(1) An act or practice done or engaged in by an outsourced service provider under a State contract that is an interference with the privacy of an individual must, for the purposes of this Act, be taken to have been done or engaged in by the outsourcing organisation as well as the outsourced service provider if the provision of this Act or the HPP to which the act or practice is contrary, or with which it is inconsistent, is not capable of being enforced against the outsourced service provider in accordance with the procedures set out in this Act.
(2) Section 92(1) does not apply to an act done or practice engaged in by an outsourced service provider acting within the scope of a State contract.
Division 3—Exemptions