or other travel document is generally sufficient to verify a person’s identity. The Bill
provides the Department with authority to collect one or more additional personal identifiers, such
as a scan of four fingers, where a facial image check is not sufficient to resolve identification
concerns.
The Department’s approach is consistent with APP3. Personal identifiers will be collected only
when reasonably necessary for the purposes of the Migration Act or the Migration Regulations,
and only the minimum number of personal identifiers will be collected for the required purpose.
For the majority of travellers, a single personal identifier is collected, a facial image, unless a
person is identified as being of higher risk. The Bill provides the flexibility to require personal
identifiers on a case by case basis. This flexible approach provides an appropriate balance
between improving the effectiveness of checks to prevent identity fraud and detect persons with
adverse security histories from entering, departing or remaining in Australia undetected.
The Department has developed a range of sophisticated and innovative tools and capabilities to
analyse risk when making visa application decisions and when people are crossing Australia’s
border. These mathematical, statistical and intelligence techniques produce evidence-based data
that is used to detect persons of higher risk. Examples where these tools are used at Australia’s
border include where a person:

‘fails’ automated immigration clearance through SmartGate or a manual face-topassport check, because their facial image does not ‘match’ the passport photo
or the passport is listed as ‘stolen’

triggers an alert against the Department’s Central Movement Alert List

matches a profile, for example, a person might match a profile for identity fraud,
which may include combinations or patterns of a range of variables, such as age
or where a ticket was purchased with cash.
The Bill provides a simple, broad power to require persons to provide personal identifiers for the
purposes of the Migration Act and Migration Regulations. This is consistent with, and critical to the
Department’s key function in being able to effectively regulate, manage and enforce, in the
national interest, the presence in Australia of non-citizens. The Bill clearly sets out on the face of
the legislation this new, simplified biometrics power, which will enhance the integrity of the
immigration programme and strengthen community protection outcomes.
The Bill does not add to the types of personal identifiers that the Department is currently
authorised to collect as defined in section 5A(1) of the Migration Act. There are no privacy risks
identified in the Bill in relation to the types of personal identifiers collected by the Department.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 13
Minors and incapable persons
The Privacy Act does not specify an age after which individuals can make their own privacy
decisions. The Bill establishes a practical framework that is more flexible than current legislation
as it authorises officers to collect personal identifiers from any person, including a minor, who is
identified as a higher risk of either personal harm or a higher risk to the safety of the community.
The Bill permits the Department to make judgements based on escalating risk on a case by case
basis.
The Department currently provides individuals with comprehensive information through its Privacy
Policy, Form 1442i – Privacy Notice, and Form 1243i - Your personal identifying information (see
discussion below under APP5), which are both publicly available on its website, about matters
such as the authority of the Department to collect personal identifiers, why personal identifiers can
be collected, how they may be used, how they are protected and to whom they may be disclosed.
Additional signage about verification checks will be posted in prominent locations at Australia’s
international airports, and the Department will ensure that minors and incapable persons are
adequately informed of such requirements.
Existing safeguards in the Migration Act relating to the collection of personal identifiers continue to
provide robust protections for all people affected by amendments in the Bill, including minors and
incapable persons. Departmental officers conducting verification checks or collecting personal
identifiers in a way besides an identification test must act in accordance with the, the Public
Service Act 1999, the Australian Public Service Code of Conduct, the Privacy Act, and the
Department’s professional integrity framework. Administrative and criminal penalties may apply
for breaches.
Detailed policy guidance and training will be issued to Departmental officers setting out how to
comply with the new legislative framework for collecting personal identifiers under the Bill. This
policy guidance will be made publicly available. Appropriate training is provided to Departmental
staff to ensure that the implementation of the policy also complies with the APPs.
The Bill does not amend Part 4A of the Migration Act, which creates a series of rules and offences
that govern the access, disclosure, modification and destruction of identifying information. These
provisions will apply to personal identifiers collected under the Bill.
To the extent that measures in the Bill impact on the privacy of minors and incapable persons,
the measures are necessary and proportionate in order to respond to the full range of variable
circumstances surrounding minors and incapable persons such as protecting vulnerable children
from trafficking and exploitation, prevent persons claiming to be minors and incapable persons to
avoid identification and create a framework to develop robust procedures addressing individuals
classified as minors who pose a risk to national security.
Recommendation
To ensure staff compliance with legislative requirements in the Bill, appropriate training must be
provided, in addition to new policy and procedural guidelines on the collection of personal
identifiers under the Bill.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 14
APP4 – DEALING WITH UNSOLICTED PERSONAL
INFORMATION

Where an APP entity receives unsolicited personal information, it must determine
whether it would have been permitted to collect the information under APP 3. If
so, APPs 5 to 13 will apply to that information. If the information could not have
been collected under APP 3, and the information is not contained in a
Commonwealth record, the APP entity must destroy or de-identify that
information as soon as practicable, but only if it is lawful and reasonable to do so.
Discussion
The basis of collection as the result of the bill is lawful collection, the Department would not collect
personal identifiers that are unsolicited.
Analysis of privacy risk
The Bill does not pose any privacy risk relating to the unsolicited collection of personal identifiers.
APP5 – NOTIFICATION OF THE COLLECTION OF
PERSONAL INFORMATION

An APP entity that collects personal information about an individual must take
reasonable steps to notify the individual, or otherwise ensure the individual is
aware, of the matters listed in APP 5.2.

The matters include:

the APP entity’s identity and contact details

the fact and circumstances of collection

whether the collection is required or authorised by law

the purposes of collection

the consequences if personal information is not collected

the APP entity’s usual disclosures of personal information of the kind collected by
the entity

information about the APP entity’s APP Privacy Policy

whether the APP entity is likely to disclose personal information to overseas
recipients, and if practicable, the countries where they are located.

An APP entity must provide notification before, or at the time it collects personal
information. If this is not practicable, notification should be provided as soon as
practicable after collection.
Discussion
The Department currently provides individuals with comprehensive information through its Privacy
Policy and other Departmental forms about matters such as the authority of the Department to
collect personal identifiers, why personal identifiers can be collected, how they may be used, how
they are protected and to whom they may be disclosed. In particular, these forms are:

1442i – Privacy Notice, the Department’s APP5 notice
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 15

1243i – Your personal identifying information, also an APP5 notice that explains
the Department’s authority to collect personal identifiers, how they may be
collected, the purposes of collection and the purposes for which they are
permitted to be disclosed.
Departmental procedures for collecting personal identifiers by way of an identification test include,
at a minimum, making individuals aware of Form 1243i - Your personal identifying information and
1442i - Privacy notice, and in most cases providing hard copies. Both Form 1243i - Your
identifying information and Form 1442i - Privacy notice provide information regarding how an
individual may access their personal information, seek a correction of their personal information
and how they can make a complaint if they feel the Department has wrongly collected or handled
their information. Both forms are publicly available from the Department’s website.
Individuals who undergo a verification check will be provided with a verbal notice and written
information if requested, about the purpose of the checks and what the checks involve. If
requested individuals will be given the Department’s privacy notice Form 1442i – Privacy Notice
and advised that they can obtain further information from the Department website.
Form 1243i -Your identifying information and Form 1442i - Privacy notice will be reviewed and
necessary amendments identified to ensure that the requirements of APP5 continue to be met
under the Bill. Any forms that relate to collection of personal identifiers from minors or incapable
persons will be updated as required.
Analysis of privacy risk
Information regarding the collection of personal identifiers may become out of date.
The Bill maintains the current identification test procedures set out in the Migration Act. Verbally
communicating the nature of a verification check is appropriate. Applying the same safeguards for
conducting an identification test to a ‘verification check’ would slow the process of conducting a
quick and non-intrusive check as proposed. Information about verification checks are currently
available at Perth and Melbourne, the two Australian airports where the checks are currently
conducted, by way of signs in the arrival hall and information sheets. These signs and information
sheets will be available at all airports where verification checks are carried out, on arrival and
departure, and on the Department’s website.
Recommendations
That the following forms are reviewed and updated as required to ensure APP5 requirements are
met:

1243i Your identifying information

1442i Privacy notice

Any other forms relating to collection of personal identifiers from minors or
incapable person.

signs at airports where verification checks are conducted.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 16
APP6 – USE OR DISCLOSURE OF PERSONAL
INFORMATION

An APP entity can only use or disclose personal information for the particular
purpose for which it was collected (known as the ‘primary purpose’), or for a
secondary purpose if an exception applies, including where the use or disclosure
is reasonably necessary for one or more enforcement related activities conducted
by, or on behalf of, an enforcement body.
Discussion
The Bill amends the Migration Act in relation to the collection of personal identifiers, and does not
alter current provisions in the Act relating to the use or disclosure of personal identifiers.
The Bill does not amend Part 4A of the Migration Act. Part 4A creates a series of rules and
offences that govern the access, disclosure, modification and destruction of identifying
information. These provisions will apply to personal identifiers collected under the new section
257A.
The Department’s privacy notice – Form 1442i – Privacy Notice, which is publicly available on its
website, details purposes for which personal identifiers may be disclosed.
The Migration Act authorises disclosure of personal identifiers in specific circumstances only,
including:

for data matching purposes - to Australian law enforcement agencies, CrimTrac,
and the FCC partners

to foreign governments to make arrangements for removal of a non-citizen from
Australia or for the purposes of extradition of a person to and from Australia

to specified foreign governments, law enforcement or border control bodies of
foreign governments, or specified international organisations, for example,
Interpol

to obtain or give international assistance in criminal matters.
Under the Migration Act, it is an offence to disclose identifying information unless the disclosure is
permitted under the Act. Unauthorised access or disclosure is an offence and penalties apply;
including imprisonment for 2 years and/or 120 penalty units. There will be no changes to
disclosure practices under the Bill.
Analysis of privacy risk
There are no changes to the purposes for which disclosure of personal identifiers is authorised
under the Bill. The Bill does not pose any privacy risk relating to the use and disclosure of
personal identifiers.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 17
APP7 – DIRECT MARKETING

An organisation must not use or disclose personal information for the purpose of
direct marketing unless an exception applies, such as where the individual has
consented.

Where an organisation is permitted to use or disclose personal information for the
purpose of direct marketing, it must always:

allow an individual to request not to receive direct marketing communications
(also known as ‘opting out’), and

comply with that request.

An organisation must provide its source for an individual’s personal information, if
requested to do so by the individual.
Not applicable to the Department.
APP8 – CROSS-BORDER DISCLOSURE OF PERSONAL
INFORMATION

Before an APP entity discloses personal information to an overseas recipient, the
entity must take reasonable steps to ensure that the overseas recipient does not
breach the APPs (other than APP 1) in relation to the information, unless an
exception applies.

An APP entity that discloses personal information to an overseas recipient is
accountable for any acts or practices of the overseas recipient in relation to the
information that would breach the APPs (see s 16C of the Privacy Act).
Discussion
The Bill does not amend current provisions in the Migration Act in relation to the cross-border
disclosure of identifying information. Part 4A of the Migration Act governs the access, disclosure,
modification and destruction of personal identifiers, including cross-border disclosure of identifying
information.
The Department currently discloses personal identifiers and associated personal information to
FCC member countries under international information sharing arrangements and with other
countries where information exchanges may involve sharing personal identifiers. For an up to date
list of the countries which Australia has agreements with, refer to Fact sheet 84 Biometric
Initiatives, which is available from the Department’s website. This information sharing already
takes place with personal identifiers that are collected under the current collection provisions of
the Migration Act. Separate PIAs have been undertaken for FCC data sharing, and the
agreements with countries under the Biometrics Initiatives are noted in the relevant Secretary’s
Instructions. Disclosure to overseas entities is usually considered on a case by case basis and
only occurs where the disclosure is authorised under the relevant legislation, for example,
disclosure is authorised in specific circumstances under the Migration Act, the Australian Border
Force Act and the Privacy Act.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 18
Analysis of privacy risk
The Bill does not pose any privacy risks relating to the cross-border disclosure of personal
identifiers and information about cross border exchange of personal identifiers is explained in
Form 1442i -Privacy Notice, and in the Department’s Privacy Policy.
APP9 – ADOPTION, USE OR DISCLOSURE OF
GOVERNMENT RELATED IDENTIFIERS

An organisation must not adopt, use or disclose a government related identifier of
an individual as its own identifier of the individual unless an exception applies.
Not applicable to the Department.
APP10 – QUALITY OF PERSONAL INFORMATION

An APP entity must take reasonable steps to ensure that the personal information
it collects is accurate, up-to-date and complete.

An APP entity must take reasonable steps to ensure that the personal information
it uses and discloses is, having regard to the purpose of the use or disclosure,
accurate, up-to-date, complete and relevant.
Discussion
The Bill does not amend the Migration Act in relation to matters regulated under APP10. Personal
identifiers are, by their nature, accurate at the time of collection as they are collected directly from
individuals. The Bill amends the Migration Act only in relation to the collection of personal
identifiers, and does not alter the current requirements relating to retention periods for personal
identifiers as specified in the Migration Act and the Archives Act 1983.
Analysis of privacy risk
Fingerprints are relatively stable over a person’s lifetime, so the period of retention would not
impact on the quality of the data. In contrast, a person’s face is subject to considerable change
during a person’s lifetime, particularly as a person ages from childhood into adulthood. Collecting
a facial image of a minor and retaining the image for an extended period of time, may result in it
becoming inaccurate, for example, if the minor were to suffer an illness or acquires a disability or
injury.
Identifying an individual from an old photograph in a passport is currently an issue at Australia’s
border. The facial image is the only personal identifier that is currently available to match against
in the Australian passport. The Department is restricted in its capability to address out-of-date
facial images, particularly of minors, as facial image matching relies on the image in the passport
to match against. Where a person’s identity cannot be resolved by comparing the facial image in
the passport with the person presenting the passport, the Bill provides for other personal
identifiers to be collected, specifically fingerprints, by way of a verification check. Collecting
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 19
another personal identifier to attempt to resolve a person’s identity is a necessary and
proportionate response to resolve identification and prevent fraud.
Currently, if an identity or other security concern arises, in order to quickly resolve the issue, the
Department is effectively restricted to using paper-based credentials, even though technology is
now available to conduct a more accurate, faster and higher-integrity check using a fingerprint
scan. The years since 9/11 have been characterised by more stringent requirements for people to
be identifiable in response to security threats and to combat escalating problems of identity theft.
Accurately establishing identity is the prerequisite for all security, character and integrity checks.
The need to establish or verify the identity of an individual in a globalised and mobile world is
critical to how the Department manages the border. The Department has a responsibility to
ensure that high standards of integrity apply to identifying both citizens and non-citizens. The Bill
creates a framework that allows the Department to keep up with developments in biometric
technology and address gaps in the existing biometric framework. This will assist the Department
in achieving its strategic objective to protect Australia’s border.
APP11 – SECURITY OF PERSONAL INFORMATION

An APP entity must take reasonable steps to protect personal information it holds
from misuse, interference and loss, as well as unauthorised access, modification
or disclosure.
Discussion
The Department commenced collecting and storing personal identifiers in 2006. The Bill amends
the Migration Act only in relation to the collection of personal identifiers, and does not alter the
current requirements relating to the security of personal identifiers managed by the Department.
Current systems and security standards are adequate to protect any additional data retained by
the Department due to the measures in the Bill.
The Department currently complies with APP 11, which requires an APP entity that holds personal
information to take such steps as are reasonable in the circumstances to protect the information
from misuse, interference and loss; and unauthorised access, modification or disclosure. Robust
systems are already in place to ensure the security of personal information, including personal
identifiers, the Department collects. The Department uses encryption and authorisation
procedures to ensure data protection, security, confidentiality and integrity of personal identifiers it
collects. Facial images and fingerprints are stored on secure departmental databases that comply
with:

the Protective Security Policy Framework, which imposes mandatory
requirements on Government agencies to develop protective security policies,
plans and procedures

the Australian Government Information Security Management Guidelines that set
out standards that govern the security of government ICT systems.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 20
Security of finger scans collected by way of a verification check
The Bill provides for personal identifiers to be provided in another ‘specified way’ to the
identification test. In practical terms this means the Department will be able to confirm identity by
performing a verification check using a mobile, hand-held device that:

requires user authentication that consists of a PIN/Password access protection

uses secure, wireless-type connections to transfer data to conduct checks
against the Department’s data holdings, and those of any external agencies, such
as CrimTrac, which manages the National Automated Fingerprint Identification
System (NAFIS) (NAFIS stores fingerprints collected by Australian law
enforcement agencies)

does not store any finger image data of individuals any response information that
is returned back to the hand-held device during a check is also not stored (this
non-storage applies to both normal processing and failure conditions)

have remote wipe capability (if a device is lost, stolen or damaged)

are highly tamper proof, all configuration settings will be secured from accidental
resets.
A Security Risk Assessment (SRA) for the new hand-held devices has been
completed under Proof-of-Concept conditions. A second SRA is scheduled for the
production environment prior to rollout of the new hand-held devices at Australia’s
airports.
Analysis of privacy risk
Part 4A of the Migration Act sets out a series of rules and offences that govern the access,
disclosure, modification and destruction of identifying information. These provisions continue to
apply to personal identifiers retained under the Bill. There will be no change to existing legislation
regarding information, including personal identifiers, held by the Department.
For example, s. 336C of Part 4A of the Migration Act makes it an offence for a person to access
identifying information if the person is not authorised to access it under s. 336D. Under s. 336E of
the Migration Act, a person commits an offence if their conduct causes the disclosure of
identifying information and the disclosure is not a permitted disclosure. The permitted disclosures
are set out in ss. 336E(2).
Section 336H of the Migration Act makes it an offence for a person to cause any unauthorised
impairment of the reliability of identifying information or the security of the storage of identifying
information, or the operation of a system by which identifying information is stored.
These provisions in Part 4A of the Migration Act ensure the Department complies with the
requirements of APP 11 in relation to identifying information. That is, those provisions protect
such information from misuse, interference and loss, and from unauthorised modification, access
and disclosure.
In the event of an unauthorised disclosure of personal information, including identifying
information, the threshold for harm will be assessed by the Information Access Capability Section
in the Department to determine whether it meets the Privacy Commissioner’s guidance in regards
to self-reporting. The Department’s usual practice is to consult with the Privacy Commissioner in
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 21
relation to the breach and comply with the recommendations of the Privacy Commissioner,
including any notification to advise the individuals affected by the breach. The Privacy
Commissioner’s recommendations may vary depending on the nature of the breach, and
notification is now always required in every instance. Information in the Department’s Privacy
Policy is available on the Department’s publicly accessible website.
Retention and disposal of identifying information, including personal identifiers, is set out in the
Migration Act and the Archives Act and as provided for by the relevant associated departmental
Records Authority (RA).
The Department retains some personal identifiers indefinitely:

a measurement of a person’s height and weight

a photograph or other image of a person’s face and shoulders

a person’s signature

identifying information derived from or relating to one of the above personal
identifiers.
Under the Archives Act it is an offence to destroy a Commonwealth record, including personal
identifiers, unless the destruction is:

required by law

done with the permission of the National Archives of Australia (NAA).
The NAA has issued a Records Authority for detention and migration management that bases
retention periods on a range of factors, including accountability requirements, ongoing business
need and community interest.
The Bill amends the Migration Act only in relation to the collection of personal identifiers, and does
not alter current requirements for the security of personal identifiers.
Security of finger scans collected by way of a verification check
The privacy risks relating to the security of information collected by way of a verification check
using new, mobile hand-held devices are assessed as low:

finger images collected by way of a verification check are not retained by the
Department

the new, mobile hand-held devices will not store any data (either finger scan data,
response data)

finger scan data will not be retained by any external agency against whose data
holdings a check may be conducted, such as CrimTrac

robust security protections have been designed for the mobile, hand-held
devices, as well as the transmission of data to and from the hand-held devices.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 22
APP12 – ACCESS TO PERSONAL INFORMATION

An APP entity that holds personal information about an individual must give the
individual access to that information on request, unless an exception applies.
Discussion
The Bill does not amend the Migration Act in relation to matters regulated under APP12.
Form 1442i - Privacy notice and Form 1243i - Your personal identifying information, provide
information on how to request access to personal information, including personal identifiers to all
individuals. The vast majority of persons traveling into Australia are required to sign and
acknowledge that they have read and understood Form 1442i – Privacy Notice when they have
applied for a visa. Those who arrive without a valid visa are advised and provided privacy notices
specific to their circumstances, for example, if detained, and are also directed to the Department’s
Form 1442i – Privacy Notice and provided a copy if requested.
Citizens who are travelling are also able to access the forms on the Department’s website and
information about both forms is also made available via prominently placed signs at airports.
Individuals from whom the Department collects personal identifiers by way of an identification test
are provided with copies of both forms, or made aware of both forms prior to the test. Individuals
who are subject to a verification check are verbally directed to the Department’s Privacy Notice,
which is available on the Department’s website. The Department is considering ways to
appropriately inform minors and incapable persons.
APP12 stipulates that individuals may seek details about their personal information, including
personal identifiers, held by the Department. Identifying information about a person may be
disclosed to the person concerned in accordance with section 336E of the Migration Act and
subsequently Part 6 of the Australian Border Force Act. As per the requirements of APP12,
requests for access are responded to within 30 days at no cost to individuals. Access to
information will only be refused where the Department is required or authorised to refuse by or
under the Freedom of Information Act 1982 or any other Australian law, as provided for under
APP12.
Analysis of privacy risk
It is the Department’s view, that an individual retains a level of control and ownership over their
personal information even after this information has been collected by the Department. The
Department has review and audit mechanisms in place to help identify information that is no
longer relevant or appropriate to be stored, for example, information relating to someone who has
died.
The Department complies with APP12, and currently provides individuals with access on request
to stored information pertaining to the person concerned. These current arrangements are not
impacted by the Bill, which does not alter current arrangements for a person to access their own
personal identifiers.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 23
APP13 – CORRECTION OF PERSONAL INFORMATION
An APP entity must take reasonable steps to correct personal information to ensure that, having
regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not
misleading.
This requirement applies where:

the APP entity is satisfied the information is inaccurate, out-of-date, incomplete,
irrelevant or misleading, having regard to a purpose for which it is held, or

the individual requests the entity to correct the information.

There are minimum procedural requirements in relation to correcting personal
information, including when an APP entity must:

take reasonable steps to notify other APP entities of a correction

give notice to the individual which includes reasons and available complaint
mechanisms if correction is refused

take reasonable steps to associate a statement with personal information it
refuses to correct

respond to a request for correction or to associate a statement, and

not charge an individual for making a request, correcting personal information or
associating a statement.
Discussion
The Bill does not amend the Migration Act in relation to correcting personal information, including
personal identifiers. Collecting personal identifiers enables the Department to verify a person’s
identity more accurately than paper-based documents, and assists to ensure that information
provided is accurate, complete, not misleading and up-to-date.
Departmental systems provide for an individual’s record to be corrected and an associated
statement be made as required. The Department has established procedures in place to deal with
non-citizens’ requests to correct their personal information. The Department’s Privacy Notice
provides individuals with information on how they may seek access to and correction of their
personal information. The Department responds to such requests within 30 days after the request
is made and the individual is not charged for making the request.
Where a request for correction is refused, for example where the Department is satisfied that the
information it holds is accurate, it will give a written notice to the individual including reasons for
the refusal and the complaint mechanisms available. If requested, the Department will take
reasonable steps to associate a statement with the personal information that the individual
believes to be inaccurate, out-of-date, incomplete, irrelevant or misleading. The individual is also
advised that they may seek to have their information amended under the FOI Act. Further
information is available in Form 424C - Request for amendment or annotation to personal records.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 24
Analysis of privacy risk
Though not impossible, the likelihood of misidentifying an individual is unlikely using personal
identifiers compared to paper-based documents. There is also a risk of administrative error, for
example, personal identifiers of one person may become incorporated in another person’s record.
There are policies around Records Management in regard to the management of such errors.
Where necessary, the Information Access Capability Section will provide policy advice.
For the majority of persons who cross Australia’s border, a facial image is sufficient. In cases
where a facial image is not sufficient to resolve identity or other concerns, collecting another
personal identifier provides for rapid, accurate identification with fewer errors, which in turn
reduces inconvenience to individuals. Where difficulties in identifying an individual are
experienced, collecting additional personal identifiers, particularly fingerprints, provides an
appropriate, quick and in most cases a non-intrusive option to obtain greater assurance of
identity.
Conclusion
An individual seeking to enter or depart Australia is required by law to provide evidence of their
identity. The Department has been collecting personal identifiers since 2006 to improve its
effectiveness in facilitating the travel of millions of persons each year, while fulfilling its strategic
objectives of protecting Australia’s borders, promoting responsive migration, advancing trade and
revenue and leading in border innovation.
Alternatives to collecting personal identifiers include longer delays in border clearance, collection
of more biographic information, increasing use of interviews, and more intensive document
analysis. These alternatives add limited improvement to the efficacy of the border processing,
while requiring significantly more resources, and slower processing times at Australia’s border.
The Department’s biometric programme has demonstrated the effectiveness of conducting
identity, security, and law enforcement checks using personal identifiers. More than 10,000
instances of fingerprint matches with Australian law enforcement agencies and FCC partner
countries have revealed undisclosed security and criminal histories, as well as discrepancies
between the biographic data provided to the department and that provided to another agency.
Streamlining multiple provisions into a single broad discretionary power in the Bill removes
existing restrictions, complexities and inconsistencies in collecting biometrics. Removing these
restrictions increases security and improves the decision-making process for people seeking to
enter, depart and remain in Australia. The Department recognises the privacy risks under the
reforms in the Bill; however the measures in the Bill are necessary and proportionate to address
current gaps and restrictions in the Department’s biometric programme. Departmental officers
require tools to more effectively meet current threats and use advances in biometric technology to
improve border security.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 25
Recommendations
1. APP3 - To ensure staff compliance with legislative requirements in the Bill,
appropriate training must be provided, in addition to new policy and procedural
guidelines on the collection of personal identifiers under the Bill.
2. APP5 - That the following forms are reviewed and updated as required to ensure
APP5 requirements are met:

1442i - Privacy notice

1243i - Your identifying information

any other forms relating to collection of personal identifiers from minors or
incapable persons

signs at airports where verification checks are conducted.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 26
Part D – Supporting Materials
Definitions
Incapable person – Migration Act definition (Section 5: Interpretation)
(1) In this Act, unless the contrary intention appears:
(2) Incapable person means a person who is incapable of understanding the general nature
and effect of, and purpose of, a requirement to provide a personal identifier
Identifying information – Migration Act definition (Section 336A: Definitions)
In this Part:
identifying information means the following:
(a) any personal identifier obtained by the Department for one or more of the purposes
referred to in subsection 5A(3);
(b) any meaningful identifier derived from any such personal identifier;
(c) any record of a result of analysing any such personal identifier or any meaningful
identifier derived from any such personal identifier;
(d) any other information, derived from any such personal identifier, from any meaningful
identifier derived from any such personal identifier or from any record of a kind referred to
in paragraph (c), that could be used to discover a particular person's identity or to get
information about a particular person.
Identification test – Migration Act definition (Section 5: Interpretation)
(1) In this Act:
identification test means a test carried out in order to obtain a personal identifier.
Minor – Migration Act definition (Section 5: Interpretation)
(1) In this Act, unless the contrary intention appears:
Minor means a person who is less than 18 years of age.
Personal Identifier – Migration Act definition (Section 5A: Meaning of personal identifier)
(1) In this Act:
personal identifier means any of the following (including any of the following in digital
form):
(a) fingerprints or handprints of a person (including those taken using paper and ink or
digital live scanning technologies);
(b) a measurement of a person's height and weight;
(c) a photograph or other image of a person's face and shoulders;
(d) an audio or a video recording of a person (other than a video recording under
section 261AJ);
(e) an iris scan;
(f) a person's signature;
(g) any other identifier prescribed by the regulations, other than an identifier the obtaining
of which would involve the carrying out of an intimate forensic procedure within the
meaning of section 23WA of the Crimes Act 1914.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 27
Personal Information – Privacy Act definition (Section 6: Interpretation)
Personal information means information or an opinion about an individual, or an individual who
is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Sensitive Information – Privacy Act definition (Section 6: Interpretation)
Sensitive information means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record;
(a) that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or
biometric identification; or
(e) biometric templates.
The difference between an Identification Test and a Verification
Check
An identification test carried out by an authorised officer involves the collection and retention of
biometric information by the Department, as prescribed under the Migration Act, and is time
consuming and resource intensive, taking between up to 60 minutes to complete.
The Migration Act will continue to include legislative safeguards that apply to carrying out an
identification test by an authorised officer, including:

The test must be carried out in circumstances affording reasonable privacy to the
person;

The test must not involve the removal of more clothing than is necessary for the
carrying out the test

The test must not be carried out in a cruel, inhuman or degrading manner, or in a
manner that fails to treat a person with humanity and with respect for human
dignity.
A verification check is ‘another specified way’ of providing personal identifiers permitted under
the Bill and it will enable to Department to verify the identity of an individual of concern in a quick
and non-obtrusive way as the check takes seconds to complete.
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 28
A verification check involves a fingerprint scan using a mobile hand-held device, which is then, as
appropriate, checked in real-time against relevant databases to verify a person’s identity, security
and law enforcement or immigration history. The scan of the person’s fingerprints will not be
retained after completion of the check.
Given the volume of persons entering and departing Australia each day, it is not practical to
conduct a large number of identification tests at the border. Verification checks, which are more
akin to the non-intrusive explosives trace detection test currently conducted at airports, are a
quicker and accurate way to check the identity of persons identified as being of concern. These
checks will not be conducted at random; they will be based on a risk assessment and applied to
individuals assessed as a security concern.
Acronyms
APP
Australian Privacy Principles
FCC
Five Country Conference
NAA
National Archives of Australia
NAFIS National Automated Fingerprint Identification System
PIA
Privacy Impact Assessment
SRA
Security Risk Assessment
Privacy Impact Assessment
Migration Amendment (Strengthening Biometrics Integrity) Bill 2015
| 29

Download Report

Migration Amendment (Strengthening Biometrics Integrity) Bill 2015

Paperzz.com

Your Paperzz