Commonwealth Consolidated Acts Commonwealth Consolidated ActsGeneral rule
(1) For the purposes of this Act, an act or practice of an organisation is an interference with the privacy of an individual if:
(a) the act or practice breaches an approved privacy code that binds the organisation in relation to personal information that relates to the individual; or
(b) both of the following apply:
(i) the act or practice breaches a National Privacy Principle in relation to personal information that relates to the individual;
(ii) the organisation is not bound by an approved privacy code in relation to the personal information; or
(c) all of the following apply:
(i) the act or practice relates to personal information that relates to the individual;
(ii) the organisation is a contracted service provider for a Commonwealth contract (whether or not the organisation is a party to the contract);
(iii) because of a provision of the contract that is inconsistent with an approved privacy code or a National Privacy Principle that applies to the organisation in relation to the personal information, the act or practice does not breach the code or Principle (see subsections 6A(2) and 6B(2));
(iv) the act is done, or the practice is engaged in, in a manner contrary to, or inconsistent with, that provision; or
(d) the act or practice involves the organisation in a contravention of section 16F (which limits direct marketing using information collected under a Commonwealth contract) involving personal information that relates to the individual.
Note: Sections 13B, 13C and 13D contain exceptions to this rule.
Rule applies even if other rules also apply
(2) It does not matter whether the organisation is also a credit reporting agency, a credit provider or a file number recipient.
[Index]
[Table]
[Search]
[Search this Act]
[Notes]
[Noteup]
[Previous]
[Next]
[Download]
[Help]