PRIVACY AMENDMENT (PRIVATE SECTOR) ACT 2000 NO. 155, 2000 - SCHEDULE 1 - Amendment of the Privacy Act 1988
PRIVACY AMENDMENT (PRIVATE SECTOR) ACT 2000 NO. 155, 2000 - SCHEDULE 1
- Amendment of the Privacy Act 19881 Section 3
2 At the end of section 3
- Note: Such a law can have effect for the purposes of the provisions of the National Privacy Principles that regulate the handling of personal information by organisations by reference to the effect of other laws.
3 At the end of Part I
5B Extra-territorial operation of Act
Application to overseas acts and practices of organisations
(1) This Act (except Divisions 4 and 5 of Part III and Part IIIA) and approved privacy codes extend to an act done, or practice engaged in, outside Australia and the external Territories by an organisation if:
- (a)
- the act or practice relates to personal information about an Australian citizen or a person whose continued presence in Australia is not subject to a limitation as to time imposed by law; and
- (b)
- the requirements of subsection (2) or (3) are met.
- Note: The act or practice overseas will not breach a National Privacy Principle or approved privacy code or be an interference with the privacy of an individual if the act or practice is required by an applicable foreign law. See sections 6A, 6B and 13A.
Organisational link with Australia
(2) The organisation must be:
- (a)
- an Australian citizen; or
- (b)
- a person whose continued presence in Australia is not subject to a limitation as to time imposed by law; or
- (c)
- a partnership formed in Australia or an external Territory; or
- (d)
- a trust created in Australia or an external Territory; or
- (e)
- a body corporate incorporated in Australia or an external Territory; or
- (f)
- an unincorporated association that has its central management and control in Australia or an external Territory.
Other link with Australia
(3) All of the following conditions must be met:
- (a)
- the organisation is not described in subsection (2);
- (b)
- the organisation carries on business in Australia or an external Territory;
- (c)
- the personal information was collected or held by the organisation in Australia or an external Territory, either before or at the time of the act or practice.
Power to deal with complaints about overseas acts and practices
(4) Part V of this Act has extra-territorial operation so far as that Part relates to complaints and investigation concerning acts and practices to which this Act extends because of subsection (1).
- Note: This lets the Commissioner take action overseas to investigate complaints and lets the ancillary provisions of Part V operate in that context.
4 Subsection 6(1)
5 Subsection 6(1)
6 Subsection 6(1)
7 Subsection 6(1)
8 Subsection 6(1)
9 Subsection 6(1)
10 Subsection 6(1)
11 Subsection 6(1)
12 Subsection 6(1)
13 Subsection 6(1)
14 Subsection 6(1) (definition of generally available publication) 15 Subsection 6(1)
16 Subsection 6(1)
17 Subsection 6(1)
19 Subsection 6(1)
20 Subsection 6(1)
21 Subsection 6(1)
22 Subsection 6(1)
22A Subsection 6(1)
23 Subsection 6(1)
24 Subsection 6(1) (at the end of paragraphs (a), (d), (e) and (f) of the
definition of record) 25 Subsection 6(1) (after paragraph (f)
of the definition of record)
26 Subsection 6(1)
27 Subsection 6(1)
28 Subsection 6(1)
29 Subsection 6(1)
30 Subsection 6(1)
31 Subsection 6(1)
32 Subsection 6(1)
33 Subsection 6(1)
34 At the end of subsection 6(7)
35 Subsection 6(8) (8) For the purposes
of this Act, the question whether bodies corporate are related to each other
is determined in the manner in which that question is determined under the
Corporations Law. 6A Breach of a National Privacy Principle Breach if
contrary to, or inconsistent with, Principle (1) For the purposes of this
Act, an act or practice breaches a National Privacy Principle if, and only
if, it is contrary to, or inconsistent with, that National Privacy Principle. No breachcontracted service provider (2) An act or practice does not
breach a National Privacy Principle if:
No breachdisclosure to the Archives (3) An act or practice does not
breach a National Privacy Principle if the act or practice involves the
disclosure by an organisation of personal information in a record (as defined
in the Archives Act 1983 ) solely for the purposes of enabling the Archives
(as defined in that Act) to decide whether to accept, or to arrange, custody
of the record. No breachact or practice outside Australia (4) An act
or practice does not breach a National Privacy Principle if:
Effect despite subsection (1) (5) Subsections (2), (3) and (4) have
effect despite subsection (1). Breach if contrary to, or inconsistent with, code (1) For the purposes of
this Act, an act or practice breaches an approved privacy code if, and only
if, it is contrary to, or inconsistent with, the code. No
breachcontracted service provider (2) An act or practice does not
breach an approved privacy code if:
No breachdisclosure to the Archives (3) An act or practice does not
breach an approved privacy code if the act or practice involves the disclosure
by an organisation of personal information in a record (as defined in the
Archives Act 1983 ) solely for the purposes of enabling the Archives (as
defined in that Act) to decide whether to accept, or to arrange, custody of
the record. No breachact or practice outside Australia (4) An act or
practice does not breach an approved privacy code if:
Effect despite subsection (1) (5) Subsections (2), (3) and (4) have
effect despite subsection (1). What is an organisation
? (1) In this Act:
Example: Regulations may prescribe an instrumentality of a State or Territory
that is an incorporated company, society or association and therefore not a
State or Territory authority.
Legal person treated as different organisations in different capacities (2) A
legal person can have a number of different capacities in which the person
does things. In each of those capacities, the person is taken to be a
different organisation .
What is a State or Territory authority ? (3) In this Act:
Making regulations to stop instrumentalities being organisations (4) Before
the Governor-General makes regulations prescribing an instrumentality of a
State or Territory for the purposes of the definition of organisation in
subsection (1), the Minister must:
State does not include Territory (5) In this section:
6D Small business and small business operators What is a small business ? (1) A business is a small business at a time (the test time ) in a financial
year (the current year ) if its annual turnover for the previous financial
year is $3,000,000 or less. Test for new business (2) However, if there was
no time in the previous financial year when the business was carried on, the
business is a small business at the test time only if its annual turnover for
the current year is $3,00 0,0 00 or less. What is a small business operator ?
(3) A small business operator is an individual, body corporate, partnership,
unincorporated association or trust that:
Entities that are not small business operators (4) However, an individual,
body corporate, partnership, unincorporated association or trust is not a
small business operator if he, she or it:
Private affairs of small business operators who are individuals (5)
Subsection (4) does not prevent an individual from being a small business
operator merely because he or she does something described in
paragraph (4)(b), (c) or (d):
Non-business affairs of other small business operators (6)
Subsection (4) does not prevent a body corporate, partnership,
unincorporated association or trust from being a small business operator
merely because it does something described in paragraph (4)(b), (c) or
(d) otherwise than in the course of a business it carries on. Disclosure
compelled or made with consent (7) Paragraph (4)(c) does not prevent an
individual, body corporate, partnership, unincorporated association or trust
from being a small business operator only because he, she or it discloses
personal information about another individual:
Collection with consent or under legislation (8) Paragraph (4)(d) does
not prevent an individual, body corporate, partnership, unincorporated
association or trust from being a small business operator only because he, she
or it:
Related bodies corporate (9) Despite subsection (3), a body corporate is
not a small business operator if it is related to a body corporate that
carries on a business that is not a small business. What is the annual turnover of a business for a
financial year? (1) The annual turnover of a business for a financial year is
the total of the following that is earned in the year in the course of the
business:
(2) However, if a business has been carried on for only part of a financial
year, its annual turnover for the financial year is the amount worked out
using the formula: 6E Small business operator treated as organisation Regulations treating a small business operator as an organisation (1) This
Act applies, with the prescribed modifications (if any), in relation to a
small business operator prescribed for the purposes of this subsection as if
the small business operator were an organisation.
Note 2: Regulations may prescribe a small business operator by reference to
one or more classes of small business operator. See subsection 46(2) of the
Acts Interpretation Act 1901 .
Regulations treating a small business operator as an organisation for
particular acts or practices (2) This Act also applies, with the prescribed
modifications (if any), in relation to the prescribed acts or practices of a
small business operator prescribed for the purposes of this subsection as if
the small business operator were an organisation.
Note 2: Regulations may prescribe an act, practice or small business operator
by reference to one or more classes of acts, practices or small business
operators. See subsection 46(2) of the Acts Interpretation Act 1901 .
What are modifications ? (3) In this section:
Making regulations (4) Before the Governor-General makes regulations
prescribing a small business operator, act or practice for the purposes of
subsection (1) or (2), the Minister must:
6EA Small business operators choosing to be treated as organisations
(3) If the Commissioner is satisfied that a small business operator has made
the choice to be treated as an organisation, the Commissioner must enter in a
register of operators who have made such a choice:
(4) If a small business operator revokes a choice to be treated as an
organisation, the Commissioner must remove from the register the material
relating to the operator. Regulations treating a State instrumentality etc. as an
organisation (1) This Act applies, with the prescribed modifications (if
any), in relation to a prescribed State or Territory authority or a prescribed
instrumentality of a State or Territory (except an instrumentality that is an
organisation because of section 6C) as if the authority or
instrumentality were an organisation.
Note 2: Regulations may prescribe an authority or instrumentality by reference
to one or more classes of authority or instrumentality. See subsection 46(2)
of the Acts Interpretation Act 1901 .
What are modifications ? (2) In this section:
Making regulations to treat instrumentality etc. as organisation (3) Before
the Governor-General makes regulations prescribing a State or Territory
authority or instrumentality of a State or Territory for the purposes of
subsection (1), the Minister must:
37 Application 38 At the end of
paragraph 7(1)(ed)
39 After paragraph 7(1)(ed)
40 Subsection 7(2) 41 Subsection 7(4) 42 After section 7
(1) This Act applies, with the prescribed modifications (if any), in relation
to an act or practice described in subsection (2) or (3) as if:
(2) Subsection (1) applies to acts done, and practices engaged in, by a
prescribed agency. Regulations for this purpose may prescribe an agency only
if it is specified in Part I of Schedule 2 to the Freedom of
Information Act 1982 .
(4) This section has effect despite subparagraph 7(1)(a)(i), paragraph 7(1)(c)
and subsection 7(2).
7B Exempt acts and exempt practices of organisations Individuals in
non-business capacity (1) An act done, or practice engaged in, by an
organisation that is an individual is exempt for the purposes of paragraph
7(1)(ee) if the act is done, or the practice is engaged in, other than in the
course of a business carried on by the individual.
Organisation acting under Commonwealth contract (2) An act done, or practice
engaged in, by an organisation is exempt for the purposes of paragraph
7(1)(ee) if:
Employee records (3) An act done, or practice engaged in, by an organisation
that is or was an employer of an individual, is exempt for the purposes of
paragraph 7(1)(ee) if the act or practice is directly related to:
Journalism (4) An act done, or practice engaged in, by a media organisation
is exempt for the purposes of paragraph 7(1)(ee) if the act is done, or the
practice is engaged in:
Organisation acting under State contract (5) An act done, or practice engaged
in, by an organisation is exempt for the purposes of paragraph 7(1)(ee) if:
7C Political acts and practices are exempt Members of a Parliament etc. (1)
An act done, or practice engaged in, by an organisation (the political
representative ) consisting of a member of a Parliament, or a councillor
(however described) of a local government authority, is exempt for the
purposes of paragraph 7(1)(ee) if the act is done, or the practice is engaged
in, for any purpose in connection with:
Contractors for political representatives etc. (2) An act done, or practice
engaged in, by an organisation (the contractor ) is exempt for the purposes of
paragraph 7(1)(ee) if the act is done or the practice is engaged in:
Subcontractors for organisations covered by subsection (1) etc. (3) An
act done, or practice engaged in, by an organisation (the subcontractor ) is
exempt for the purposes of paragraph 7(1)(ee) if the act is done or the
practice is engaged in:
Volunteers for registered political parties (4) An act done voluntarily, or
practice engaged in voluntarily, by an organisation for or on behalf of a
registered political party and with the authority of the party is exempt for
the purposes of paragraph 7(1)(ee) if the act is done or the practice is
engaged in for any purpose in connection with one or more of the following:
Effect of subsection (4) on other operation of Act (5)
Subsection (4) does not otherwise affect the operation of the Act in
relation to agents or principals. Meaning of electoral law and Parliament (6) In this section:
Parliament means:
43 Paragraph 8(1)(a)
44 Paragraph 8(1)(a) 45
Paragraph 8(1)(b) 46 Paragraph
8(1)(b) 47 At the end of
section 8 (3) For the purposes of the application of this Act in
relation to an organisation that is a partnership:
(4) For the purposes of the application of this Act in relation to an
organisation that is an unincorporated association:
(5) For the purposes of the application of this Act in relation to an
organisation that is a trust:
48 At the end of Part II 12B Severability: additional effect of
Act in relation to organisations
(3) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to acts or practices covered by
subsection 5B(1) (which deals with acts and practices outside Australia and
the external Territories by organisations).
(6) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to acts or practices of organisations
taking place using a postal, telegraphic, telephonic or other like service
within the meaning of paragraph 51(v) of the Constitution. 50 Section 13
51 Paragraphs 13(b) and (d) 52
After section 13 13A Interferences with privacy by
organisations General rule (1) For the purposes of this Act, an act or
practice of an organisation is an interference with the privacy of an
individual if:
Rule applies even if other rules also apply (2) It does not matter whether
the organisation is also a credit reporting agency, a credit provider or a
file number recipient. Acts or practices that
are not interferences with privacy (1) Despite paragraphs 13A(1)(a) and (b),
each of the following acts or practices of an organisation that is a body
corporate is not an interference with the privacy of an individual:
(a) a body corporate uses personal information it has collected from a related
body corporate; and (1A) However, paragraph (1)(a) does not
apply to the collection by a body corporate of personal information (other
than sensitive information) from:
Relationship with paragraphs 13A(1)(c) and (d) (2) Subsection (1) does
not prevent an act or practice of an organisation from being an interference
with the privacy of an individual under paragraph 13A(1)(c) or (d). Acts or practices that
are not interferences with privacy (1) If:
Effect despite section 13A (2) Subsection (1) has effect despite
section 13A. Acts or practices
that are not interferences with privacy (1) An act or practice of an
organisation done or engaged in outside Australia and an external Territory is
not an interference with the privacy of an individual if the act or practice
is required by an applicable law of a foreign country. Effect despite
section 13A (2) Subsection (1) has effect despite section 13A.
54 After section 16
Division 3Approved privacy codes and the National Privacy
Principles
(1) This Act (except Divisions 4 and 5 of Part III and
Part IIIA) applies to the collection of personal information by an
organisation only if the information is collected for inclusion in a record or
a generally available publication.
(4) National Privacy Principle 8 applies only to transactions entered into
after the commencement of this section.
16F Information under Commonwealth contract not to be used for direct
marketing
(2) An organisation that is a contracted service provider for the contract
must not use or disclose the personal information for direct marketing, unless
the use or disclosure is necessary to meet (directly or indirectly) an
obligation under the contract.
56 After paragraph 18A(3)(a)
57 Application 58 After Part III
An organisation may apply in writing to the Commissioner for approval of a
privacy code.
(3) If the code sets out procedures for making and dealing with complaints,
the Commissioner must be satisfied that:
(4) In deciding whether to approve a privacy code, the Commissioner may
consider the matters specified in guidelines issued by the Commissioner (if
any).
(7) This section does not prevent the Commissioner approving a privacy code if
the code is expressed to apply to:
(2) Before deciding whether to revoke the approval of a code or variation, the
Commissioner must:
(3) A revocation must be in writing.
(1A) Before making guidelines for the purposes of paragraph (1)(b), the
Commissioner must give everyone the Commissioner considers has a real and
substantial interest in the matters covered by the proposed guidelines an
opportunity to comment on them.
(2) The Commissioner may do one or more of the following for the purposes of
the review:
(2) Divisions 1 and 2 of Part V apply in relation to the complaint
covered by the application as if the complaint had been made to the
Commissioner and subsection 36(1A) did not prevent the Commissioner from
investigating it.
(3) The adjudicator's determination continues to have effect unless and until
the Commissioner makes a determination under Division 2 of Part V
relating to the complaint.
60 Paragraph 27(1)(b) 61 At the
end of paragraph 27(1)(d) 62
Paragraph 27(1)(e) 63 After
paragraph 27(1)(e)
64 Paragraph 27(1)(f)
65 Paragraphs 27(1)(n) and (o) 66 At the end of
subsection 27(1)
67 After subsection 27(1) (1A) To avoid doubt, the Commissioner is
not subject to Part V in performing functions, and exercising powers,
conferred on an adjudicator by an approved privacy code under which the
Commissioner has been appointed as an independent adjudicator to whom
complaints may be made. (3) Without
limiting subsection (2), the Commissioner may, at the request of an
organisation, examine the records of personal information maintained by the
organisation, for the purpose of ascertaining whether the records are
maintained according to:
69 Paragraph 29(a) 70 Paragraph 29(d)
71 At the end of section 30 (6) This section does not apply to:
72 Subsection 31(2) 73 Subsection
36(1) 74 After
subsection 36(1) (1A) Subsection (1) does not apply to a
complaint by an individual about an act or practice of an organisation that is
bound by an approved privacy code that:
(1B) Subsection (1A) does not prevent an individual from making a
complaint under an approved privacy code to the adjudicator for the code if
the adjudicator is the Commissioner.
75 Subsection 36(7) (7) In the case of a
complaint about an act or practice of an organisation, the organisation is the
respondent.
(8) The respondent to a complaint about an act or practice described in one of
paragraphs 13(b) to (d) (inclusive), other than an act or practice of an
agency or organisation, is the person who engaged in the act or practice. 76A Section 37 77 Subsection 38(1) 78 Subsection 38(2)
79 Subsection 40(1) 80 After subsection 40(1) (1A) The Commissioner must not
investigate a complaint if the complainant did not complain to the respondent
before making the complaint to the Commissioner under section 36.
However, the Commissioner may decide to investigate the complaint if he or she
considers that it was not appropriate for the complainant to complain to the
respondent.
(1C) If the Commissioner accepts a complaint mentioned in
subsection (1B), the Commissioner must deal with it as if it were a
complaint made under section 36 in relation to an act or practice of the
organisation. (3) This section has
effect subject to section 41.
(1) This section applies if:
(2) Despite the code, the adjudicator must:
(3) The Commissioner must accept the complaint under subsection 40(1B).
83 Subsection 41(1) 84 Paragraph 41(1)(b) 85 Paragraphs 41(1)(e) and (f)
86 Subsections 41(2) and 41(3) 87 Subsection 41(4) (4) If an act or practice may be an
interference with the privacy of an individual solely because it may breach:
88 Section 42 89 After
subsection 43(1) (1A) Before starting to investigate an act done, or
practice engaged in, by a contracted service provider for the purpose of
providing (directly or indirectly) a service to an agency under a Commonwealth
contract, the Commissioner must also inform the agency that the act or
practice is to be investigated.
90 Subsection 43(6) 91 After subsection 43(8) (8A) Subsection (8)
does not allow the Commissioner to discuss a matter relevant to an
investigation of a breach of an approved privacy code or the National Privacy
Principles with a Minister, unless the investigation is of an act done, or
practice engaged in:
92 Subsection 46(1) 93 At the end of
section 48 (2) If the Commissioner decides not to investigate (at
all or further) an act done, or practice engaged in, by a contracted service
provider for the purpose of providing (directly or indirectly) a service to an
agency under a Commonwealth contract, the Commissioner must also inform the
agency of the decision.
94 After section 50
(1) This section lets the Commissioner substitute an agency for an
organisation as respondent to a complaint if:
(2) The Commissioner may amend the complaint to specify as a respondent to the
complaint the agency or its principal executive, instead of the organisation.
Note 2: Section 53B lets the Commissioner treat an agency as a respondent
to a determination if the organisation cannot comply with a determination to
pay an amount to a complainant.
(3) Before amending the complaint, the Commissioner must:
(4) If the Commissioner amends the complaint after starting to investigate it,
the Commissioner is taken to have satisfied subsection 43(1A) in relation to
the agency. (3A)
The Commissioner may include an order mentioned in subsection (3B) in a
determination under subparagraph (1)(b)(i) or (ii) that concerns a breach
of:
(3B) A determination may include an order that:
96 At the end of Division 2 of Part V
(1) If the Commissioner makes a determination to which a contracted service
provider for a Commonwealth contract is the respondent, the Commissioner:
(2) The Commissioner may give an agency a recommendation only after consulting
the agency.
(2) The Commissioner may determine in writing that a specified agency to which
services were or were to be provided under the contract is the respondent to
the determination under section 52. The determination has effect
according to its terms for the purposes of section 60.
(3) Before making a determination, the Commissioner must give the agency:
97 Division 3 of Part V (heading)
98 After subsection 54(1) (1A) This Division also applies to a
determination made by an adjudicator for an approved privacy code under the
code in relation to a complaint made under the code.
99 Section 55 55 Obligations of
respondent organisation Determination under section 52 (1) An
organisation that is the respondent to a determination made under
section 52:
Determination under approved privacy code (2) An organisation that is the
respondent to a determination made under an approved privacy code:
55A Proceedings in the Federal Court or Federal Magistrates Court to enforce a
determination
(2) If the court is satisfied that the respondent has engaged in conduct that
constitutes an interference with the privacy of the complainant, the court may
make such orders (including a declaration of right) as it thinks fit.
(7) Despite subsection (5), the court may receive any of the following as
evidence in proceedings about a determination made by an adjudicator under an
approved privacy code:
(7A) In conducting a hearing and making an order under this section, the court
is to have due regard to the matters that paragraph 29(a) requires the
Commissioner to have due regard to.
(2) An adjudicator for an approved privacy code may issue a written
certificate setting out the findings of fact upon which the adjudicator based
his or her determination that a specified organisation had breached an
approved privacy code.
(4) A document purporting to be a certificate under subsection (1) or (2)
must, unless the contrary is established, be taken to be a certificate and to
have been properly given. (1) Division 3
of Part V of the Privacy Act 1988 as amended by this Schedule applies to
a determination made as a result of a complaint made after the commencement of
this Schedule. Evidentiary certificates (2) Section 55B of the
Privacy Act 1988 applies in relation to a determination made by the
Commissioner in relation to an agency before or after the commencement of that
section. 101 Subsections 62(1) and (2) 102 Subsection 62(4) 103 Paragraphs 63(2)(a) and (b) 104 After subsection 63(2) (2A) Subsection (2) does not permit an application relating to
proceedings under section 55A to enforce a determination relating to a
code complaint or an NPP complaint.
(2) Neither an adjudicator for an approved privacy code, nor a person acting
under his or her direction or authority, is liable to an action, suit or
proceeding in relation to an act done or omitted to be done in good faith in
the exercise or purported exercise of any power or authority conferred by this
Act or the code.
106 After subsection 66(1) (1A) For the purposes of
subsection (1), a journalist has a reasonable excuse if giving the
information, answering the question or producing the document or record would
tend to reveal the identity of a person who gave information or a document or
record to the journalist in confidence.
108 Subsection 68(1) 109 Subsection 68(1) 110 After subsection 68(1) (1A) The Commissioner
may authorise a person only while the person is a member of the staff
assisting the Commissioner. (3A) Before
obtaining the consent, the authorised person must inform the occupier or
person in charge that he or she may refuse to consent.
(3D) If an authorised person is on premises with the consent of the occupier
or person in charge, the authorised person must leave the premises if the
occupier or person in charge asks the authorised person to do so.
(1) The Commissioner must issue to a person authorised for the purposes of
section 68 an identity card in the form approved by the Commissioner. The
identity card must contain a recent photograph of the authorised person. Penalty: 1 penalty
unit. 113 Subsection 69(9) (definition of complaint)
114 At the end of Division 5 of Part V 70A Application of
Part to organisations that are not legal persons Partnerships (1) If, apart
from this subsection, this Part would impose an obligation to do something (or
not to refuse or fail to do something) on an organisation that is a
partnership, the obligation is imposed instead on each partner but may be
discharged by any of the partners. Unincorporated associations (2) If, apart
from this subsection, this Part would impose an obligation to do something (or
not to refuse or fail to do something) on an organisation that is an
unincorporated association, the obligation is imposed instead on each member
of the committee of management of the association but may be discharged by any
of the members of that committee. Trusts (3) If, apart from this subsection,
this Part would impose an obligation to do something (or not to refuse or fail
to do something) on an organisation that is a trust, the obligation is imposed
instead on each trustee but may be discharged by any of the trustees.
(a) a complaint may be made under this Part about an act or practice of the
individual in carrying on the business before he or she became a small
business operator; and
115 Part VI (heading)
Part VIPublic interest determinations and temporary public interest
determinations 117 Section 72 118 At the end of section 72
Determinations about an organisation's acts and practices (2) Subject to this
Division, if the Commissioner is satisfied that:
Effect of determination under subsection (2) (3) The organisation is
taken not to contravene section 16A if the organisation does the act, or
engages in the practice, while the determination is in force under
subsection (2). Giving a determination under subsection (2) general
effect (4) The Commissioner may make a written determination that no
organisation is taken to contravene section 16A if, while that
determination is in force, an organisation does an act, or engages in a
practice, that is the subject of a determination under subsection (2) in
relation to that organisation or any other organisation. Effect of
determination under subsection (4) (5) A determination under
subsection (4) has effect according to its terms.
119 Subsection 73(1)
120 At the end of subsection 73(1) 121
Subsection 73(2) 122 Subsection 75(2) (2) If the applicant is an agency, the
Commissioner must send to the agency, and to each other person (if any) who is
interested in the application, a written invitation to notify the
Commissioner, within the period specified in the invitation, whether or not
the agency or other person wishes the Commissioner to hold a conference about
the draft determination.
123 Subsection 75(3) 124 Application and saving (1) The amendments of
section 75 of the Privacy Act 1988 made by this Schedule apply in
relation to applications that are made under section 73 of that Act after
the commencement of this Schedule. 125 Subsection 76(1) 126 Subsection 76(4) 127 Subsection 77(1) 128 Subsection 79(2) 129 At the end of
Part VI
(1) This section applies if the Commissioner is satisfied that:
(2) The Commissioner may make a written temporary public interest
determination that he or she is satisfied of the matters set out in
subsection (1). The Commissioner may do so:
(3) The Commissioner must:
80B Effect of temporary public interest determination Agency covered by a
determination (1) If an act or practice of an agency is the subject of a
temporary public interest determination, the agency is taken not to breach
section 16 if the agency does the act, or engages in the practice, while
the determination is in force. Organisation covered by a determination (2)
If an act or practice of an organisation is the subject of a temporary public
interest determination, the organisation is taken not to contravene
section 16A if the organisation does the act, or engages in the practice,
while the determination is in force. Giving a temporary public interest
determination general effect (3) The Commissioner may make a written
determination that no organisation is taken to contravene section 16A if,
while that determination is in force, an organisation does an act, or engages
in a practice, that is the subject of a temporary public interest
determination in relation to that organisation or another organisation. Effect of determination under subsection (3) (4) A determination under
subsection (3) has effect according to its terms.
130 Application 131 After section 95 95A Guidelines for National Privacy Principles about health
information Overview (1) This section allows the Commissioner to approve for
the purposes of the National Privacy Principles (the NPPs ) guidelines that
are issued by the National Health and Medical Research Council or a prescribed
authority. Approving guidelines for use and disclosure (2) For the purposes
of subparagraph 2.1(d)(ii) of the NPPs, the Commissioner may, by notice in the
Gazette , approve guidelines that relate to the use and disclosure of health
information for the purposes of research, or the compilation or analysis of
statistics, relevant to public health or public safety. Public interest test (3) The Commissioner may give an approval under subsection (2) only if
satisfied that the public interest in the use and disclosure of health
information for the purposes mentioned in that subsection in accordance with
the guidelines substantially outweighs the public interest in maintaining the
level of privacy protection afforded by the NPPs (other than paragraph
2.1(d)). Approving guidelines for collection (4) For the purposes of
subparagraph 10.3(d)(iii) of the NPPs, the Commissioner may, by notice in the
Gazette , approve guidelines that relate to the collection of health
information for the purposes of:
Public interest test (5) The Commissioner may give an approval under
subsection (4) only if satisfied that the public interest in the
collection of health information for the purposes mentioned in that subsection
in accordance with the guidelines substantially outweighs the public interest
in maintaining the level of privacy protection afforded by the NPPs (other
than paragraph 10.3(d)). Revocation of approval (6) The Commissioner may, by
notice in the Gazette , revoke an approval of guidelines under this section if
he or she is no longer satisfied of the matter that he or she had to be
satisfied of to approve the guidelines. Review by AAT (7) Application may be
made to the Administrative Appeals Tribunal for review of a decision of the
Commissioner to refuse to approve guidelines or to revoke an approval of
guidelines.
(5) This section applies whether the agency is entering into the Commonwealth
contract on behalf of the Commonwealth or in the agency's own right. 133 After
subsection 97(2) (2A) The report must also include a statement about
the operation of approved privacy codes that contain procedures for making and
dealing with complaints in relation to acts or practices that may be an
interference with the privacy of an individual, including:
134 Subsections 98(1) and (2) 135 Subsections 99A(1) and (2)
136 Paragraph 99A(3)(a) 137
Paragraph 99A(3)(b) 138 Subsection
99A(4) 138A At the end of
section 100 (2) Before the Governor-General makes regulations for
the purposes of subclause 7.1A or paragraph 7.2(c) of the National Privacy
Principles prescribing an organisation, identifier and circumstances, the
Minister must be satisfied that:
139 At the end of the Act
Schedule 3National Privacy Principles
1.1 An organisation must not collect personal information unless the
information is necessary for one or more of its functions or activities.
1.4 If it is reasonable and practicable to do so, an organisation must collect
personal information about an individual only from that individual.
Note 2: Subclause 2.1 does not override any existing legal obligations not to
disclose personal information. Nothing in subclause 2.1 requires an
organisation to disclose personal information; an organisation is always
entitled not to disclose personal information in the absence of a legal
obligation to disclose it.
Note 3: An organisation is also subject to the requirements of National
Privacy Principle 9 if it transfers personal information to a person in a
foreign country.
2.2 If an organisation uses or discloses personal information under paragraph
2.1(h), it must make a written note of the use or disclosure.
2.5 For the purposes of subclause 2.4, a person is responsible for an
individual if the person is:
2.6 In subclause 2.5:
parent of an individual includes a step-parent, adoptive parent and a
foster-parent, of the individual.
relative of an individual means a grandparent, grandchild, uncle, aunt, nephew
or niece, of the individual.
sibling of an individual includes a half-brother, half-sister, adoptive
brother, adoptive sister, step-brother, step-sister, foster-brother and
foster-sister, of the individual.
6.2 However, where providing access would reveal evaluative information
generated within the organisation in connection with a commercially sensitive
decision-making process, the organisation may give the individual an
explanation for the commercially sensitive decision rather than direct access
to the information.
6.3 If the organisation is not required to provide the individual with access
to the information because of one or more of paragraphs 6.1(a) to (k)
(inclusive), the organisation must, if reasonable, consider whether the use of
mutually agreed intermediaries would allow sufficient access to meet the needs
of both parties.
6.5 If an organisation holds personal information about an individual and the
individual is able to establish that the information is not accurate, complete
and up-to-date, the organisation must take reasonable steps to correct the
information so that it is accurate, complete and up-to-date.
7.1A However, subclause 7.1 does not apply to the adoption by a prescribed
organisation of a prescribed identifier in prescribed circumstances.
7.2 An organisation must not use or disclose an identifier assigned to an
individual by an agency, or by an agent or contracted service provider
mentioned in subclause 7.1, unless:
7.3 In this clause:
10.2 Despite subclause 10.1, an organisation may collect health information
about an individual if:
10.3 Despite subclause 10.1, an organisation may collect health information
about an individual if:
10.4 If an organisation collects health information about an individual in
accordance with subclause 10.3, the organisation must take reasonable steps to
permanently de-identify the information before the organisation discloses it.
annual turnover of a business has the meaning
given by section 6DA.
approved privacy code means:
breach an approved privacy code has the meaning
given by section 6B.
breach an Information Privacy Principle has a
meaning affected by subsection 6(2).
breach a National Privacy Principle has the
meaning given by section 6A.
code complaint means a complaint about an act or
practice that, if established, would be an interference with the privacy of
the complainant because it breached an approved privacy code.
Commonwealth contract means a contract, to which
the Commonwealth or an agency is or was a party, under which services are to
be, or were to be, provided to an agency.
contracted service provider , for a government
contract, means:
employee record , in relation to an employee,
means a record of personal information relating to the employment of the
employee. Examples of personal information relating to the employment of the
employee are health information about the employee and personal information
about all or any of the following:
enforcement body means:
government contract means a Commonwealth contract or a State
contract.
health information means:
that is also personal information; or
health service means:
media organisation means an organisation whose
activities consist of or include the collection, preparation for dissemination
or dissemination of the following material for the purpose of making it
available to the public:
National Privacy Principle means a clause of
Schedule 3. A reference in this Act to a National Privacy Principle by
number is a reference to the clause of Schedule 3 with that number.
NPP complaint means a complaint about an act or
practice that, if established, would be an interference with the privacy of
the complainant because it breached a National Privacy Principle.
organisation has the meaning given by
section 6C.
principal executive , of an agency, has a
meaning affected by section 37.
privacy code means a written code regulating
acts and practices that affect privacy.
registered political party means a political
party registered under Part XI of the Commonwealth Electoral Act 1918 .
sensitive information means:
that is also personal information; or
small business has the meaning given by
section 6D.
small business operator has the meaning given by
section 6D.
State contract means a contract, to which a
State or Territory or State or Territory authority is or was a party, under
which services are to be, or were to be, provided to a State or Territory
authority.
State or Territory authority has the meaning
given by section 6C.
subcontractor , for a government contract, means
an organisation:
temporary public interest determination means a
determination made under section 80A.
; or (c) being both a file number complaint and a code complaint; or
(9) To avoid doubt, for the purposes of this Act, services provided to an
agency or a State or Territory authority include services that consist of the
provision of services to other persons in connection with the performance of
the functions of the agency or State or Territory authority.
36 After
section 6
6B Breach of an approved privacy code
6C Organisations organisation means:
that is not a small business operator, a registered political party, an
agency, a State or Territory authority or a prescribed instrumentality of a
State or Territory.
State or
Territory authority means:
State does not
include the Australian Capital Territory or the Northern Territory (despite
subsection 6(1)).
6DA What is the annual
turnover of a business?
modifications includes
additions, omissions and substitutions.
(1) This Act (except section 16D) applies in relation to a small business
operator as if the operator were an organisation while a choice by the
operator to be treated as an organisation is registered under this section.
(2) A small business operator may make a choice in writing given to the
Commissioner to be treated as an organisation.
(5) The Commissioner may decide the form of the register and how it is to be
kept.
(6) The Commissioner must make the register available to the public in the way
that the Commissioner determines. However, the Commissioner must not make
available to the public in the register information other than that described
in subsection (3).
6F State instrumentalities etc. treated as
organisations modifications includes
additions, omissions and substitutions.
(3) Subsection (1) also applies to acts and practices that:
(5) In this section: modifications includes additions, omissions and
substitutions.
electoral law means a law of the Commonwealth, or a law
of a State or Territory, relating to elections to a Parliament or to a local
government authority.
(1) Without limiting its effect apart from each of the following subsections
of this section, this Act also has effect in relation to organisations as
provided by that subsection.
(2) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to an operation to give effect to the
International Covenant on Civil and Political Rights, and in particular
Article 17 of the Covenant.
(4) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to organisations that are corporations.
(5) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to acts or practices of organisations
taking place in the course of, or in relation to, trade or commerce:
(7) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to acts or practices of organisations
taking place in a Territory.
(8) This Act also has the effect it would have if its operation in relation to
organisations were expressly confined to acts or practices of organisations
taking place in a place acquired by the Commonwealth for public purposes.
49
Before section 13
13B Related bodies corporate
(b) the use breaches National Privacy Principle 2 (noting
that the collecting body's primary purpose of collection will be taken to be
the same as that of the related body) or a corresponding provision in a
binding approved privacy code.
13C
Change in partnership because of change in partners
neither the disclosure (if any) by the old partnership, nor the collection (if
any) by the new partnership, of the information that was necessary for the new
partnership to hold the information immediately after its formation
constitutes an interference with the privacy of the individual.
13D Overseas act required by foreign law
Sections 13B, 13C and 13D do not prevent an act or practice of an
organisation from being an interference with the privacy of an individual
under section 13.
13F Act or practice not covered by section 13 or
section 13A is not an interference with privacy
An act or practice that is not covered by section 13 or section 13A
is not an interference with the privacy of an individual.
53 Application
16A Organisations to comply with approved privacy codes or
National Privacy Principles
(1) An organisation must not do an act, or engage in a practice, that breaches
an approved privacy code that binds the organisation.
(2) To the extent (if any) that an organisation is not bound by an approved
privacy code, the organisation must not do an act, or engage in a practice,
that breaches a National Privacy Principle.
(3) This section, approved privacy codes and the National Privacy Principles
have effect in addition to sections 18 and 18A and Part IIIA, and do
not derogate from them.
(4) To avoid doubt, an act done, or practice engaged in, by an organisation
without breaching an approved privacy code or the National Privacy Principles
is not authorised by law (or by this Act) for the purposes of Part IIIA
merely because it does not breach the code or the Principles.
(2) This Act (except Divisions 4 and 5 of Part III and
Part IIIA) applies to personal information that has been collected by an
organisation only if the information is held by the organisation in a record.
(1) National Privacy Principles 1, 3 (so far as it relates to collection of
personal information) and 10 apply only in relation to the collection of
personal information after the commencement of this section.
(1A) National Privacy Principle 2 applies only in relation to personal
information collected after the commencement of this section.
(2) National Privacy Principles 3 (so far as it relates to personal
information used or disclosed), 4, 5, 7 and 9 apply in relation to personal
information held by an organisation regardless of whether the organisation
holds the personal information as a result of collection occurring before or
after the commencement of this section.
(3) National Privacy Principle 6 applies in relation to personal information
collected after the commencement of this section. That Principle also applies
to personal information collected by an organisation before that commencement
and used or disclosed by the organisation after that commencement, except to
the extent that compliance by the organisation with the Principle in relation
to the information would:
16D Delayed application of National
Privacy Principles to small business
(1) This section deals with the application of the National Privacy Principles
to an organisation that carries on one or more small businesses throughout the
delayed application period for the organisation. This section has effect
despite section 16C.
(2) National Privacy Principles 1, 3 (so far as it relates to collection of
personal information) and 10 apply only in relation to the collection of
personal information by the organisation after the delayed application period.
(3) National Privacy Principles 3 (so far as it relates to personal
information used or disclosed), 4, 5, 7 and 9 apply in relation to the
organisation only after the delayed application period. Those Principles then
apply in relation to personal information held by the organisation as a result
of collection occurring before, during or after that period.
(4) National Privacy Principles 2 and 6 apply only in relation to personal
information collected by the organisation after the delayed application
period.
(5) National Privacy Principle 8 applies only to transactions entered into
with the organisation after the delayed application period.
(6) In this section: delayed application period , for an organisation, means
the period:
Nothing in the National Privacy Principles applies to:
only for the purposes of, or in connection with, his or her personal, family
or household affairs.
(1) This section limits the use and disclosure of personal information
collected:
(3) Subsection (2) has effect despite:
55 After section 18
(1) Before deciding whether to approve a privacy code, the Commissioner may
consult any person the Commissioner considers appropriate.
(2) The Commissioner may approve a privacy code if, and only if, the
Commissioner is satisfied:
whether or not the adjudicator made a determination, finding, declaration,
order or direction in dealing with the complaint; and
(5) An approval must be in writing.
(6) This section does not prevent the Commissioner approving a privacy code
if:
(1) The approval of a privacy code takes effect on the day specified in the
approval.
(2) The day specified must not be before the day on which the approval is
given.
(1) An organisation may apply in writing to the Commissioner for approval of a
variation of an approved privacy code by giving the Commissioner a copy of the
code that incorporates the variations.
(2) The Commissioner may approve in writing the variation.
(3) In deciding whether to approve the variation, the Commissioner must
consider all of the matters that the Commissioner would consider in deciding
whether to approve under section 18BB a privacy code identical to the
approved privacy code with the variation.
(4) However, if the Commissioner thinks that a variation is minor, he or she
need not be satisfied that members of the public have been given an adequate
opportunity to comment on a draft variation of the code (as would otherwise be
required by paragraph 18BB(2)(f)). Instead, the Commissioner may consult any
person he or she thinks appropriate about the draft variation.
(5) The approval of the variation takes effect on the day specified in the
approval.
(6) The day specified must not be before the day on which the approval is
given.
(1) The Commissioner may revoke his or her approval of an approved privacy
code or a variation of an approved privacy code:
(4) A revocation comes into effect on the day specified in the revocation.
(5) The day specified must not be before the day on which the revocation is
made.
(1) The Commissioner may make:
(2) The Commissioner may publish guidelines made under subsection (1) in
any way the Commissioner considers appropriate.
(1) The Commissioner must keep a register of approved privacy codes.
(2) The Commissioner may decide the form of the register and how it is to be
kept.
(3) The Commissioner must make the register available to the public in the way
that the Commissioner determines.
(4) The Commissioner may charge fees for:
(1) The Commissioner may review the operation of an approved privacy code.
(1) A person who is aggrieved by a determination made by an adjudicator (other
than the Commissioner) under an approved privacy code after investigating a
complaint may apply to the Commissioner for review of the determination.
59 After paragraph 27(1)(a)
; (s) to do anything incidental or conducive to the performance of any of the
Commissioner's other functions.
68 At the end of section 27
(1C) Subsection (1A) does not prevent an individual from complaining
under this Part to the Commissioner about an act done, or practice engaged in,
by an organisation purportedly for the purpose of meeting (directly or
indirectly) an obligation under a Commonwealth contract (whether or not the
organisation is a party to the contract).
76
Application
(1B) The Commissioner must investigate under this Part a complaint about an
act or practice of an organisation that is bound by a relevant approved
privacy code that contains a procedure for making and dealing with complaints
in relation to acts or practices that may be an interference with the privacy
of an individual if:
81 At the end of section 40
82 After section 40
the Commissioner must not investigate the act or practice except to the extent
that it is an interference with the privacy of one or more individuals each of
whom is:
95 Subsection 52(3A)
(3) An agency that receives a recommendation from the Commissioner must tell
the Commissioner in writing of any action the agency proposes to take in
relation to the recommendation. The agency must do so within 60 days of
receiving the recommendation.
(1) This section applies if:
(1) Any of the following persons may commence proceedings in the Federal Court
or the Federal Magistrates Court for an order to enforce a determination:
(3) The court may, if it thinks fit, grant an interim injunction pending the
determination of the proceedings.
(4) The court is not to require a person, as a condition of granting an
interim injunction, to give an undertaking as to damages.
(5) The court is to deal by way of a hearing de novo with the question whether
the respondent has engaged in conduct that constitutes an interference with
the privacy of the complainant.
(6) Despite subsection (5), the court may receive any of the following as
evidence in proceedings about a determination made by the Commissioner under
section 52:
(8) In this section:
(1) The Commissioner may issue a written certificate setting out the findings
of fact upon which the Commissioner based his or her determination that: complainant , in relation to a representative
complaint, means any of the class members.
(3) In any proceedings under section 55A, a certificate under
subsection (1) or (2) of this section is prima facie evidence of the
facts found by the Commissioner or adjudicator and set out in the certificate.
However, the certificate is not prima facie evidence of a finding that:
Enforcement of determinations
105 At the end of section 64
107 After paragraph 67(a)
111 After subsection 68(3)
(3B) An entry by an authorised person with the consent of the occupier or
person in charge is not lawful if the consent was not voluntary.
(3C) The authorised person may not enter premises (other than premises
occupied by an agency) if:
112 After
section 68
(2) As soon as practicable after the person ceases to be authorised, he or she
must return the identity card to the Commissioner.
(3) A person must not contravene subsection (2). complaint means:
If an individual, body corporate, partnership, unincorporated association or
trust ceases to be an organisation but continues to exist, this Part operates
in relation to:
as if he, she or it were still (and had been at all relevant times) an
organisation.
(b) the complaint may be investigated (and further
proceedings taken) under this Part as though the individual were still an
organisation.
116 Before section 71
the Commissioner may make a written determination to that effect.
(2A) If the applicant is an organisation, the Commissioner must:
(2) Regulations (if any) in force for the
purposes of subsection 75(3) of the Privacy Act 1988 immediately before the
commencement of this Schedule have effect, after that commencement, as if they
had been made for the purposes of that subsection after that commencement.
(3) Subitem (2) does not prevent the amendment or repeal of the
regulations.
A determination under this Division is a disallowable instrument for the
purposes of section 46A of the Acts Interpretation Act 1901.
(1) The fact that the Commissioner has made a determination under this
Division about an act or practice does not prevent the Commissioner from
dealing under Division 1 with an application made under section 73
in relation to that act or practice.
(2) A determination under this Division about an act or practice ceases to be
in effect when:
(1) The Commissioner must keep a register of determinations made under
Division 1 or 2.
(2) The Commissioner may decide the form of the register and how it is to be
kept.
(3) The Commissioner must make the register available to the public in the way
that the Commissioner determines.
(4) The Commissioner may charge fees for:
(1) This section requires an agency entering into a Commonwealth contract to
take contractual measures to ensure that a contracted service provider for the
contract does not do an act, or engage in a practice, that would breach an
Information Privacy Principle if done or engaged in by the agency.
(2) The agency must ensure that the Commonwealth contract does not authorise a
contracted service provider for the contract to do or engage in such an act or
practice.
(3) The agency must also ensure that the Commonwealth contract contains
provisions to ensure that such an act or practice is not authorised by a
subcontract.
(4) For the purposes of subsection (3), a subcontract is a contract under
which a contracted service provider for the Commonwealth contract is engaged
to provide services to:
for the purposes (whether direct or indirect) of the Commonwealth contract.
If a person asks a party to a Commonwealth contract to be informed of the
content of provisions (if any) of the contract that are inconsistent with an
approved privacy code binding a party to the contract or with a National
Privacy Principle, the party requested must inform the person in writing of
that content (if any).
132 Subsection 97(2)
1.2 An organisation must collect personal information only by lawful and fair
means and not in an unreasonably intrusive way.
1.3 At or before the time (or, if that is not practicable, as soon as
practicable after) an organisation collects personal information about an
individual from the individual, the organisation must take reasonable steps to
ensure that the individual is aware of:
1.5 If an organisation collects personal information about an individual from
someone else, it must take reasonable steps to ensure that the individual is
or has been made aware of the matters listed in subclause 1.3 except to the
extent that making the individual aware of the matters would pose a serious
threat to the life or health of any individual.
2.1 An organisation must not use or disclose personal information about an
individual for a purpose (the secondary purpose ) other than the primary
purpose of collection unless:
2.3 Subclause 2.1 operates in relation to personal information that an
organisation that is a body corporate has collected from a related body
corporate as if the organisation's primary purpose of collection of the
information were the primary purpose for which the related body corporate
collected the information.
2.4 Despite subclause 2.1, an organisation that provides a health service to
an individual may disclose health information about the individual to a person
who is responsible for the individual if:
An organisation must take reasonable steps to make sure that the personal
information it collects, uses or discloses is accurate, complete and
up-to-date. child of an individual includes an adopted child, a
step-child and a foster-child, of the individual.
4.1 An organisation must take reasonable steps to protect the personal
information it holds from misuse and loss and from unauthorised access,
modification or disclosure.
4.2 An organisation must take reasonable steps to destroy or permanently
de-identify personal information if it is no longer needed for any purpose for
which the information may be used or disclosed under National Privacy
Principle 2.
5.1 An organisation must set out in a document clearly expressed policies on
its management of personal information. The organisation must make the
document available to anyone who asks for it.
5.2 On request by a person, an organisation must take reasonable steps to let
the person know, generally, what sort of personal information it holds, for
what purposes, and how it collects, holds, uses and discloses that
information.
6.1 If an organisation holds personal information about an individual, it must
provide the individual with access to the information on request by the
individual, except to the extent that:
by or on behalf of an enforcement body; or
6.4 If an organisation charges for providing access to personal information,
those charges:
6.6 If the individual and the organisation disagree about whether the
information is accurate, complete and up-to-date, and the individual asks the
organisation to associate with the information a statement claiming that the
information is not accurate, complete or up-to-date, the organisation must
take reasonable steps to do so.
6.7 An organisation must provide reasons for denial of access or a refusal to
correct personal information.
7.1 An organisation must not adopt as its own identifier of an individual an
identifier of the individual that has been assigned by:
Wherever it is lawful and practicable, individuals must have the option of not
identifying themselves when entering transactions with an organisation. identifier includes a number assigned by an organisation
to an individual to identify uniquely the individual for the purposes of the
organisation's operations. However, an individual's name or ABN (as defined in
the A New Tax System (Australian Business Number) Act 1999 ) is not an
identifier .
An organisation in Australia or an external Territory may transfer personal
information about an individual to someone (other than the organisation or the
individual) who is in a foreign country only if:
10.1 An organisation must not collect sensitive information about an
individual unless:
10.5 In this clause: non-profit organisation means a non-profit organisation
that has only racial, ethnic, political, religious, philosophical,
professional, trade, or trade union aims.