The Department may develop and operate the 3 approved identity verification facilities. They are:

  (a)   the DVS hub, which relays electronic communications between persons and bodies requesting and providing DVSs (which stands for Document Verification Service, a particular kind of 1:1 matching service); and

  (b)   the Face Matching Service Hub, which relays electronic communications between persons and bodies requesting and providing identity verification services; and

  (c)   the NDLFRS, which includes a database of identification information from State and Territory authorities and may be used to provide identity verification services.

There are 2 kinds of identity verification services:

  (a)   1:1 matching services (FVS (which stands for Face Verification Service) and DVS); and

  (b)   1:many matching services (Face Identification Service or FIS).

A 1:1 matching service matches particular biometric information (such as a photograph) or biographic information (such as a name or date of birth) against a particular record. A 1:many matching service compares a facial image (such as a photograph) against other facial images.

The Department may collect identification information through the approved identity verification facilities for any of the following purposes:

  (a)   providing or developing DVSs or FVSs for the purposes of verifying the identity of individuals;

  (b)   providing or developing FVSs or FISs for the purposes of protecting identities of persons (or associates) who have legally assumed identities or are under witness protection;

  (c)   developing, operating or maintaining the NDLFRS.

The Department may use or disclose for any of those purposes information so collected.

An identity verification service involves a request for an electronic comparison of identification information that relates to an individual to do any of the following:

  (a)   verify the individual's identity;

  (b)   protect the identity of the individual if the individual is a shielded person;

  (c)   manage identification information that relates to the individual in the NDLFRS.

Those requests can be made only by parties to agreements that contain safeguards for the privacy of individuals whose identification information is used in requesting or providing the services. The identification information used for comparison with that in the request must have been supplied by a government authority that is party to such an agreement.

Part   4 of this Act prohibits the use or disclosure of, or access to, identification information, unless it is in accordance with the objects of this Act or in other limited circumstances.

Persons who work for the Department, and contractors whose duties relate to an approved identity verification facility, may commit an offence for unauthorised recording, disclosure of or access to certain information held in, generated using or relating to an approved identity verification facility.

Operation and use of the approved identity verification facilities are open to oversight and scrutiny in various ways, including publication of documents, annual assessment by the Information Commissioner and annual reporting.