Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) A collection of sensitive information (within the meaning of the Privacy Act 1988 ) is taken to be authorised by this Act for the purposes of paragraph 3.4(a) of Australian Privacy Principle 3 if:
(a) the information is collected by a service provider of a Commonwealth - funded aged care service; and
(b) the service provider has a responsibility under the funding agreement that relates to that service to manage and report incidents, and to take reasonable steps to prevent incidents, in accordance with that agreement; and
(c) the information is collected for the purposes of complying with that responsibility.
(2) A use or disclosure of personal information (within the meaning of the Privacy Act 1988 ) is taken to be authorised by this Act for the purposes of paragraph 6.2(b) of Australian Privacy Principle 6 if:
(a) the use or disclosure is by a service provider of a Commonwealth - funded aged care service; and
(b) the service provider has a responsibility under the funding agreement that relates to that service to manage and report incidents, and to take reasonable steps to prevent incidents, in accordance with that agreement; and
(c) the use or disclosure is for the purposes of complying with that responsibility.