Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) If:
(a) an entity is authorised by an individual to make an application under section 9; and
(b) the entity collects personal information about the individual for the purpose of making the application; and
(c) some or all of the personal information is collected solely for the purpose of making the application;
the entity must destroy the personal information collected solely for that purpose as soon as practicable after the application is made or it is no longer needed for that purpose.
(2) Subsection (1) does not apply if the entity is required by or under any law to retain the information.
Note: A contravention of this section is taken to be an interference with the privacy of an individual for the purposes of the Privacy Act 1988 (see section 23 of this Act).