Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) The object of this section is for Part IIIC of the Privacy Act 1988 to apply to an accredited data recipient, or designated gateway, that holds a CDR consumer's CDR data in a corresponding way to the way that Part applies to an entity that holds an individual's personal information.
Note: That Part is about notification of eligible data breaches.
Extended application of Part IIIC of the Privacy Act 1988
(2) Part IIIC of the Privacy Act 1988 , and any other provision of that Act that relates to that Part, also apply in relation to:
(a) an accredited data recipient of CDR data; or
(b) a designated gateway for CDR data;
as if the substitutions in the following table, and the modifications in subsection (3), were made.
Substitutions to be made | ||
Item | For a reference in Part IIIC to ... | ... substitute a reference to ... |
1 | any of the following: (a) personal information; (b) information | |
2 | any of the following: (a) entity; (b) APP entity; (c) APP entity, credit reporting body, credit provider or file number recipient, as the case may be | each of the following: (a) accredited data recipient; (b) designated gateway. |
3 | any of the following: (a) individual to whom information relates; (b) individual | CDR consumer for CDR data. |
Note: When CDR data and the other terms in the last column of the table appear in this notional version of Part IIIC, they have the same meanings as in this Act.
(3) For the purposes of subsection (2), assume that:
(a) sections 26WB to 26WD of the Privacy Act 1988 were not enacted; and
(b) subsection 26WE(1) of that Act were replaced with the following:
(a) CDR data of one or more CDR consumers is held by (or on behalf of) either of the following entities (the CDR entity ):
(i) an accredited data recipient of the CDR data;
(ii) a designated gateway for the CDR data; and
(b) section 56EO (about privacy safeguard 12) of the
Competition and Consumer Act 2010 applies to the CDR entity in relation to the
CDR data.".