8Simplified outline of this Part

#### 8 Simplified outline of this Part The Student Identifiers Registrar must assign a student identifier to an individual on application by or on behalf of the individual if the Registrar is satisfied of the individual’s identity and that the individual does not already have a student identifier or schools identifier. Generally, anyone who collects personal information about an individual to apply for a student identifier for the individual must destroy the information as soon as practicable after it is no longer needed for that purpose. The Registrar must assign a schools identifier to an individual, on application on behalf of the individual, if the individual does not already have a student identifier or schools identifier. A schools identifier cannot be used as a student identifier until it is validated by the Registrar. An individual may apply to the Registrar for a schools identifier to be validated. The Registrar must validate the schools identifier if the individual’s identity has been verified, the identifier is the individual’s schools identifier, and the individual does not already have a student identifier. On request by an individual or by certain entities, including entities involved with vocational education and training, higher education or school education, the Registrar may verify that an identifier is the individual’s student identifier or schools identifier, or give the individual’s student identifier or schools identifier. The Registrar may also, on request by certain entities including entities involved with school education in a State or Territory, give information (called school identity management information) about a school student in that State or Territory to the entity, or verify any such information held by the entity. Anyone (including the Registrar) who keeps a record of student identifiers, schools identifiers or school identity management information (together called protected information) must protect it from misuse and unauthorised access and disclosure. Collection, use and disclosure of an individual’s protected information without the individual’s consent is prohibited, unless it is authorised. This Part authorises collection, use and disclosure by the Registrar for certain purposes or by others to deal with unlawful acts or to help law enforcement. The Information Commissioner may deal with breaches of the rules about destroying personal information, protecting records of protected information and unauthorised collection, use and disclosure of protected information as interferences with privacy under the Privacy Act 1988.