Skip to main content

Privacy notice for critical infrastructure (Critical Infrastructure Risk Management Program) background checks

Last updated: 29 Sep 2025

About this privacy notice

This is the AusCheck privacy notice – background checks for critical infrastructure (Critical Infrastructure Risk Management Program).

AusCheck may conduct a critical infrastructure background check for a person to be granted access to a critical component of a critical infrastructure asset. You have been identified as a critical worker and a person as who requires access to a critical component of a critical infrastructure asset.

This document explains:

  • what personal information is collected when an application for a critical infrastructure background check is made.
  • how your personal information will be used and disclosed
  • where you can find more information about the Department of Home Affairs (the department) privacy policy.

The AusCheck Act 2007 and AusCheck Regulations 2017 authorises and requires the department to collect certain personal information for background checking.

The Privacy Act 1988 (Privacy Act) requires the department to notify an individual of certain matters when it collects personal information about them. This document is your notification of those matters.

What is personal information?

The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable (whether this is true or not and whether this is recorded in a material form or not).

Under the Privacy Act personal information may include sensitive information. Sensitive information is a subset of personal information and includes information or opinion about an individual’s racial or ethnic origin, political, religious and philosophical beliefs, trade or professional associations or memberships, union memberships, sexual orientation or practices, criminal record, health, genetic and biometric information.

Why is my personal information being collected?

We are collecting your personal information for the purpose of facilitating an AusCheck background check under the Security of Critical Infrastructure (Critical Infrastructure Risk Management Program) Rules 2023 (the CIRMP Rules). The CIRMP Rules require critical workers to be assessed as suitable to permit them access to critical components of the critical infrastructure asset. One method of assessing the suitability of a critical worker is a background check conducted by AusCheck.

A responsible entity covered by the CIRMP Rules has a Critical Infrastructure Risk Management Program (CIRMP) that permits an AusCheck background check of its critical workers. A CIRMP is a written program that applies to a particular entity that is the responsible entity for one or more critical infrastructure assets and the purpose of which is to identify hazards, minimise or eliminate the risks of such hazards occurring and to mitigate the relevant impact of the hazards on the asset. As a person who requires access to critical components of the critical infrastructure asset, you are considered a critical worker to undergo an AusCheck background check.

We are collecting your personal information to conduct a background check under the AusCheck Act and the AusCheck Regulations. You or your responsible entity will apply to AusCheck through our portal, using the Digital ID System.

What happens if my personal information is not collected?

AusCheck can only conduct a background check if the required information is provided. Failure to provide the required information will delay the commencement of your background check.

If AusCheck does not collect your personal information, a background check cannot be conducted, and your responsible entity may decide not to grant you access to the critical components of the critical infrastructure asset.

What personal information is being collected about me?

Section 5 of the AusCheck Regulations requires the following information to be collected:

  • identity information: your full name, all former full names, all other names, titles, pseudonyms and aliases which you are or were known by, use or have used to identify yourself (variants, including variants in spelling are taken to be different name, titles, pseudonyms or aliases), date and place of birth, gender, contact details, current residential address, and all other previous residential addresses for the past 10 years.
  • details of identification documents: for example, your birth certificate registration number or passport details, to enable the electronic verification of these documents. If there are issues verifying these documents, your responsible entity may provide copies of these documents to AusCheck to assist with troubleshooting. These copies will be stored in accordance with Commonwealth government record keeping obligations as set out in the Archives Act 1983.
  • a photograph: taken at the same time as your application showing your full face, and head and shoulders.
  • work information: the name, telephone number and business address of your employer and operational need to be granted access to the critical components of the critical infrastructure asset.
  • other information: AusCheck may also need additional information in order to confirm your identity.

If a ‘right to work in Australia’ or ‘immigration check’ is requested by your responsible entity, AusCheck will also need the following information:

  • immigration information: your passport number, and the number and expiry date of any visa granted to you enabling you to travel to and enter, remain and/or work in Australia.

AusCheck may direct you or your responsible entity to provide further information if doing so is necessary for the purposes of meeting background check application requirements, ensuring all required information is provided for completing a background check. This direction may be given while the background check is being undertaken, or while your critical infrastructure background check is valid.

How will my personal information be used, disclosed and stored?

Your personal information will be used, disclosed and stored securely in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988.

AusCheck will store your personal information in the AusCheck database, and only use and disclose your personal information for purposes permitted by law, including:

  • verifying the identity of an individual - this includes a comparison of your personal information, including a photograph, against information of other applicants for the purpose of identity assessment by AusCheck. Steps are taken where possible to limit the ability to re-identify any comparison information
  • determining whether a background check is required or permitted
  • conducting and advising on the outcome of a background check
  • updating information on an individual who has undertaken a background check
  • providing updated advice on the outcome of a background check if the original background check advice was inaccurate or incomplete (this may involve further background checking)
  • responding to a national security incident, and
  • performing functions relating to law enforcement or national security.

Your personal information will not be disclosed to an overseas recipient without your consent, or unless permitted by law including APP 6 and APP 8 in Schedule 1 to the Privacy Act and the AusCheck Act and the AusCheck Regulations.

AusCheck will conduct and coordinate a background check using the information you provide. That information may also be used to conduct subsequent background checks. The outcome of these checks affects your eligibility to be granted access to critical infrastructure assets.

When conducting a background check, AusCheck will disclose your personal information to:

  • The Department of Home Affairs: AusCheck will disclose your personal information to other parts of the Department to electronically verify your identification, or to check your citizenship status or your legal right to work in Australia.
  • Australian Security Intelligence Organisation (ASIO): ASIO will assess your background and any past activities to determine whether there could be a threat to national security. ASIO will store your information and use it for national security purposes, including those purposes set out in the Australian Security Intelligence Organisation Act 1979.
  • Australian Criminal Intelligence Commission (ACIC) criminal record check: The ACIC will check your criminal record in the databases of all Australian legal jurisdictions and supply a copy of your criminal record to AusCheck. AusCheck will provide you with an opportunity to review your security-relevant offences before finalising the eligibility assessment. If you dispute the details of these offences, you are required to contact AusCheck in the first instance. AusCheck can provide details of your dispute to the ACIC, but you may need to contact the relevant police in the jurisdiction in which these offences occurred to directly query your criminal record. The ACIC may also securely store and use your information to perform functions related to law enforcement purposes, including those purposes set out in the Australian Crime Commission Act 2002.

AusCheck will only provide your personal information for other purposes where specifically required or permitted by law such as responding to a national security incident, and for law enforcement or national security purposes.

When you submit an online application for a critical infrastructure background check, AusCheck also collects your personal information through the Digital ID System to verify your identity online.

The Digital ID System may use the information they collect to perform their functions, including:

  • responding to reported cyber security incidents and events
  • investigating suspected identity or credential-related fraud incidents
  • managing complaints, questions and requests that you make about your digital identity
  • coordinating system-wide responses to critical incidents.

Where can I get more information?

Find out more about AusCheck(Opens in a new tab/window).

Visit the Department of Home Affairs website to access the department's privacy policy(Opens in a new tab/window). You can find the following information:

  • How to access or seek correction of personal information about you that is held by the department.
  • How you may complain about a breach of the APPs and how complaints are dealt with.

The Digital Transformation Authority website(Opens in a new tab/window) has more information about the Australian Government’s Digital ID System, including the Digital ID System privacy policy(Opens in a new tab/window).

How to contact us

Contact AusCheck(Opens in a new tab/window).

Alternatively, you can provide feedback by either:

The Manager Global Feedback Unit
GPO Box 241
Melbourne VIC 3001 
Australia

Return focus to the top of the page

Sign up

Sign up for news and updates from our agency.
Sign up