Privacy Code of Practice (General) Amendment (Document Verification and Certificate Validation Services) 2009 (NSW)
2009 No 638
New South Wales
Privacy Code of Practice (General)
Amendment (Document Verification
and Certificate Validation Services)
2009
under the
Privacy and Personal Information Protection Act 1998
I, the Attorney General, in pursuance of section 31 of the Privacy and Personal Information Protection Act 1998, do, by this my Order, make the following Privacy Code of Practice.
Dated, this 23rd day of December 2009.
JOHN HATZISTERGOS, M.L.C.,
Attorney General
Explanatory note
The object of this Order is to amend the Privacy Code of Practice (General) 2003 so as to make provision with respect to the collection, use and disclosure of certain personal information by the Registry of Births Deaths and Marriages (the Registry) for purposes in connection with the National Document Verification Service (managed by the Commonwealth Attorney-General’s Department) and the Certificate Validation Service (operated by the Registry on behalf of the Council of Australasian Registrars for Births, Deaths and Marriages).
This Order is made under section 31 of the Privacy and Personal Information Protection Act
1998.
| Published Gazette No 213 of 31 December 2009, page 6719 | Page 1 |
| 2009 No 638 | Privacy Code of Practice (General) Amendment (Document Verification and |
| Clause 1 | Certificate Validation Services) 2009 |
Privacy Code of Practice (General) Amendment
(Document Verification and Certificate Validation
Services) 2009
under the
Privacy and Personal Information Protection Act 1998
1 Name of Order
This Order is the Privacy Code of Practice (General) Amendment
(Document Verification and Certificate Validation Services) 2009.
2 Commencement
This Order commences on the day on which it is published in the
Gazette.
| Privacy Code of Practice (General) Amendment (Document Verification and | 2009 No 638 |
| Certificate Validation Services) 2009 | |
| Amendment of Privacy Code of Practice (General) 2003 | Schedule 1 |
| Schedule 1 | Amendment of Privacy Code of Practice (General) 2003 |
Part 7
Insert after Part 6:
Part 7 Registry of Births Deaths and Marriages 19 Definitions
(1) In this Part:
CVS means the Certificate Validation Service operated by the
Registry on behalf of the Council of Australasian Registrars for
Births, Deaths and Marriages.
DVS means the National Document Verification Service
managed by the Commonwealth Attorney-General’s
Department.
issuing agency means:
(a)
in relation to the CVS, a State or Territory Government agency that:
(i) issues proof of identity documents, and (ii)
is authorised to receive and respond to validation requests, and
(b)
in relation to the DVS, a Commonwealth, State or Territory Government agency that:
(i) issues proof of identity documents, and (ii)
is authorised to receive and respond to validation requests.
proof of identity document means:
(a)
any certificate issued by the Registry under section 49 of the Births, Deaths and Marriages Registration Act 1995, and
(b)
a document issued by any other issuing agency that may be used to establish a person’s identity.
the Registry means the Registry of Births Deaths and Marriages.
user agency means:
(a)
in relation to the CVS, a government or non-government agency or organisation that is authorised to use the CVS to verify personal information contained in documents presented to it as proof of identity documents, and
| 2009 No 638 | Privacy Code of Practice (General) Amendment (Document Verification and Certificate Validation Services) 2009 |
| Schedule 1 | Amendment of Privacy Code of Practice (General) 2003 |
(b) in relation to the DVS, a Commonwealth, State or Territory Government agency that is authorised to use the DVS to verify personal information contained in documents presented to it as proof of identity documents. validation request means a request made through the CVS or the DVS by a user agency to verify personal information contained in a document presented to the user agency as a proof of identity document issued by an issuing agency.
(2) A reference in this Part to the Registry includes a reference to the Registrar of Births, Deaths and Marriages and the Registrar’s staff. 20 Collection, use and disclosure in connection with the DVS
(1) The Registry is not required to comply with section 9, 10 or 11 of
the Act if the personal information concerned is collected:
(a) through the DVS from a user agency, and (b)
only to enable the Registry, as an issuing agency, to respond to a validation request, and
(c)
in accordance with any applicable operating protocols of the DVS.
(2) The Registry is not required to comply with section 17 of the Act
if the use of the personal information concerned:
(a) is for the purpose only of enabling the Registry, as an issuing agency, to respond to a validation request, and (b) is in accordance with any applicable operating protocols of the DVS. (3) The Registry is not required to comply with section 18 of the Act
if the disclosure of the personal information concerned:
(a) is only for the purpose of enabling the Registry, as an issuing agency, to respond to a validation request, and (b) is in accordance with any applicable operating protocols of the DVS. 21 Collection, use and disclosure in connection with the CVS
(1) The Registry is not required to comply with section 9, 10 or 11 of
the Act if the personal information concerned is collected:
(a)
through the CVS from a user agency or an issuing agency, and
| Privacy Code of Practice (General) Amendment (Document Verification and | 2009 No 638 |
| Certificate Validation Services) 2009 | |
| Amendment of Privacy Code of Practice (General) 2003 | Schedule 1 |
(b) only for one or more of the following purposes:
(i)
to enable the Registry, as an issuing agency, to respond to a validation request,
(ii)
to enable the Registry, as the operator of the CVS (the CVS operator), to direct a validation request to the appropriate issuing agency,
(iii)
to enable the Registry, as the CVS operator, to direct a response from an issuing agency to a validation request, to the user agency that made the request,
(iv)
to enable the Registry, as the CVS operator, to perform billing and associated auditing functions, and
(c)
in accordance with any applicable operating protocols of the CVS.
(2) The Registry is not required to comply with section 17 of the Act
if the use of the personal information concerned:
(a) is for either or both of the following purposes only: (i) to enable the Registry, as an issuing agency, to respond to a validation request,
(ii) to enable the Registry, as the CVS operator, to perform billing and associated auditing functions, and
(b)
is in accordance with any applicable operating protocols of the CVS.
(3) The Registry is not required to comply with section 18 of the Act
if the disclosure of the personal information concerned:
(a) is only for one or more of the following purposes: (i) to enable the Registry, as an issuing agency, to respond to a validation request,
(ii) to enable the Registry, as the CVS operator, to direct a validation request to the appropriate issuing agency,
(iii) to enable the Registry, as the CVS operator, to direct a response from an issuing agency to a validation request, to the user agency that made the request,
(iv) to enable the Registry, as the CVS operator, to perform billing and associated auditing functions, and
(b)
is in accordance with any applicable operating protocols of the CVS.
BY AUTHORITY
0
0
0