Biometric information scanning is when an organisation or agency takes an electronic copy of your biometric information, which includes any features of your:

  • face
  • fingerprints
  • iris
  • palm
  • signature
  • voice

An organisation or agency may only scan your biometric information as a way to identify you or as part of an automated biometric verification system, if the law authorises or requires them to collect it or it’s necessary to prevent a serious threat to the life, health or safety of any individual.

Under the Privacy Act 1988 (Privacy Act) your biometric information is sensitive information. This means that if the Privacy Act covers the organisation or agency collecting it then they must first ask for your consent, with some exceptions, and also make sure it has a high level of privacy protection. The Privacy Act covers Australian Government agencies and any organisation with an annual turnover of more than $3 million, and some other organisations.

If you think your scanned information has been mishandled

If you think your scanned information has been mishandled by an organisation or agency covered by the Privacy Act, contact them to lodge a complaint.

If you’re not happy with an organisation or agency’s response, you can lodge a complaint with us

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au