(1) A person authorised to use or disclose confidential information in accordance with this Part must not use or disclose that information in a manner that is unauthorised under this Part and that the person—
(a) knows is unauthorised under this Part; or
(b) is reckless as to whether the use or disclosure of the information is unauthorised under this Part.
Penalty: In the case of a natural person, 600 penalty units or imprisonment for 5 years or both;
In the case of a body corporate, 3000 penalty units.
(2) Subsection (1) does not apply to the following uses and disclosures of confidential information—
(a) a use or disclosure made with the consent of the person to whom the information relates;
(b) a use or disclosure made with the consent of a person (other than a person of concern or a person alleged to pose a risk of family violence) who is a parent of the person who is a child to whom the information relates;
(c) a disclosure made to a court or tribunal in the course of legal proceedings;
(d) a use or disclosure made pursuant to an order of a court or tribunal;
(e) a use or disclosure made to the extent reasonably required to enable the investigation or the enforcement of a law of this State or of any other State or of a Territory or of the Commonwealth;
(f) a disclosure made to an Australian legal practitioner for the purposes of obtaining legal advice or representation;
(g) a use or disclosure made as required or authorised by or under this Act or any other Act.
(3) Subsection (1) does not apply to the use or disclosure of confidential information by a primary person who is given the confidential information under section 144M.
(4) A person does not commit an offence against this section only for the reason that the person uses or discloses confidential information in a way that does not comply with guidelines issued under section 144P(1).
Note
Despite non-compliance not being an offence—
(a) this does not preclude non-compliance being taken into account in dealing with a complaint made under the Privacy and Data Protection Act 2014 , the Health Records Act 2001 or the Privacy Act 1988 of the Commonwealth; and
(b) non-compliance may lead to a person or body ceasing to be prescribed as an information sharing entity.
Division 10—Review
S. 144S inserted by No. 23/2017 s. 7.