Guidance on ID scanning in pubs and clubs

As any recent attendee at a pub or club in Australia can attest, an increasing number of venues are now utilising technology that scans or copies their patrons’ ID documents. In response to concerns raised by the public, the Federal Privacy Commissioner has now issued an information sheet aimed at these businesses to explain their obligations under the Privacy Act and the National Privacy Principles (NPPs).

The information sheet contains the useful following advice:

  • Collection of the personal information must be necessary for one of the business’s functions or activities.
  • Collection of ‘sensitive’ information, such as some information contained on a driver’s licence or that can be easily deduced from a driver’s licence requires consent and must be necessary before it can be collected.
  • Businesses should offer alternatives to ID scanning where a patron does not consent or where obtaining all the information present on ID is not necessary. If practicable and lawful, a patron has the right to attend the venue anonymously.
  • Patrons must be made aware their information is being collected and what is being done with it. An easily read notice or handout is suggested.
  • The information collected cannot be used for any secondary purpose such as marketing unless the patron gives consent.
  • Information should be stored securely and have a set timeframe before being destroyed.
  • The business should have a privacy policy.
[/list_square_grey] For more information on privacy policies please contact Certus Legal Group.