Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

COMPETITION AND CONSUMER ACT 2010 - SECT 56EO

Privacy safeguard 12--security of CDR data, and destruction or de-identification of redundant CDR data

             (1)  Each person (a CDR entity ) who is:

                     (a)  an accredited data recipient of CDR data; or

                     (b)  a designated gateway for CDR data;

must take the steps specified in the consumer data rules to protect the CDR data from:

                     (c)  misuse, interference and loss; and

                     (d)  unauthorised access, modification or disclosure.

Note:          This subsection is a civil penalty provision (see section 56EU).

             (2)  If:

                     (a)  the CDR entity no longer needs any of that CDR data for either of the following purposes (the redundant data ):

                              (i)  a purpose permitted under the consumer data rules;

                             (ii)  a purpose for which the person is able to use or disclose it in accordance with this Division; and

                     (b)  the CDR entity is not required to retain the redundant data by or under an Australian law or a court/tribunal order; and

                     (c)  the redundant data does not relate to any current or anticipated:

                              (i)  legal proceedings; or

                             (ii)  dispute resolution proceedings;

                            to which the CDR entity is a party;

the CDR entity must take the steps specified in the consumer data rules to destroy the redundant data or to ensure that the redundant data is de-identified.

Note 1:       This subsection is a civil penalty provision (see section 56EU).

Note 2:       Australian Privacy Principle 11 will not apply for paragraph (b) (see paragraph 56EC(4)(a) or (d)).



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback