The Minister and the Commissioner may accredit entities, impose and vary conditions of accreditation, and suspend or cancel accreditation, in accordance with the accreditation framework.

If a data scheme entity breaches this Act or a data sharing agreement, another data scheme entity may complain to the Commissioner. A complaint will ordinarily result in an investigation by the Commissioner, which may in turn lead to enforcement action being taken by the Commissioner against the breaching data scheme entity.

The Commissioner may also conduct assessments from time to time to ensure data scheme entities are operating in accordance with the Act. If the Commissioner reasonably suspects a data scheme entity has breached the Act or a data sharing agreement, the Commissioner may investigate the entity regardless of whether a complaint has been made.

The Minister may also direct the Commissioner to investigate a data scheme entity.

The Commissioner has power to require persons to give information, and has monitoring and investigation powers in relation to certain provisions of this Act. The Commissioner may transfer matters to a more appropriate agency, which could include the police if an offence is involved.

There are a range of enforcement options available to the Commissioner, as follows:

  (a)   making recommendations to a data scheme entity;

  (b)   giving directions in specified circumstances;

  (c)   issuing an infringement notice, or applying to a court for a pecuniary penalty order, if a data scheme entity contravenes a civil penalty provision;

  (d)   accepting an enforceable undertaking in relation to any aspect of this Act;

  (e)   applying to a court for an injunction if a data scheme entity has contravened, or is contravening or proposing to contravene, a civil penalty provision or a provision of Chapter   3 (responsibilities of data scheme entities).

The provisions continue to apply in relation to former data scheme entities as set out in the Chapter.