(1) A person commits an offence if the person accesses information stored on the Commonwealth DNA database system or NCIDD otherwise than in accordance with this section.
Penalty: Imprisonment for 2 years.
(2) A person may access information stored on the Commonwealth DNA database system or NCIDD for one or more of the following purposes:
(a) the purpose of forensic comparison permitted under section 23YDAF (permissible matching);
(b) the purpose of making the information available, in accordance with the regulations, to the person to whom the information relates;
(c) the purpose of administering the Commonwealth DNA database system, NCIDD or a State/Territory DNA database system;
(d) the purpose of any arrangement mentioned in subsection 23YUD(1) or (1A) entered into between the Commonwealth and a State or Territory for the provision of access to information contained in the Commonwealth DNA database system or a State/Territory DNA database system by law enforcement officers or by any other persons prescribed by the regulations;
(da) the purpose of assisting a foreign country or international tribunal to decide whether to make a request;
(e) the purpose of and in accordance with the Mutual Assistance in Criminal Matters Act 1987 , the International Criminal Court Act 2002 , the International War Crimes Tribunals Act 1995 or the Extradition Act 1988 ;
(f) the purpose of a coronial inquest or inquiry;
(g) the purpose of an investigation of a complaint by the Information Commissioner of the Commonwealth or of a participating jurisdiction.
(2A) A person may access information stored on NCIDD in the circumstances permitted by subsection 23YDACA(2).
(3) This section does not apply to information that cannot be used to discover the identity of any person.