If you're a business, organisation, club or event and you're:
This guide is for third party providers of attendance tracking systems capturing visitor check-in data.
It's designed to help:
- build a quality, trusted service which meets workplace obligations
- integrate with the Department of Health (DH) contact tracing team
- improve the coronavirus (COVID-19) contact tracing process
Before you begin
What is a COVID-19 attendance tracking app?
It's any mobile app or system used to capture location check-in information. When developed, it must meet the obligations of the current . These directions support DH contact tracers to identify workplace visitors exposed to COVID-19.
What is the Victorian Government Visitation API?
- allows contact tracers to request check-in data directly from attendance tracking applications
- helps streamline the information gathering process (when integrated)
- reduces the time required for contact tracers to identify exposure risks
We've integrated the Victorian Government QR Code Service with this API. We provide it freely to all attendance tracking applications. To use it, you must agree to the API Licence Terms.
Earning and keeping trust
The coronavirus (COVID-19) pandemic has been hard for everyone. It’s important that users are comfortable with sharing their information to third parties.
The below privacy and security considerations should be met at a minimum - exceeding them should be the goal.
Keeping data private
When developing a mobile application for contact tracing, you're dealing with personal information. Meeting or exceeding your user's privacy expectations is good for business.
You are required to meet all relevant federal and state privacy legislation, including the:
IPP '9.1' limits the circumstances where data can be transferred or stored outside of Victoria. These circumstances include (among others) where:
- the individual has consented to the transfer outside of Victoria, or
- you reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which is substantially similar to the IPPs
If you transfer or store data collected for Workplace Direction compliance outside of Victoria, you must satisfy yourself that one of these circumstances applies.
Marketing to users
If you collect personal information for one reason, you must not use or disclose it for a different reason. For example, if you collect personal information for contact tracing, it must not be used to send marketing emails.
Accessing personal information
You should, where possible, take steps to avoid accessing personal information. You should only use or disclose this information for contact tracing unless you have obtained explicit consent for other uses and disclosures.
Keeping data secure
There are other considerations to make when developing a contact tracing app.
Critical security risks
Security mitigation strategies
Reviewed 19 February 2021