The Australian Privacy Commissioner Karen Curtis approved the binding Biometrics Institute Privacy Code on the 19 July 2006. The Code has come into operation on 1 September 2006, and is intended to cover the biometric industry in Australia.

This Code is binding upon organisations that have agreed to be covered by the Code by signing the �Biometrics Institute Privacy Code Agreement to Comply�.

Only members of the Biometrics Institute are eligible to subscribe to this Code.

Biometrics Institute membership, and thus subscription to this Code, is voluntary.

Government agencies at both a state and federal level may choose to follow the Code; they may also prefer tenderers to be signatories to the Code. However, Australian Government agencies are not legally required to comply with the Code.

Please also refer to the following documents for further guidance:

- Information Memorandum (word, 192 KB)

- Statement of Consultation (word, 123KB)

A list of current Code Subscribers is available from this website.

The Office of the Privacy Commissioner will handle privacy complaints about organisations who volunteer to be bound by the Code.

The Code includes privacy standards that are at least equivalent to the National Privacy Principles (NPPs) in the Privacy Act and also incorporates higher standards of privacy protection in relation to:

• certain acts and practices in relation to employee records that otherwise would be exempt.
• the addition of three new Supplementary Biometrics Institute Privacy Principles 11, 12, and 13 in the Code:
  • Principle 11 deals with the protection of biometric information and in some ways supplements the data security obligations in NPP 4.
  • Principle 12 includes some added notice requirements, restricts some secondary uses without express free and informed consent and confers a right to request the removal of biometric information from a system. These obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.
  • Principle 13 introduces an obligation of accountability through an extra notice obligation, requires an audit of biometric systems to be undertaken, introduces the concept of holistic privacy management in relation to a biometric product or service, and mandates the use of privacy impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
• the inclusion of specific requirements in the Code for code subscribers to be aware of and take account of relevant national and international standards for information protection and biometric systems.

The Code has been registered on the Federal Register of Legislative Instruments as well as entered into the Privacy Commissioner's register of approved privacy codes.

Access the Biometrics Institute press release.

Contact the Code Administrator:

Biometrics Institute