Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

COMPETITION AND CONSUMER ACT 2010 - SECT 56ES

Notification of CDR data security breaches

Object

  (1)   The object of this section is for Part   IIIC of the Privacy Act 1988 to apply to an accredited data recipient, or designated gateway, that holds a CDR consumer's CDR data in a corresponding way to the way that Part applies to an entity that holds an individual's personal information.

Note:   That Part   is about notification of eligible data breaches.

Extended application of Part   IIIC of the Privacy Act 1988

  (2)   Part   IIIC of the Privacy Act 1988 , and any other provision of that Act that relates to that Part, also apply in relation to:

  (a)   an accredited data recipient of CDR data; or

  (b)   a designated gateway for CDR data;

as if the substitutions in the following table, and the modifications in subsection   (3), were made.

 

Substitutions to be made

Item

Subject to subsection   (4), for a reference in Part   IIIC to ...

... substitute a reference to ...

1

any of the following:

(a) personal information;

(b) information

CDR data.

2

any of the following:

(a) entity;

(b) APP entity;

(c) APP entity, credit reporting body, credit provider or file number recipient, as the case may be

each of the following:

(a) accredited data recipient;

(b) designated gateway.

3

any of the following:

(a) individual to whom information relates;

(b) individual

CDR consumer for CDR data.

Note:   When CDR data and the other terms in the last column of the table appear in this notional version of Part   IIIC, they have the same meanings as in this Act.

  (3)   For the purposes of subsection   (2), assume that:

  (a)   sections   26WB to 26WD of the Privacy Act 1988 were not enacted; and

  (b)   subsection   26WE(1) of that Act were replaced with the following:

"Scope

  (1)   This section applies if:

  (a)   CDR data of one or more CDR consumers is held by (or on behalf of) either of the following entities (the CDR entity ):

  (i)   an accredited data recipient of the CDR data;

  (ii)   a designated gateway for the CDR data; and

  (b)   section   56EO (about privacy safeguard 12) of the Competition and Consumer Act 2010 applies to the CDR entity in relation to the CDR data.".

  (4)   For the purposes of the table in subsection   (2):

  (a)   for item   1 of the table, disregard the following references to information in Part   IIIC of the Privacy Act 1988 :

  (ia)   the last reference in section   26WA;

  (i)   the last reference in paragraph   26WG(h);

  (ii)   the reference in the note to section   26WG;

  (iii)   all references in Division   4 of Part   IIIC other than the reference in paragraph   26WU(2)(e); and

  (b)   for item   2 of the table, disregard each reference to entity in paragraphs 26WF(1)(f), (2)(f), (3)(f), (4)(f) and (5)(f) of the Privacy Act 1988 .



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback