Commonwealth Consolidated Acts Commonwealth Consolidated ActsObligation on data holders and action service providers
(1) If:
(a) a CDR consumer for CDR data gives a request to the following person (the CDR entity ):
(i) a data holder of the CDR data (including a request given through a designated gateway for the CDR data);
(ii) a person as an action service provider for a type of CDR action; and
(b) the request is for the CDR entity to correct the CDR data, and is not given in response to advice from the CDR entity under subsection 56EN(3); and
(c) the CDR entity was earlier required or authorised under the consumer data rules to disclose the CDR data;
the CDR entity must respond to the request to correct the CDR data by taking such steps as are specified in the consumer data rules to deal with each of the matters in subsection (3) of this section.
Note 1: This subsection is a civil penalty provision (see section 56EU).
Note 2: Subsection 56EN(4) applies instead of this subsection if the request is given in response to advice from the CDR entity under subsection 56EN(3).
Obligation on accredited data recipients
(2) If:
(a) a CDR consumer for CDR data gives a request to an accredited data recipient of the CDR data (including a request given through a designated gateway for the CDR data); and
(b) the request is for the accredited data recipient to correct the CDR data, and is not given in response to advice from the accredited data recipient under subsection 56EN(3);
the accredited data recipient must respond to the request by taking such steps as are specified in the consumer data rules to deal with each of the matters in subsection (3) of this section.
Note 1: This subsection is a civil penalty provision (see section 56EU).
Note 2: Subsection 56EN(4) applies instead of this subsection if the request is given in response to advice from the accredited data recipient under subsection 56EN(3).
Relevant matters when responding to correction requests
(3) The matters are as follows:
(a) either:
(i) to correct the CDR data; or
(ii) to include a statement with the CDR data, to ensure that, having regard to the purpose for which the CDR data is held, the CDR data is accurate, up to date, complete and not misleading;
(b) to give notice of any correction or statement, or notice of why a correction or statement is unnecessary or inappropriate.
(4) When working out the purpose for which the CDR data is held (see subparagraph (3)(a)(ii)), disregard the purpose of holding the CDR data so that it can be disclosed as required under the consumer data rules.