Object
(1) The object of this section is for Part IIIC of the Privacy Act 1988 to apply to an accredited data recipient, or designated gateway, that holds a CDR consumer's CDR data in a corresponding way to the way that Part applies to an entity that holds an individual's personal information.
Note: That Part is about notification of eligible data breaches.
Extended application of Part IIIC of the Privacy Act 1988
(2) Part IIIC of the Privacy Act 1988 , and any other provision of that Act that relates to that Part, also apply in relation to:
(a) an accredited data recipient of CDR data; or
(b) a designated gateway for CDR data;
as if the substitutions in the following table, and the modifications in subsection (3), were made.
Substitutions to be made | ||
Item | Subject to subsection (4), for a reference in Part IIIC to ... | ... substitute a reference to ... |
1 | any of the following: (a) personal information; (b) information | |
2 | any of the following: (a) entity; (b) APP entity; (c) APP entity, credit reporting body, credit provider or file number recipient, as the case may be | each of the following: (a) accredited data recipient; (b) designated gateway. |
3 | any of the following: (a) individual to whom information relates; (b) individual | CDR consumer for CDR data. |
Note: When CDR data and the other terms in the last column of the table appear in this notional version of Part IIIC, they have the same meanings as in this Act.
(3) For the purposes of subsection (2), assume that:
(a) sections 26WB to 26WD of the Privacy Act 1988 were not enacted; and
(b) subsection 26WE(1) of that Act were replaced with the following:
"Scope
(1) This section applies if:
(a) CDR data of one or more CDR consumers is held by (or on behalf of) either of the following entities (the CDR entity ):
(i) an accredited data recipient of the CDR data;
(ii) a designated gateway for the CDR data; and
(b) section 56EO (about privacy safeguard 12) of the Competition and Consumer Act 2010 applies to the CDR entity in relation to the CDR data.".
(4) For the purposes of the table in subsection (2):
(a) for item 1 of the table, disregard the following references to information in Part IIIC of the Privacy Act 1988 :
(ia) the last reference in section 26WA;
(i) the last reference in paragraph 26WG(h);
(ii) the reference in the note to section 26WG;
(iii) all references in Division 4 of Part IIIC other than the reference in paragraph 26WU(2)(e); and
(b) for item 2 of the table, disregard each reference to entity in paragraphs 26WF(1)(f), (2)(f), (3)(f), (4)(f) and (5)(f) of the Privacy Act 1988 .