APP 9: Adoption, Use and Disclosure of Government Identifiers

What APP 9 covers

APP 9 addresses the handling of government identifiers by organisations, and does not apply to government agencies themselves. It focuses on preventing misuse and protecting the privacy of individuals.

The core of APP 9 consists of two key prohibitions. APP 9.1 prevents organisations from assigning a government related identifier – that is, an identifier issued by an agency, a State or Territory authority, or related entities – as their own identifier for an individual.

APP 9.2 restricts the use and disclosure of government related identifiers by organisations. These identifiers include examples such as tax file numbers, Medicare numbers, individual healthcare identifiers, Centrelink customer reference numbers and driver licence numbers. Use or disclosure is only permitted where a specific exception applies.

Exceptions in APP 9.2

APP 9.2 outlines specific circumstances where an organisation may use or disclose a government identifier despite the general restrictions outlined in APP 9.1. These exceptions are defined by law and allow for necessary data handling in specific situations.

Permitted uses and disclosures include instances where an Australian law or court/tribunal order requires or authorises the action. Additionally, use or disclosure is permitted if it is reasonably necessary for an organisation to verify an individual’s identity, or to fulfil obligations to an agency or a State or Territory authority.

Further exceptions exist where a prescribed permitted general situation under section 16A applies, or where an organisation reasonably believes disclosure is necessary for enforcement related activities conducted by or on behalf of an enforcement body. Finally, regulations made under the Act can also prescribe circumstances where use or disclosure is permitted.

Tax file numbers and healthcare identifiers

Tax file numbers are subject to specific regulation outside of the Australian Privacy Principles. The Privacy (Tax File Number) Rule 2015 (TFN Rule), issued under section 17 of the Privacy Act, governs the collection, storage, use, disclosure, security and disposal of TFN information. This rule applies to all recipients of TFN information, not just entities covered by the Australian Privacy Principles.

Individual healthcare identifiers are also separately regulated. The Healthcare Identifiers Act 2010 and the Healthcare Identifiers Regulations 2020 establish the framework for their management. The HI Service issues three types of identifiers: Individual Healthcare Identifier (IHI), Healthcare Provider Identifier - Individual (HPI-I) and Healthcare Provider Identifier - Organisation (HPI-O). My Health Records Act 2012 provides further context to the use of healthcare identifiers.

These identifiers and TFNs are therefore subject to distinct regulatory requirements, and APP entities must ensure compliance with both the Australian Privacy Principles and the relevant rules and acts governing these specific identifiers.

Practical compliance points

APP 9 restricts the adoption and use of government identifiers. Generally, organisations should not adopt a Tax File Number (TFN), Medicare number, or driver licence number as a customer identifier within their systems. There are limited exceptions, primarily relating to compliance with Australian law.

Storing a government identifier is permissible if it is required or authorised by Australian law. An example of this is retaining a TFN to meet obligations under tax law. Even when a government identifier is held for a legitimate purpose, organisations must still adhere to all other obligations under the Privacy Act.

The security of government identifiers is paramount. Where an organisation holds a government identifier under APP 9, the obligations outlined in APP 11 reasonable steps for security apply. Failure to comply with APP 9 constitutes an interference with an individual’s privacy under section 13 of the Privacy Act.