|
HSAC Government Documents
|
The Federal government calls it a ‘Human Services Access
Card’
We call it for what it is: a National ID Card System
Government Documents & Your Personal Data
The following sections provide vital extracts from Government documents which
are otherwise inconvenient to find and point to (i.e. we've once again been
forced to do some of the Government's job for them).
Data Visible on the Surface of the Card
Information on the surface of the card includes:
- name. People can choose to have their preferred name on the card, rather
than their legal name, but not if it is unlawful, offensive or misleading.
A name that is too long will be abbreviated
- title (at card-holder's choice)
- photo
- signature
- date of birth (at card-holder's choice)
- card number
- card expiry date
- DVA entitlements
(From the 'The
Access Card System' overview document of 13 December 2006, p.3, plus ss.140-150
of the
Draft Bill)
This appears to imply that the Card will not show dependants, as the Medicare
Card can and mostly does.
That further implies that any dependant person (such as a child or an adult
with learning difficulties) who currently does not have a Card may need a Card
in future – with all the logistical challenges that involves, to acquire
it, carry it, find it, lose it, report it lost, and go through the acquisition
process again in order to replace it, in some cases frequently.
The information controlled by the Commonwealth includes:
- legal name
- preferred name, if one is used
- title, if on the surface of the card
- date of birth (at card-holder's choice)
- gender
- residential address
- photo (referred to elsewhere as a low-resolution image)
- digitised signature
- card number
- card expiry date
- PIN (at card-holder's choice). This is to be encrypted (but not hashed,
as it should be!)
- data about "benefit cards etc.", but what data that is to be is
at present unclear
- Medicare number
- Reciprocal Health Care Card number, if applicable
- DVA file number, if applicable
- emergency payment number (whatever that meay mean)
- concession status (but this is included in the information document and
omitted from the draft Bill, so it is completely unclear (a) what it is supposed
to mean, and (b) how concessions-granting organisations are supposed to make
their decisions)
The information document omits a crucial pair of items disclosed in the
draft legislation, s.160 at item 15:
- "such other information that is determined by [DHS] ... reasonably
necessary for the administration of [the scheme]"
- "such other information that is determined by legislative instrument,
by the Minister, ... for the purposes of this Act"
Given the enormous breadth of the scheme, those provisions appear to make the
list of data in the chip very easily extensible.
(From the 'The
Access Card System' overview document of 13 December 2006, pp.3-4, plus
ss.160-170 of the
Draft Bill)
In addition, the Government's web-page headed 'About
the Card' states that the chip will also contain:
- "details of children or other dependants". This would appear to
include at least:
Data in the Register
To obtain an access card, individuals will need to apply to be registered,
and to provide proof of identity documentation. Information provided by individuals
when they register for an access card will be stored in the Register. Information
stored in the Register will include (a lot of personal data!):
- legal name
- preferred name, if one is used
- any other names known to DHS (but that's omitted from the information document
and only visible in the draft Bill)
- title (at card-holder's choice)
- date of birth (not at card-holder's choice)
- place of birth
- whether an Australian citizen
- whether an Australian resident
- gender
- residential address
- postal address
- email address(es?) (at card-holder's choice)
- phone number(s?) (at card-holder's choice)
- concession status (but this appears to be a misleading description, because
other sources indicate that a large number of indicators are involved)
- date of registration
- status of registration, referred to in the draft Bill as "suspended"
or "cancelled"; which is presumably the same as the item described
elsewhere as an indicator that the card is "expired", "deactivated",
"suspended" or "cancelled"
- card number
- card issue date (omitted from the information document)
- card expiry date
- PIN (at card-holder's choice). This is to be encrypted (but not hashed,
as it should be!)
- card colour
- whether date of birth is displayed on the card
- DVA file number, if applicable
- veterans entitlement details, if applicable (incl. TPIS, BLI, POW, EDA.
war widow/widower, DVA dependant, veteran)
- scanned images of at least some, and possibly all of the card holder’s
so-called proof of identity documents
- information about any of the above so-called proof of identity documents
- a flag indicating whether the card holder has a relationship with any of
the participating agencies (but this is quite misleading, because it would
appear to actually be a large set of flags)
- digitised signature
- photo (but this is an inadequate description, because elsewhere it is referred
to as a high-resolution image)
- a numerical template derived from the photo (elsewhere referred to as a
biometric template)
- emergency payment number, if they have one (but it is completely unclear
what this means)
- date of death, if relevant
- other benefit card information, if applicable (but it is completely unclear
what this means)
The information document list omits the last crucial pair of items disclosed
in the
draft legislation, s.75 at item 15:
- "such other information that is determined by [DHS] ... reasonably
necessary for the administration of [the scheme]"
- "such other information that is determined by legislative instrument,
by the Minister, ... for the purposes of this Act"
Given the enormous breadth of the scheme, those provisions appear to make the
list of data in the Register very easily extensible.
(From the 'The
Access Card System' overview document of 13 December 2006, p.4, plus ss.75-90
of the
Draft Bill)
If you are aware of errors or omissions in this document, please
let us know.
|
APF thanks its site-sponsor:
|
|
Created: 14 December 2006 -
Last Amended: 17 December 2006
by Roger Clarke
- Site Last Verified: 24 January 2005
© Australian Privacy Foundation Inc., 1998-2008
-
Mail to Webmaster
Site Map
-
This document is at http://www.privacy.org.au/Campaigns/ID_cards/HSAC.html -
Privacy Policy