Authority must protect confidential information
(1) The Authority must take reasonable measures to protect from unauthorised use or disclosure information:
(a) that is confidential information; and
(b) that is given to the Authority in, or in connection with, the performance of its functions or the exercise of its powers.
Authorised uses and disclosures
(2) For the purposes of subsection (1), the disclosure of summaries of information or statistics derived from information is authorised use and disclosure of the information provided that information relating to any particular person cannot be found out from those summaries or statistics.
(3) For the purposes of subsection (1), the disclosure of information as required or permitted by a law of the Commonwealth or a prescribed law of a State is taken to be authorised use and disclosure of the information.
(4) For the purposes of subsection (1), the disclosure of information to either of the following is authorised use and disclosure of the information:
(a) the Minister;
(b) the Secretary of the Department, or an officer or employee in the Department, for the purpose of advising the Minister.
(5) For the purposes of subsection (1), the disclosure of information by a person for the purposes of:
(a) performing the person's functions as:
(i) an Authority member; or
(ii) a member of the Authority staff; or
(iii) an Authority delegate; or
(iv) an authorised officer; or
(v) a person who is acting as an Authority member or as a member of the Authority staff; or
(vi) a person who is authorised to perform or exercise a function or power of, or on behalf of, the Authority; or
(b) the performance of functions or services by the person by way of assisting an Authority delegate;
is taken to be authorised use and disclosure of the information.
(6) Regulations made for the purposes of this subsection may specify uses of information and disclosures of information that are authorised uses and authorised disclosures for the purposes of subsection (1).
(7) Nothing in any of subsections (2), (3), (4) and (5), and in regulations made for the purposes of subsection (6), limits:
(a) anything else in any of those subsections or in those regulations; or
(b) what may otherwise constitute, for the purposes of subsection (1), authorised use or disclosure of information.