The Victorian government recently introduced COVID-19 Mandatory Vaccination Directions for ‘Specified Facilities’ and ‘Workers’ (Collectively referred to as the Directions).
The Directions impose obligations on operators and employers to collect COVID-19 vaccination certificates from employees, as well as customers or visitors to the premises. Australia’s COVID-19 vaccination certificates contain a sensitive element of data, which uniquely identifies individuals within Australia, known as the Individual Health Identifier (IHI). The risk for operators and employers emerges, when individuals begin emailing the vaccination certificates which display the IHI, name and date of birth.
To minimise the risk of disclosure of the IHI, employees, customers or visitors can be asked to present their vaccination certificate in hardcopy form, rather than email it. This way the appropriate workplace representative can sight the certificate. Then the IHI and date of birth data should be redacted and stored securely, together with information about the date and time it was sighted.
All vaccination data should be stored securely and be accessible only by a dedicated workplace representative who is able to produce the information to an Authorised Officer, if requested.
The Dispute Resolution team are available to discuss your queries or concerns.
This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.