Scope
(1) This section applies in relation to sensitive information if:
(a) the information is about an individual mentioned in paragraph 57DB(2)(a); and
(b) the information is obtained by a data provider for the purposes of determining whether the individual is a fit and proper person to access and use safety and security information.
Sensitive information must be stored in Australia
(2) If a data provider holds the sensitive information, the data provider must store the information in Australia or an external Territory.
Civil penalty:
(a) for a body corporate--1,500 penalty units; and
(b) for a person other than a body corporate--300 penalty units.
Preventing access to sensitive information outside Australia
(3) A person must not do anything that might reasonably enable the sensitive information to be accessed outside Australia by the data provider, or any other person.
Civil penalty:
(a) for a body corporate--1,500 penalty units; and
(b) for a person other than a body corporate--300 penalty units.