Privacy protection

The Document Verification Service (DVS) does not collect or store personal information. However, some organisations you give your personal information to may use the DVS and may collect and store personal information.

Under the Privacy Act 1988 (Australia) and the Privacy Act 1993 (New Zealand) you have certain rights and protections relating to your personal information. You can find out more about these rights by visiting the Office of the Australian Information Commissioner and the Office of the Privacy Commissioner websites

Privacy breaches

Organisations that use the DVS are required to protect the personal information they hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These requirements are set out in the Australian Privacy Principles and the Information Privacy Principles (New Zealand).

A privacy breach occurs when personal information held by an organisation is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference.

If you believe an organisation has breached your privacy through DVS-related actions, you should notify the organisation responsible and the DVS Manager immediately. If there is a real risk of serious harm as a result of a privacy breach, the Office of the Australian Information Commissioner or the Office of the Privacy Commissioner (New Zealand) should also be notified.

If you are unsatisfied with the organisation or DVS Manager’s response, you can submit a privacy complaint on the Office of the Australian Information Commissioner or the Office of the Privacy Commissioner websites.

Access to personal information

If an organisation holds personal information about you, you are entitled to access this information and, if necessary, ask that the information be corrected under the Australian Privacy Principles (APPs) and Information Privacy Principles (IPPs).

Under APP 12 and IPP6, an organisation that holds personal information about you is required to give you access to that information on request. However, there are some grounds for refusal including:

  • giving access would be unlawful
  • access would pose a serious threat to life, health and safety of any individual, or to public health or public safety
  • the information requested relates to an existing or anticipated legal proceeding
  • the request is deemed frivolous or vexatious.

If your request is denied, the organisation must give you a written explanation of the reason for refusal and information about how to appeal the decision.

Under APP 13  and IPP7, you can also request that an organisation makes changes to incorrect, out-of-date or misleading information they hold about you. If they refuse to correct the information they must give you a written explanation of the reasons for refusal and information about how to appeal the decision.