Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

COMPETITION AND CONSUMER ACT 2010 - SECT 56BAA

Rules must include requirement to delete CDR data on request from CDR consumer

Requirement to delete CDR data in response to request from CDR consumer

             (1)  The consumer data rules must include a requirement on an accredited data recipient of CDR data to delete all or part of the CDR data in response to a valid request by a CDR consumer for the CDR data to be deleted.

             (2)  However, a rule described in subsection (1) must not require deletion of all or part of the CDR Data if:

                     (a)  the accredited data recipient is required to retain the CDR data by or under an Australian law or a court/tribunal order; or

                     (b)  the CDR data relates to any current or anticipated:

                              (i)  legal proceedings; or

                             (ii)  dispute resolution proceedings;

                            to which the accredited data recipient is a party; or

                     (c)  the CDR data relates to any current or anticipated:

                              (i)  legal proceedings; or

                             (ii)  dispute resolution proceedings;

                            to which the CDR consumer is a party.

Consumer data rules may include rules in relation to the requirement

             (3)  The consumer data rules may include the following rules in relation to the requirement:

                     (a)  rules about:

                              (i)  how the CDR consumer may make a valid request; and

                             (ii)  what must be included in a request for it to be valid and when a request ceases to be a valid request;

                     (b)  rules specifying circumstances (in addition to those in subsection (2)) in which the accredited data recipient may refuse to delete the CDR data despite the requirement;

                     (c)  rules about how an accredited data recipient is to delete the CDR data covered in a valid request;

                     (d)  rules about how the requirement is to be complied with depending on the class of CDR data requested to be deleted;

                     (e)  rules about how an accredited data recipient is to notify the CDR consumer of:

                              (i)  the deletion of the CDR data and the extent of the deletion; or

                             (ii)  if the CDR data is not deleted--the reasons the deletion did not occur;

                      (f)  rules about any other matters incidental or related to the requirement (see also section 56BJ).

             (4)  This section applies despite any other provision of this Division.

             (5)  This section does not limit the consumer data rules dealing with the deletion of CDR data in circumstances other than compliance with the requirement.



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback