(1) This section requires an agency entering into a Commonwealth contract to take contractual measures to ensure that a contracted service provider for the contract does not do an act, or engage in a practice, that would breach an Australian Privacy Principle if done or engaged in by the agency.
(2) The agency must ensure that the Commonwealth contract does not authorise a contracted service provider for the contract to do or engage in such an act or practice.
(3) The agency must also ensure that the Commonwealth contract contains provisions to ensure that such an act or practice is not authorised by a subcontract.
(4) For the purposes of subsection (3), a subcontract is a contract under which a contracted service provider for the Commonwealth contract is engaged to provide services to:
(a) another contracted service provider for the Commonwealth contract; or
(b) any agency;
for the purposes (whether direct or indirect) of the Commonwealth contract.
(5) This section applies whether the agency is entering into the Commonwealth contract on behalf of the Commonwealth or in the agency's own right.