Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) If:
(a) a person is an accredited data recipient of CDR data; and
(b) the CDR data includes a government related identifier (within the meaning of the Privacy Act 1988 ) of a CDR consumer for the CDR data who is an individual;
the person must not adopt the government related identifier as the person's own identifier of the CDR consumer, or otherwise use the government related identifier, unless:
(c) the adoption or use is required or authorised by or under:
(i) an Australian law other than the consumer data rules; or
(ii) a court/tribunal order; or
(d) subclause 9.3 of Australian Privacy Principle 9 applies in relation to the adoption or use.
Note: This subsection is a civil penalty provision (see section 56EU).
(2) If:
(a) a person who is an accredited data recipient of CDR data proposes to disclose the CDR data; and
(b) the CDR data includes a government related identifier (within the meaning of the Privacy Act 1988 ) of a CDR consumer for the CDR data who is an individual;
the person must not include the government related identifier in the disclosure unless:
(c) this is required or authorised by or under:
(i) an Australian law other than the consumer data rules; or
(ii) a court/tribunal order; or
(d) subclause 9.3 of Australian Privacy Principle 9 applies in relation to the disclosure.
Note 1: This subsection is a civil penalty provision (see section 56EU).
Note 2: This subsection applies in addition to the disclosure restrictions in sections 56EI, 56EJ and 56EK.
(3) For the purposes of paragraph (1)(d) or (2)(d), disregard paragraph 56EC(4)(a) (about the APPs not applying).