Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) A person must destroy CDR data as soon as practicable after collecting it if:
(a) the person (the collector ) collected the CDR data while covered by column 1 of an item of the following table, and from a person covered by column 2 of that item; and
(b) the collector collected the CDR data:
(i) purportedly under the consumer data rules; but
(ii) not as the result of seeking to collect the CDR data under the consumer data rules; and
(c) the collector is not required to retain the CDR data by or under an Australian law or a court/tribunal order; and
(d) in the case where item 3 of the table applies, the circumstances specified in the consumer data rules do not apply.
Dealing with unsolicited CDR data from participants in CDR | ||
Item | Column 1 A collector who: | Column 2 |
1 | is an accredited person | a CDR participant for the CDR data |
2 | as an accredited action initiator for a type of CDR action | an action service provider for that type of CDR action |
3 | as an action service provider for a type of CDR action | an accredited action initiator for that type of CDR action |
Note: This subsection is a civil penalty provision (see section 56EU).
(2) Subsection (1) applies whether the collection is directly or indirectly from the person mentioned in column 2 of the table.
Example: For item 1 of the table, the collection could be from the CDR participant through a designated gateway (see section 56BG).