Commonwealth Consolidated Acts Commonwealth Consolidated ActsCivil penalty provisions
(1) An entity contravenes this subsection if:
(a) the entity provides access to data; and
(b) the provision of access is purportedly under section 13; and
(c) the provision of access is not authorised by section 13.
Civil penalty: 300 penalty units.
(2) An individual or a body corporate contravenes this subsection if:
(a) the individual or body corporate uses data; and
(b) the use is a provision of access to the data by an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act.
Civil penalty: 300 penalty units.
Offences
(3) An entity commits an offence if:
(a) the entity provides access to data; and
(b) the provision of access is purportedly under section 13; and
(c) the provision of access is not authorised by section 13 and the entity is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.
(4) An individual or a body corporate commits an offence if:
(a) the individual or body corporate uses data; and
(b) the use is a provision of access to the data by an entity under, or purportedly under, section 13; and
(c) the individual has a designated relationship with the entity, or the body corporate is party to an approved contract with the entity; and
(d) the individual or body corporate's use is not authorised by this Act and the individual or body corporate is reckless with respect to that circumstance.
Penalty: Imprisonment for 5 years or 300 penalty units, or both.