Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]


Notification of CDR data security breaches


  (1)   The object of this section is for Part   IIIC of the Privacy Act 1988 to apply to an accredited data recipient, or designated gateway, that holds a CDR consumer's CDR data in a corresponding way to the way that Part applies to an entity that holds an individual's personal information.

Note:   That Part   is about notification of eligible data breaches.

Extended application of Part   IIIC of the Privacy Act 1988

  (2)   Part   IIIC of the Privacy Act 1988 , and any other provision of that Act that relates to that Part, also apply in relation to:

  (a)   an accredited data recipient of CDR data; or

  (b)   a designated gateway for CDR data;

as if the substitutions in the following table, and the modifications in subsection   (3), were made.


Substitutions to be made


For a reference in Part   IIIC to ...

... substitute a reference to ...


any of the following:

(a) personal information;

(b) information

CDR data.


any of the following:

(a) entity;

(b) APP entity;

(c) APP entity, credit reporting body, credit provider or file number recipient, as the case may be

each of the following:

(a) accredited data recipient;

(b) designated gateway.


any of the following:

(a) individual to whom information relates;

(b) individual

CDR consumer for CDR data.

Note:   When CDR data and the other terms in the last column of the table appear in this notional version of Part   IIIC, they have the same meanings as in this Act.

  (3)   For the purposes of subsection   (2), assume that:

  (a)   sections   26WB to 26WD of the Privacy Act 1988 were not enacted; and

  (b)   subsection   26WE(1) of that Act were replaced with the following:


  (1)   This section applies if:

  (a)   CDR data of one or more CDR consumers is held by (or on behalf of) either of the following entities (the CDR entity ):

  (i)   an accredited data recipient of the CDR data;

  (ii)   a designated gateway for the CDR data; and

  (b)   section   56EO (about privacy safeguard 12) of the Competition and Consumer Act 2010 applies to the CDR entity in relation to the CDR data.".

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback