Related bodies corporate and credit managers etc.
(1) Before a credit provider discloses credit eligibility information under paragraph 21G(3)(b) or (c) to a related body corporate, or person, that does not have an Australian link, the provider must take such steps as are reasonable in the circumstances to ensure that the body or person does not breach the following provisions (the relevant provisions ) in relation to the information:
(a) for a disclosure under paragraph 21G(3)(b)--section 22D;
(b) for a disclosure under paragraph 21G(3)(c)--section 22E;
(c) in both cases--the Australian Privacy Principles (other than Australian Privacy Principles 1, 6, 7, 8 and 9.2).
(2) If:
(a) a credit provider discloses credit eligibility information under paragraph 21G(3)(b) or (c) to a related body corporate, or person, that does not have an Australian link; and
(b) the relevant provisions do not apply, under this Act, to an act done, or a practice engaged in, by the body or person in relation to the information; and
(c) the body or person does an act, or engages in a practice, in relation to the information that would be a breach of the relevant provisions if those provisions applied to the act or practice;
the act done, or the practice engaged in, by the body or person is taken, for the purposes of this Act, to have been done, or engaged in, by the provider and to be a breach of those provisions by the provider.
Debt collectors
(3) Before a credit provider discloses credit eligibility information under subsection 21M(1) to a person or body that does not have an Australian link, the provider must take such steps as are reasonable in the circumstances to ensure that the person or body does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
(4) If:
(a) a credit provider discloses credit eligibility information under subsection 21M(1) to a person or body that does not have an Australian link; and
(b) the Australian Privacy Principles do not apply, under this Act, to an act done, or a practice engaged in, by the person or body in relation to the information; and
(c) the person or body does an act, or engages in a practice, in relation to the information that would be a breach of the Australian Privacy Principles (other than Australian Privacy Principle 1) if those Australian Privacy Principles applied to the act or practice;
the act done, or the practice engaged in, by the person or body is taken, for the purposes of this Act, to have been done, or engaged in, by the provider and to be a breach of those Australian Privacy Principles by the provider.